Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1131 1 Sco 1 Openserver 2026-04-16 N/A
Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.
CVE-2004-1133 1 Microsoft 1 W3who.dll 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.
CVE-2004-1134 1 Microsoft 1 W3who.dll 2026-04-16 N/A
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
CVE-2004-1136 1 Globalscape 1 Cuteftp 2026-04-16 N/A
Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.
CVE-2004-1300 1 Xine 1 Xine-lib 2026-04-16 N/A
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
CVE-2004-1154 4 Redhat, Samba, Suse and 1 more 5 Enterprise Linux, Fedora Core, Samba and 2 more 2026-04-16 N/A
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
CVE-2004-1155 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
CVE-2004-1156 2 Mozilla, Redhat 3 Firefox, Mozilla, Enterprise Linux 2026-04-16 N/A
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVE-2004-1725 1 John Bradley 1 Xv 2026-04-16 N/A
Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file.
CVE-2004-1161 2 Gentoo, Rssh 2 Linux, Rssh 2026-04-16 N/A
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
CVE-2004-1162 2 Gentoo, Scponly 2 Linux, Scponly 2026-04-16 N/A
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.
CVE-2004-1163 1 Cisco 1 Cns Network Registrar 2026-04-16 N/A
Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets.
CVE-2004-1164 1 Cisco 1 Cns Network Registrar 2026-04-16 N/A
The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence."
CVE-2004-1165 2 Kde, Redhat 3 Kdelibs, Konqueror, Enterprise Linux 2026-04-16 N/A
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
CVE-2004-1168 1 Mysql 1 Maxdb 2026-04-16 N/A
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
CVE-2004-1169 1 Mysql 1 Maxdb 2026-04-16 N/A
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.
CVE-2004-1170 3 Gnu, Sun, Suse 3 A2ps, Java Desktop System, Suse Linux 2026-04-16 N/A
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
CVE-2004-1171 3 Kde, Mandrakesoft, Redhat 3 Kde, Mandrake Linux, Fedora Core 2026-04-16 N/A
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
CVE-2004-1172 1 Symantec Veritas 1 Backup Exec 2026-04-16 N/A
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
CVE-2004-1173 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.