Export limit exceeded: 20133 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364230 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364230 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2498 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2026-04-16 | N/A |
| Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors. | ||||
| CVE-2004-2503 | 1 Inweb | 1 Mail Server | 2026-04-16 | N/A |
| INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services. | ||||
| CVE-1999-1036 | 1 Cops | 1 Cops | 2026-04-16 | N/A |
| COPS 1.04 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files in (1) res_diff, (2) ca.src, and (3) mail.chk. | ||||
| CVE-2004-2504 | 1 Alt-n | 1 Mdaemon | 2026-04-16 | N/A |
| The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. | ||||
| CVE-2004-2505 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | ||||
| CVE-2004-2506 | 1 Wikindx | 1 Wikindx | 2026-04-16 | N/A |
| Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file. | ||||
| CVE-2004-2508 | 1 Linksys | 1 Wvc11b | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. | ||||
| CVE-2004-0005 | 1 Gaim Project | 1 Gaim | 2026-04-16 | 9.8 Critical |
| Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. | ||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | ||||
| CVE-2004-0008 | 3 Redhat, Rob Flynn, Ultramagnetic | 4 Enterprise Linux, Linux, Gaim and 1 more | 2026-04-16 | N/A |
| Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | ||||
| CVE-2004-0009 | 1 Apache-ssl | 1 Apache-ssl | 2026-04-16 | N/A |
| Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. | ||||
| CVE-2004-2525 | 1 S9y | 1 Serendipity | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. | ||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2026-04-16 | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | ||||
| CVE-2004-0011 | 1 Debian | 1 Fsp | 2026-04-16 | N/A |
| Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. | ||||
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2026-04-16 | N/A |
| The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key. | ||||
| CVE-1999-1051 | 1 Matt Wright | 1 Formhandler.cgi | 2026-04-16 | N/A |
| Default configuration in Matt Wright FormHandler.cgi script allows arbitrary directories to be used for attachments, and only restricts access to the /etc/ directory, which allows remote attackers to read arbitrary files via the reply_message_attach attachment parameter. | ||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2026-04-16 | N/A |
| Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | ||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2026-04-16 | N/A |
| Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer. | ||||
| CVE-2004-0013 | 1 Jabber Software Foundation | 1 Jabber Server | 2026-04-16 | N/A |
| jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). | ||||
| CVE-2004-2551 | 1 Layton Technology | 1 Helpbox | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database. | ||||