Export limit exceeded: 29909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-0126 | 1 Microsoft | 1 Internet Information Server | 2026-04-16 | N/A |
| Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote attackers to read files via a .. (dot dot) attack. | ||||
| CVE-2000-0122 | 1 Microsoft | 1 Frontpage | 2026-04-16 | N/A |
| Frontpage Server Extensions allows remote attackers to determine the physical path of a virtual directory via a GET request to the htimage.exe CGI program. | ||||
| CVE-2000-0110 | 1 Baron Consulting Group | 1 Websitetool | 2026-04-16 | N/A |
| The WebSiteTool shopping cart application allows remote users to modify sensitive purchase information via hidden form fields. | ||||
| CVE-2000-0063 | 1 Nortel | 1 Contivity | 2026-04-16 | N/A |
| cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script. | ||||
| CVE-2004-1461 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2026-04-16 | N/A |
| Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. | ||||
| CVE-2004-1462 | 1 Moinmoin | 1 Moinmoin | 2026-04-16 | N/A |
| Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete. | ||||
| CVE-2004-1463 | 1 Moinmoin | 1 Moinmoin | 2026-04-16 | N/A |
| Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact. | ||||
| CVE-2004-1473 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2026-04-16 | N/A |
| Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53. | ||||
| CVE-2004-1636 | 1 Net Integration Technologies Inc. | 1 Wvtftp | 2026-04-16 | N/A |
| Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet. | ||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2026-04-16 | N/A |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | ||||
| CVE-2004-1723 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | ||||
| CVE-2004-1730 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. | ||||
| CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2026-04-16 | N/A |
| Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | ||||
| CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2026-04-16 | N/A |
| The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | ||||
| CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | ||||
| CVE-2004-1897 | 1 Tildeslash | 1 Monit | 2026-04-16 | N/A |
| Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. | ||||
| CVE-2004-1898 | 1 Tildeslash | 1 Monit | 2026-04-16 | N/A |
| Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | ||||
| CVE-2004-1899 | 1 Tildeslash | 1 Monit | 2026-04-16 | N/A |
| The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | ||||
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2026-04-16 | N/A |
| SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | ||||
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | ||||