Export limit exceeded: 360964 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360964 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1938 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | ||||
| CVE-2004-1939 | 1 Rhinosoft | 1 Zaep Antispam | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. | ||||
| CVE-2004-1940 | 1 Wirlab | 1 Kphone | 2026-04-16 | N/A |
| sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read. | ||||
| CVE-2004-1941 | 1 Fastream | 1 Netfile Ftp Web Server | 2026-04-16 | N/A |
| Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | ||||
| CVE-2004-1942 | 1 Sun | 1 Patch Manager | 2026-04-16 | N/A |
| The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | ||||
| CVE-2004-1943 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | ||||
| CVE-2004-1944 | 1 Qualcomm | 1 Eudora | 2026-04-16 | N/A |
| Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. | ||||
| CVE-2004-1704 | 1 Wire Plastic Design | 1 Wpquiz | 2026-04-16 | N/A |
| WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. | ||||
| CVE-2004-1705 | 1 Citadel | 1 Ux | 2026-04-16 | N/A |
| Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. | ||||
| CVE-2004-1706 | 1 U.s.robotics | 1 Usr808054 | 2026-04-16 | N/A |
| The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string. | ||||
| CVE-2004-1716 | 1 Powie | 1 Pforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. | ||||
| CVE-2004-1710 | 1 Andrew Kilpatrick | 1 Page Cgi | 2026-04-16 | N/A |
| page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. | ||||
| CVE-2004-1711 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | ||||
| CVE-2004-1712 | 1 Typepad | 1 Typepad | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. | ||||
| CVE-2004-1713 | 1 Hp | 2 Process Resource Manager, Workload Manager | 2026-04-16 | N/A |
| Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files. | ||||
| CVE-2004-1715 | 1 Clearswift | 1 Mimesweeper For Web | 2026-04-16 | N/A |
| Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. | ||||
| CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2026-04-16 | N/A |
| The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument. | ||||
| CVE-2004-1719 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. | ||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | ||||
| CVE-2004-1721 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000. | ||||