Export limit exceeded: 345106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345106 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2026-04-16 | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | ||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. | ||||
| CVE-2004-2524 | 1 Whm Autopilot | 1 Whm Autopilot | 2026-04-16 | N/A |
| clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | ||||
| CVE-2004-2530 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2026-04-16 | N/A |
| Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box. | ||||
| CVE-2004-2536 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges. | ||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2026-04-16 | N/A |
| Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer. | ||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2026-04-16 | N/A |
| NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | ||||
| CVE-2004-2548 | 1 Netwin | 2 Surgemail, Webmail | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547). | ||||
| CVE-2004-2554 | 1 Novell | 1 Client Firewall | 2026-04-16 | N/A |
| Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help functionality to launch programs with SYSTEM privileges. | ||||
| CVE-2004-2561 | 1 Internet Sofware Sciences | 1 Web\+center | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp. | ||||
| CVE-2004-2562 | 1 Leigh Business Enterprises | 1 Web Helpdesk | 2026-04-16 | N/A |
| SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2004-2570 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false URL to the user. | ||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2026-04-16 | N/A |
| login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | ||||
| CVE-2003-1308 | 1 Fvwm | 1 Fvwm | 2026-04-16 | N/A |
| CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename. | ||||
| CVE-1999-0869 | 2 Microsoft, Netscape | 2 Internet Explorer, Navigator | 2026-04-16 | N/A |
| Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing. | ||||
| CVE-2000-0905 | 1 Qnx | 1 Voyager | 2026-04-16 | N/A |
| QNX Embedded Resource Manager in Voyager web server 2.01B in the demo disks for QNX 405 allows remote attackers to read sensitive system statistics information via the embedded.html web page. | ||||
| CVE-2004-1985 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. | ||||
| CVE-2004-2595 | 1 Id Software | 1 Quake Ii Server Linux | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data. | ||||
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. | ||||