Export limit exceeded: 344992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2316 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2026-04-16 | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. | ||||
| CVE-2004-2317 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2026-04-16 | N/A |
| Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. | ||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2026-04-16 | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | ||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2026-04-16 | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. | ||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | ||||
| CVE-2004-2324 | 1 Dotnetnuke | 1 Dotnetnuke | 2026-04-16 | N/A |
| SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | ||||
| CVE-2004-2325 | 1 Dotnetnuke | 1 Dotnetnuke | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2004-2326 | 1 Ip3 Networks | 3 Ip3 Netaccess, Ip3 Netaccess - Hospitality, Ip3 Netaccess - Wireless Hotspots | 2026-04-16 | N/A |
| SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. | ||||
| CVE-2004-2328 | 1 Clearswift | 1 Mailsweeper | 2026-04-16 | N/A |
| Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached. | ||||
| CVE-2004-2329 | 1 Kerio | 1 Personal Firewall | 2026-04-16 | N/A |
| Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | ||||
| CVE-2004-2330 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | ||||
| CVE-2004-2332 | 1 Cpan | 1 Www Form | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | ||||
| CVE-2004-2333 | 1 Bodington | 1 Bodington | 2026-04-16 | N/A |
| Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files. | ||||
| CVE-2004-2336 | 1 Novell | 2 Groupwise, Netware | 2026-04-16 | N/A |
| Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attackers to read directories and files on the server. | ||||
| CVE-2004-2337 | 1 Inlook | 1 Inlook | 2026-04-16 | N/A |
| The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials. | ||||
| CVE-2004-2338 | 1 Openbsd | 1 Openbsd | 2026-04-16 | N/A |
| OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. | ||||
| CVE-2004-2339 | 1 Microsoft | 3 Windows 2000, Windows 2003 Server, Windows Xp | 2026-04-16 | 8.4 High |
| Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function, which does not verify its pointer arguments. Note: this issue has been disputed, since Administrator privileges are typically required to exploit this issue, thus privilege boundaries are not crossed | ||||
| CVE-2004-2340 | 1 Even Balance | 1 Punkbuster Database | 2026-04-16 | N/A |
| ** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the login form. NOTE: the original vulnerability report contains several significant inconsistencies that make it unclear whether the report is accurate, including (1) PB-DB is really the "PunkBuster Screenshot Database" and not "PunkBuster" itself; (2) there is no apparent association between PunkBuster and "Punky Brewster"; (3) the claimed source code is not anywhere in Alpha 6. | ||||
| CVE-2004-2342 | 1 Burton Sang | 1 Chatterbox | 2026-04-16 | N/A |
| ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa". | ||||
| CVE-2004-2343 | 1 Apache | 1 Http Server | 2026-04-16 | N/A |
| Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument | ||||