Export limit exceeded: 345207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345207 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2210 | 1 Express-web | 1 Express-web Content Management System | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp. | ||||
| CVE-2004-2216 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2026-04-16 | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. | ||||
| CVE-2004-2225 | 1 Mozilla | 1 Firefox | 2026-04-16 | N/A |
| Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. | ||||
| CVE-2004-2234 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | ||||
| CVE-2004-2237 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | ||||
| CVE-2004-2238 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2026-04-16 | N/A |
| Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability | ||||
| CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2026-04-16 | N/A |
| The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | ||||
| CVE-2004-2247 | 1 Goosequill | 1 Audienceconnect | 2026-04-16 | N/A |
| Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. | ||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | ||||
| CVE-2004-2264 | 1 Gnu | 1 Less | 2026-04-16 | N/A |
| Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed | ||||
| CVE-2004-2275 | 1 I-mall Commerce | 1 I-mall.cgi | 2026-04-16 | N/A |
| i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. | ||||
| CVE-2004-2284 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | ||||
| CVE-2004-2287 | 1 Dsm | 1 Light Web File Browser | 2026-04-16 | N/A |
| Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter. | ||||
| CVE-2004-2296 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. | ||||
| CVE-2004-2301 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. | ||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. | ||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2026-04-16 | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. | ||||
| CVE-2004-0772 | 4 Debian, Mit, Openpkg and 1 more | 4 Debian Linux, Kerberos 5, Openpkg and 1 more | 2026-04-16 | 9.8 Critical |
| Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | ||||
| CVE-2004-1601 | 1 Coolphp | 1 Coolphp Web Portal | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter. | ||||
| CVE-2004-1988 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. | ||||