Export limit exceeded: 344999 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344999 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. | ||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2026-04-16 | N/A |
| aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | ||||
| CVE-2004-2606 | 1 Linksys | 2 Befsr41 V3, Wrt54g | 2026-04-16 | N/A |
| The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | ||||
| CVE-2004-2607 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer. | ||||
| CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2026-04-16 | N/A |
| SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | ||||
| CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2026-04-16 | N/A |
| The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | ||||
| CVE-2004-2610 | 1 Stefan Bambach | 1 Mntd | 2026-04-16 | N/A |
| mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file. | ||||
| CVE-2004-2611 | 1 Steven Schaefer | 1 Sophster | 2026-04-16 | N/A |
| The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities. | ||||
| CVE-2004-2612 | 1 Bnc | 1 Bnc | 2026-04-16 | N/A |
| BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users. | ||||
| CVE-2000-1129 | 1 Network Associates | 1 Webshield Smtp | 2026-04-16 | N/A |
| McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of service via a malformed recipient field. | ||||
| CVE-2001-1201 | 1 Timecop | 1 Wmcube Gdk | 2026-04-16 | N/A |
| Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file. | ||||
| CVE-2004-2613 | 1 Vserver | 1 Linux-vserver | 2026-04-16 | N/A |
| Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408. | ||||
| CVE-2003-1260 | 1 Globalscape | 1 Cuteftp | 2026-04-16 | N/A |
| Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command. | ||||
| CVE-2005-1517 | 1 Cisco | 1 Firewall Services Module | 2026-04-16 | N/A |
| Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs). | ||||
| CVE-2004-2615 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact. | ||||
| CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2026-04-16 | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. | ||||
| CVE-2004-2617 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI. | ||||
| CVE-2004-2618 | 1 Pegasi Web Server | 1 Pegasi Web Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash). | ||||
| CVE-2004-2619 | 1 Paul L Daniels | 1 Ripmime | 2026-04-16 | N/A |
| ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. | ||||
| CVE-2004-2622 | 1 Altiris | 1 Deployment Server Extension For Ibm Director | 2026-04-16 | N/A |
| AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. | ||||