Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1680 1 Pingtel 1 Xpressa 2026-04-16 N/A
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
CVE-2004-1682 1 Qnx 1 Rtp 2026-04-16 N/A
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
CVE-2004-1683 1 Qnx 1 Rtos 2026-04-16 N/A
A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.
CVE-2004-1684 1 Zyxel 2 Prestige, Zynos 2026-04-16 N/A
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.
CVE-2004-1686 1 Microsoft 1 Ie 2026-04-16 N/A
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
CVE-2004-1687 1 Snitz Communications 1 Snitz Forums 2000 2026-04-16 N/A
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
CVE-2004-1688 1 Tech-noel 1 Pigeon Server 2026-04-16 N/A
Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.
CVE-2004-1689 1 Todd Miller 1 Sudo 2026-04-16 N/A
sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit.
CVE-2004-1691 1 Rhinosoft 1 Dns4me 2026-04-16 N/A
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
CVE-2004-1692 1 Mambo 1 Mambo Open Source 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
CVE-2004-1693 1 Mambo 1 Mambo 2026-04-16 N/A
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
CVE-2004-1694 1 Symantec 2 On Command Ccm, On Icommand 2026-04-16 N/A
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
CVE-2004-1695 1 Emulive 1 Server4 2026-04-16 N/A
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
CVE-2004-1697 1 Ca 1 Unicenter Management 2026-04-16 N/A
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
CVE-2004-1698 1 Leadmind 1 Popmessenger 2026-04-16 N/A
The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash.
CVE-2004-1716 1 Powie 1 Pforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
CVE-2004-1715 1 Clearswift 1 Mimesweeper For Web 2026-04-16 N/A
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
CVE-2004-1718 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
CVE-2004-1719 1 Merak 1 Mail Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
CVE-2004-1720 1 Merak 1 Mail Server 2026-04-16 N/A
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.