Search Results (363118 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0622 1 Apple 1 Mac Os X 2026-04-16 N/A
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.
CVE-2004-1954 1 Phprofession 1 Phprofession 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.
CVE-2004-0594 7 Avaya, Debian, Hp and 4 more 9 Converged Communications Server, Debian Linux, Hp-ux and 6 more 2026-04-16 N/A
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVE-2004-0575 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP 64-bit Edition, Windows Server 2003, and Windows Server 2003 64-bit Edition allows remote attackers to execute arbitrary code via compressed (zipped) folders that involve an "unchecked buffer" and improper length validation.
CVE-2004-1932 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
CVE-2004-1926 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation.
CVE-2004-1906 1 Mcafee 1 Freescan 2026-04-16 N/A
Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.
CVE-2004-1885 1 Progress 1 Ws Ftp Server 2026-04-16 N/A
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
CVE-2004-2499 1 Hitachi 2 Web Page Generator, Web Page Generator Enterprise 2026-04-16 N/A
Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."
CVE-2004-1869 1 Nival Interactive 2 Etherlords, Etherlords Ii 2026-04-16 N/A
Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory.
CVE-2004-1868 1 Esignal 1 Esignal 2026-04-16 N/A
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
CVE-2004-1857 1 Hp 1 Web Jetadmin 2026-04-16 N/A
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
CVE-2004-1835 1 Invision Power Services 1 Invision Gallery 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters.
CVE-2004-1834 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 N/A
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information.
CVE-2004-1817 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
CVE-2004-1798 1 Realnetworks 3 Realone Enterprise Desktop, Realone Player, Realplayer 2026-04-16 N/A
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context of the previously loaded URL, a different vulnerability than CVE-2003-0726.
CVE-2002-1544 1 Cooolsoft 1 Personal Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. (dot dot) sequences in the commands (1) LIST (ls), (2) mkdir, (3) put, or (4) get.
CVE-2004-1793 1 Yatsoft 1 Switch Off 2026-04-16 N/A
Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm.
CVE-2004-2477 1 Diamondcs 1 Process Guard Free 2026-04-16 N/A
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
CVE-2004-1782 1 David Maciejak 1 Athena Web Registration 2026-04-16 N/A
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.