Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1839 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
CVE-2004-1840 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php.
CVE-2004-1841 1 Ms Analysis 1 Website Traffic Analyzer 2026-04-16 N/A
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request.
CVE-2004-1857 1 Hp 1 Web Jetadmin 2026-04-16 N/A
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
CVE-2004-1858 1 Hp 1 Web Jetadmin 2026-04-16 N/A
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character.
CVE-2004-1860 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker.
CVE-2004-1861 1 Netsupport 1 Netsupport School 2026-04-16 N/A
Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords.
CVE-2004-1862 1 Xmb Forum 1 Xmb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php.
CVE-2004-1864 1 Xmb Forum 1 Xmb 2026-04-16 N/A
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
CVE-2004-1866 1 Nstx 1 Ip Over Dns Utility 2026-04-16 N/A
nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a denial of service (crash) via a large packet, which triggers a null dereference.
CVE-2004-1867 1 Web Fresh 1 Fresh Guest Book 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field.
CVE-2004-1868 1 Esignal 1 Esignal 2026-04-16 N/A
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
CVE-2004-1869 1 Nival Interactive 2 Etherlords, Etherlords Ii 2026-04-16 N/A
Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory.
CVE-2004-1871 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields.
CVE-2004-1872 1 Webct 1 Webct 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.
CVE-2004-1873 1 Alan Ward 1 A-cart 2026-04-16 N/A
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
CVE-2004-1874 1 Alan Ward 1 A-cart 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms.
CVE-2005-2104 1 Redhat 2 Enterprise Linux, Sysreport 2026-04-16 N/A
sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory.
CVE-2006-0024 2 Macromedia, Redhat 2 Flash Player, Rhel Extras 2026-04-16 N/A
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
CVE-2006-3517 1 Rwscripts.com 1 Rw Download 2026-04-16 N/A
PHP remote file inclusion vulnerability in stats.php in RW::Download, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.