Export limit exceeded: 344992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2585 | 1 Smartertools | 1 Smartermail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the "check spelling" feature in the compose area. | ||||
| CVE-2004-2586 | 1 Smartertools | 1 Smartermail | 2026-04-16 | N/A |
| Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter. | ||||
| CVE-2004-2589 | 1 Rob Flynn | 1 Gaim | 2026-04-16 | N/A |
| Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory. | ||||
| CVE-2004-2590 | 1 Meindlsoft | 1 Cute Php Library | 2026-04-16 | N/A |
| Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions. | ||||
| CVE-2004-2591 | 1 Buttuglysoftware | 1 Cleancache | 2026-04-16 | N/A |
| The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data. | ||||
| CVE-2004-2592 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines. | ||||
| CVE-2004-2593 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer. | ||||
| CVE-2004-2594 | 1 Id Software | 1 Quake Ii Server Windows | 2026-04-16 | N/A |
| Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as demonstrated by "download \/server.cfg". | ||||
| CVE-2004-2596 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | ||||
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | ||||
| CVE-2004-2598 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used. | ||||
| CVE-2004-2599 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon. | ||||
| CVE-2004-2601 | 1 Ubertec | 1 Help Center Live | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. | ||||
| CVE-2004-2603 | 1 Ubertec | 1 Help Center Live | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php. | ||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2026-04-16 | N/A |
| aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | ||||
| CVE-2004-2606 | 1 Linksys | 2 Befsr41 V3, Wrt54g | 2026-04-16 | N/A |
| The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | ||||
| CVE-2004-2607 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer. | ||||
| CVE-2004-2608 | 1 Smartwebby | 1 Smart Guest Book | 2026-04-16 | N/A |
| SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the unencrypted username and password of the administrator's account. | ||||
| CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2026-04-16 | N/A |
| The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | ||||
| CVE-2004-2610 | 1 Stefan Bambach | 1 Mntd | 2026-04-16 | N/A |
| mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file. | ||||