Total
29810 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2025-04-03 | N/A |
| Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. | ||||
| CVE-2004-1743 | 1 Efs Software | 1 Efs Web Server | 2025-04-03 | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. | ||||
| CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | ||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2025-04-03 | N/A |
| BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | ||||
| CVE-2004-1761 | 2 Ethereal Group, Redhat | 3 Ethereal, Enterprise Linux, Linux | 2025-04-03 | N/A |
| Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file. | ||||
| CVE-2004-1779 | 1 Thwboard | 1 Thwboard Beta | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter. | ||||
| CVE-2004-1780 | 1 Info Touch | 1 Surfnet | 2025-04-03 | N/A |
| Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts. | ||||
| CVE-2004-1781 | 1 Info Touch | 1 Surfnet | 2025-04-03 | N/A |
| Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. | ||||
| CVE-2004-1782 | 1 David Maciejak | 1 Athena Web Registration | 2025-04-03 | N/A |
| athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter. | ||||
| CVE-2004-1796 | 1 Hotnews | 1 Hotnews | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3. | ||||
| CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | ||||
| CVE-2004-1800 | 1 Sysbotz | 1 Simpledata | 2025-04-03 | N/A |
| Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie. | ||||
| CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | ||||
| CVE-2004-1818 | 1 Warpspeed | 1 4nalbum Module | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter. | ||||
| CVE-2004-1820 | 1 Warpspeed | 1 4nalbum Module | 2025-04-03 | N/A |
| PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. | ||||
| CVE-2004-1821 | 1 Warpspeed | 1 4nalbum Module | 2025-04-03 | N/A |
| SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter. | ||||
| CVE-2004-1838 | 1 Xweb | 1 Xweb | 2025-04-03 | N/A |
| Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2004-1841 | 1 Ms Analysis | 1 Website Traffic Analyzer | 2025-04-03 | N/A |
| SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. | ||||
| CVE-2004-1861 | 1 Netsupport | 1 Netsupport School | 2025-04-03 | N/A |
| Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. | ||||
| CVE-2004-1856 | 1 Hp | 1 Web Jetadmin | 2025-04-03 | N/A |
| devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. | ||||