Export limit exceeded: 344998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1466 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. | ||||
| CVE-2004-1467 | 1 Egroupware | 1 Egroupware | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module. | ||||
| CVE-2004-1481 | 1 Realnetworks | 3 Helix Player, Realone Player, Realplayer | 2026-04-16 | N/A |
| Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL file and a .rm movie file with a large length field for the data chunk, which leads to a heap-based buffer overflow. | ||||
| CVE-2004-1490 | 1 Opera | 1 Opera Browser | 2026-04-16 | N/A |
| Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Type headers. | ||||
| CVE-2004-1496 | 1 Minihttpserver.net | 1 Web Forums Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash). | ||||
| CVE-2004-1499 | 1 Webhost Automation | 1 Helm Control Panel | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field. | ||||
| CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | ||||
| CVE-2004-1516 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module. | ||||
| CVE-2004-1525 | 1 New Media Generation | 1 Hired Team Trial | 2026-04-16 | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command. | ||||
| CVE-2004-1527 | 1 Microsoft | 2 Ie, Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions. | ||||
| CVE-2004-1534 | 1 Zonelabs | 1 Zonealarm | 2026-04-16 | N/A |
| ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript. | ||||
| CVE-2004-1543 | 1 Korweblog | 1 Korweblog | 2026-04-16 | N/A |
| Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | ||||
| CVE-2004-1552 | 1 Full Revolution | 1 Aspwebcalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp. | ||||
| CVE-2004-1569 | 1 Illustrate | 2 Dbpoweramp Audio Player, Dbpoweramp Music Converter | 2026-04-16 | N/A |
| Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields. | ||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. | ||||
| CVE-2004-1582 | 1 Blackboard Internet Newsboard System | 1 Blackboard Internet Newsboard System | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php. | ||||
| CVE-2004-1587 | 1 Monolith Productions | 4 Alien Versus Predator, Blood, No One Lives Forever and 1 more | 2026-04-16 | N/A |
| Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. | ||||
| CVE-2004-1596 | 1 3com | 1 3cradsl72 | 2026-04-16 | N/A |
| The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. | ||||
| CVE-2004-1605 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. | ||||
| CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2026-04-16 | N/A |
| The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. | ||||