Export limit exceeded: 29880 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29880 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1854 | 1 Picophone | 1 Internet Telephone | 2025-04-03 | N/A |
| Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet. | ||||
| CVE-2004-1857 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | N/A |
| Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | ||||
| CVE-2004-1856 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | N/A |
| devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. | ||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | ||||
| CVE-2004-1855 | 1 Mythic Entertainment | 1 Dark Age Of Camelot | 2025-04-03 | N/A |
| Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack. | ||||
| CVE-2004-1861 | 1 Netsupport | 1 Netsupport School | 2025-04-03 | N/A |
| Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. | ||||
| CVE-2004-1871 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. | ||||
| CVE-2004-1873 | 1 Alan Ward | 1 A-cart | 2025-04-03 | N/A |
| SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. | ||||
| CVE-2004-1874 | 1 Alan Ward | 1 A-cart | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. | ||||
| CVE-2004-1879 | 1 Phpkit | 1 Phpkit | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. | ||||
| CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2025-04-03 | N/A |
| The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | ||||
| CVE-2004-1880 | 1 Openldap | 1 Openldap | 2025-04-03 | N/A |
| Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). | ||||
| CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2025-04-03 | N/A |
| SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | ||||
| CVE-2004-1882 | 1 Cactusoft | 1 Cactushop | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. | ||||
| CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | ||||
| CVE-2004-1876 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | N/A |
| The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | ||||
| CVE-2004-1888 | 1 Aborior | 1 Encore Web Forum | 2025-04-03 | N/A |
| display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. | ||||
| CVE-2004-1890 | 1 Sgi | 1 Irix | 2025-04-03 | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. | ||||
| CVE-2004-1889 | 1 Sgi | 1 Irix | 2025-04-03 | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. | ||||
| CVE-2004-1891 | 1 Sgi | 1 Irix | 2025-04-03 | N/A |
| The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. | ||||