Export limit exceeded: 29948 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2564 1 Sambar 1 Sambar Server 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) the show parameter in show.asp and (2) the title parameter in showperf.asp.
CVE-2004-2565 1 Sambar 1 Sambar Server 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.
CVE-2004-2566 1 Liveworld 4 Livechat, Livefocusgroup, Liveforum and 1 more 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject arbitrary web script or HTML via the q parameter in (a) search.jsp, (b) findclub!execute.jspa, and (c) search!execute.jspa.
CVE-2004-2567 1 Recipants 1 Recipants 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.
CVE-2004-2568 1 Recipants 1 Recipants 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.
CVE-2004-2569 1 David Stes 1 Ipmenu 2026-04-16 N/A
ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.
CVE-2004-2572 1 Amax Information Technologies 1 Magic Winmail Server 2026-04-16 N/A
AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable.
CVE-2004-2573 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
CVE-2004-2574 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction.
CVE-2004-2575 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.
CVE-2004-2576 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files.
CVE-2004-2577 1 Phpgroupware 1 Phpgroupware 2026-04-16 N/A
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts.
CVE-2004-2648 1 Faronics 1 Freezex 2026-04-16 N/A
FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.
CVE-2004-2651 1 Michael Christen 1 Yacy 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html.
CVE-2004-2681 1 Peersec Networks 1 Matrixssl 2026-04-16 N/A
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.
CVE-2004-2656 1 Open Source Development Network 1 Slashcode 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
CVE-2004-2657 1 Mozilla 1 Firefox 2026-04-16 N/A
Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision.
CVE-2004-2658 1 Suse 1 Suse Linux 2026-04-16 N/A
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
CVE-2004-2660 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
CVE-2004-2661 1 Soft3304 1 04webserver 2026-04-16 N/A
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).