Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2605 1 Astats 1 Astats 2026-04-16 N/A
aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
CVE-2004-2606 1 Linksys 2 Befsr41 V3, Wrt54g 2026-04-16 N/A
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
CVE-2004-2607 1 Linux 1 Linux Kernel 2026-04-16 N/A
A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer.
CVE-2004-2609 1 Symantec 1 Powerquest Deploycenter 2026-04-16 N/A
The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow.
CVE-2004-2612 1 Bnc 1 Bnc 2026-04-16 N/A
BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.
CVE-2004-2614 1 Xuebrothers 1 Myweb 2026-04-16 N/A
Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
CVE-2004-2615 1 Cutephp 1 Cutenews 2026-04-16 N/A
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
CVE-2004-2616 1 Onnuri Infotek 1 Activepost Standard 2026-04-16 N/A
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.
CVE-2004-2617 1 Pegasi Web Server 1 Pegasi Web Server 2026-04-16 N/A
Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.
CVE-2004-2618 1 Pegasi Web Server 1 Pegasi Web Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).
CVE-2004-2619 1 Paul L Daniels 1 Ripmime 2026-04-16 N/A
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
CVE-2004-2620 1 Paul L Daniels 1 Ripmime 2026-04-16 N/A
The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.
CVE-2004-2621 1 Nortel 1 Contivity 2026-04-16 N/A
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
CVE-2004-2622 1 Altiris 1 Deployment Server Extension For Ibm Director 2026-04-16 N/A
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
CVE-2004-2623 1 Matthew Skala 1 Rippy The Aggregator 2026-04-16 N/A
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."
CVE-2004-2624 1 Wackowiki 1 Wackowiki 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.
CVE-2004-2639 1 Drew Withers 1 Journalness 2026-04-16 N/A
Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.
CVE-2004-2640 1 Ryszard Pydo 1 Linuxstat 2026-04-16 N/A
Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.
CVE-2004-2641 1 Sun 2 Netra 1280, Sun Fire 2026-04-16 N/A
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
CVE-2004-2642 1 Nathaniel Bray 1 Yeemp 2026-04-16 N/A
Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.