Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2019 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.
CVE-2004-2022 1 Activestate 1 Activeperl 2026-04-16 N/A
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
CVE-2004-2037 1 Mollensoft Software 1 Lightweight Ftp Server 2026-04-16 N/A
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
CVE-2004-2038 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php.
CVE-2004-2051 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.
CVE-2004-2052 1 Esesix 1 Thintune 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.
CVE-2004-2053 1 Easyins 1 Easyins 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.
CVE-2004-2054 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php.
CVE-2004-2056 1 Nucleus Group 1 Nucleus Cms 2026-04-16 N/A
SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter.
CVE-2004-2057 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.
CVE-2004-2058 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.
CVE-2004-2059 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-2060 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
CVE-2004-2062 1 Antiboard 1 Antiboard 2026-04-16 N/A
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.
CVE-2004-2063 1 Antiboard 1 Antiboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.
CVE-2004-2065 1 Daniel Barron 1 Dansguardian 2026-04-16 N/A
DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
CVE-2004-2066 1 Linpha 1 Linpha 2026-04-16 N/A
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
CVE-2004-2075 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
CVE-2004-2076 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2004-2077 1 Nadeo 3 Game Engine, Trackmania, Virtual Skipper 2026-04-16 N/A
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.