Export limit exceeded: 344992 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344992 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1099 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2026-04-16 | N/A |
| Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. | ||||
| CVE-2004-1100 | 1 Tips | 1 Mailpost | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter. | ||||
| CVE-2004-1101 | 1 Tips | 1 Mailpost | 2026-04-16 | N/A |
| mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. | ||||
| CVE-2004-1102 | 1 Tips | 1 Mailpost | 2026-04-16 | N/A |
| MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information. | ||||
| CVE-2004-1103 | 1 Tips | 1 Mailpost | 2026-04-16 | N/A |
| MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version. | ||||
| CVE-2004-1104 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | ||||
| CVE-2004-1105 | 1 Nortel | 1 Contivity | 2026-04-16 | N/A |
| Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | ||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | ||||
| CVE-2004-1110 | 2 Gentoo, Jean-jacques Sarton | 2 Linux, Mtink | 2026-04-16 | N/A |
| The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | ||||
| CVE-2004-1111 | 1 Cisco | 10 7200 Router, 7300 Router, 7500 Router and 7 more | 2026-04-16 | N/A |
| Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | ||||
| CVE-2004-1112 | 2 Cisco, Okena | 2 Security Agent, Stormwatch | 2026-04-16 | N/A |
| The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. | ||||
| CVE-2004-1113 | 1 Sqlgrey | 1 Sqlgrey Postfix Greylisting Service | 2026-04-16 | N/A |
| SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. | ||||
| CVE-2004-1116 | 1 Gentoo | 1 Linux | 2026-04-16 | N/A |
| The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | ||||
| CVE-2004-1117 | 1 Gentoo | 1 Linux | 2026-04-16 | N/A |
| The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | ||||
| CVE-2004-1119 | 1 Nullsoft | 1 Winamp | 2026-04-16 | N/A |
| Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | ||||
| CVE-2004-1120 | 1 Prozilla | 1 Prozilla Download Accelerator | 2026-04-16 | N/A |
| Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | ||||
| CVE-2004-1122 | 1 Apple | 1 Safari | 2026-04-16 | N/A |
| Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. | ||||
| CVE-2005-0849 | 1 Funlabs | 9 4x4 Off-road Adventure Iii, Cabelas Big Game Hunter 2004 Season, Cabelas Big Game Hunter 2005 and 6 more | 2026-04-16 | N/A |
| Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet. | ||||
| CVE-2005-0856 | 1 Coolforum | 1 Coolforum | 2026-04-16 | N/A |
| CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability. | ||||
| CVE-2004-1123 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2026-04-16 | N/A |
| Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | ||||