Search Results (364879 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1665 1 Psnews 1 Psnews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.
CVE-2004-1673 1 Icewarp 1 Web Mail 2026-04-16 N/A
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
CVE-2000-0156 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
CVE-2004-1674 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
CVE-2000-0167 1 Microsoft 1 Internet Information Server 2026-04-16 N/A
IIS Inetinfo.exe allows local users to cause a denial of service by creating a mail file with a long name and a .txt.eml extension in the pickup directory.
CVE-2004-1678 1 Logicnow 1 Perldesk 2026-04-16 N/A
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
CVE-2004-1679 1 Jigunet 2 Twinftp Enterprise, Twinftp Standard 2026-04-16 N/A
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
CVE-2004-1681 1 Qnx 2 Photon Microgui, Rtp 2026-04-16 N/A
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
CVE-2004-1682 1 Qnx 1 Rtp 2026-04-16 N/A
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
CVE-2005-3087 1 Securew2 1 Securew2 2026-04-16 N/A
The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data.
CVE-2004-1685 1 Smc Networks 2 Smc7004vwbr, Smc7008abr 2026-04-16 N/A
SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.
CVE-2004-1691 1 Rhinosoft 1 Dns4me 2026-04-16 N/A
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
CVE-2004-1692 1 Mambo 1 Mambo Open Source 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
CVE-2004-1693 1 Mambo 1 Mambo 2026-04-16 N/A
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
CVE-2005-3088 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-16 N/A
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2004-1694 1 Symantec 2 On Command Ccm, On Icommand 2026-04-16 N/A
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
CVE-2005-3089 2 Mozilla, Redhat 2 Firefox, Enterprise Linux 2026-04-16 N/A
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.
CVE-2004-1695 1 Emulive 1 Server4 2026-04-16 N/A
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
CVE-2004-1696 1 Emulive 1 Server4 2026-04-16 N/A
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
CVE-2004-1697 1 Ca 1 Unicenter Management 2026-04-16 N/A
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.