Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1686 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | ||||
| CVE-2004-1687 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2026-04-16 | N/A |
| CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter. | ||||
| CVE-2004-1688 | 1 Tech-noel | 1 Pigeon Server | 2026-04-16 | N/A |
| Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103. | ||||
| CVE-2004-1689 | 1 Todd Miller | 1 Sudo | 2026-04-16 | N/A |
| sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. | ||||
| CVE-2004-1691 | 1 Rhinosoft | 1 Dns4me | 2026-04-16 | N/A |
| The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data. | ||||
| CVE-2004-1692 | 1 Mambo | 1 Mambo Open Source | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. | ||||
| CVE-2004-1693 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. | ||||
| CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2026-04-16 | N/A |
| Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2004-1695 | 1 Emulive | 1 Server4 | 2026-04-16 | N/A |
| EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash). | ||||
| CVE-2004-1697 | 1 Ca | 1 Unicenter Management | 2026-04-16 | N/A |
| The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. | ||||
| CVE-2004-1698 | 1 Leadmind | 1 Popmessenger | 2026-04-16 | N/A |
| The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash. | ||||
| CVE-2004-1716 | 1 Powie | 1 Pforum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. | ||||
| CVE-2004-1715 | 1 Clearswift | 1 Mimesweeper For Web | 2026-04-16 | N/A |
| Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. | ||||
| CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2026-04-16 | N/A |
| The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument. | ||||
| CVE-2004-1719 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. | ||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | ||||
| CVE-2004-1721 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000. | ||||
| CVE-2004-1722 | 1 Merak | 1 Mail Server | 2026-04-16 | N/A |
| SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter. | ||||
| CVE-2004-1723 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | ||||
| CVE-2004-1724 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password. | ||||