Search Results (361816 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2119 1 Tinyserver 1 Tinyserver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2005-1942 1 Cisco 1 Catalyst 2026-04-16 N/A
Cisco switches that support 802.1x security allow remote attackers to bypass port security and gain access to the VLAN via spoofed Cisco Discovery Protocol (CDP) messages.
CVE-2004-2120 1 Reptile Web Server 1 Reptile Web Server 2026-04-16 N/A
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.
CVE-2004-0238 1 0verkill 1 0verkill 2026-04-16 N/A
Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.
CVE-2004-1207 1 Serioussam 1 Seriousengine 2026-04-16 N/A
The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero.
CVE-2004-2122 1 Intra Forum 1 Intra Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters.
CVE-2004-1677 1 Logicnow 1 Perldesk 2026-04-16 N/A
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.
CVE-2004-2124 1 Gallery Project 1 Gallery 2026-04-16 N/A
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
CVE-2004-1208 1 21-6 Productions 1 Orbz 2026-04-16 N/A
Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request.
CVE-2004-2125 1 Iss 4 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 1 more 2026-04-16 N/A
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
CVE-2004-1213 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
CVE-1999-1545 1 Joes Own Editor 1 Joe 2026-04-16 N/A
Joe's Own Editor (joe) 2.8 sets the world-readable permission on its crash-save file, DEADJOE, which could allow local users to read files that were being edited by other users.
CVE-2004-2128 1 Brs 1 Webweaver 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.
CVE-2004-1214 1 Burut 1 Kreed 2026-04-16 N/A
Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.
CVE-2004-2130 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables.
CVE-2004-2132 1 Pj Cgi Neo Review 1 Pj Cgi Neo Review 2026-04-16 N/A
Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter.
CVE-2005-1943 1 Loki 1 Loki Download Manager Catgory Version 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.
CVE-2004-2133 1 Cvsup 1 Cvsup 2026-04-16 N/A
Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.
CVE-2004-2134 1 Oracle 1 Application Server 2026-04-16 N/A
Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords.
CVE-2004-2136 1 Linux 1 Linux Kernel 2026-04-16 N/A
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.