Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2512 | 1 Codeworx Technologies | 1 Dcp-portal | 2026-04-16 | N/A |
| CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. | ||||
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. | ||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2026-04-16 | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | ||||
| CVE-2004-2516 | 1 Myserver | 1 Myserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences. | ||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. | ||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | ||||
| CVE-2004-2521 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP). | ||||
| CVE-2004-2523 | 1 Openftpd | 1 Openftpd Ftp Server | 2026-04-16 | N/A |
| Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument. | ||||
| CVE-2004-2525 | 1 S9y | 1 Serendipity | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. | ||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | ||||
| CVE-2004-2528 | 1 Webcam Corp | 1 Webcam Watchdog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter. | ||||
| CVE-2004-2533 | 1 Solarwinds | 1 Serv-u File Server | 2026-04-16 | N/A |
| Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111. | ||||
| CVE-2004-2534 | 1 Fastream | 1 Netfile Server | 2026-04-16 | N/A |
| Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests. | ||||
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2026-04-16 | N/A |
| The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key. | ||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2026-04-16 | N/A |
| Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | ||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2026-04-16 | N/A |
| Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer. | ||||
| CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2026-04-16 | N/A |
| readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | ||||
| CVE-2004-2541 | 2 Cscope, Redhat | 2 Cscope, Enterprise Linux | 2026-04-16 | N/A |
| Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. | ||||
| CVE-2004-2542 | 1 Dynix | 1 Webpac | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases. | ||||
| CVE-2004-2543 | 1 Securecomputing | 1 Sidewinder G2 | 2026-04-16 | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | ||||