Total
344856 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0314 | 1 Freewebs | 1 Webzedit | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. | ||||
| CVE-2004-0313 | 1 Psoproxy | 1 Psoproxy Server | 2026-04-16 | N/A |
| Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name. | ||||
| CVE-2004-0312 | 1 Linksys | 1 Wap55ag | 2026-04-16 | N/A |
| Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | ||||
| CVE-2005-2869 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via (1) the Username to libraries/auth/cookie.auth.lib.php or (2) the error parameter to error.php. | ||||
| CVE-2004-0311 | 1 Apc | 1 Ap9606 | 2026-04-16 | N/A |
| American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2004-0306 | 1 Cisco | 1 Optical Networking Systems Software | 2026-04-16 | N/A |
| Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories. | ||||
| CVE-2005-2863 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in OpenWebMail 2.41 allows remote attackers to inject arbitrary web script or HTML via the sessionid parameter. | ||||
| CVE-2004-0305 | 1 Webcortex | 1 Webstores 2000 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in error.asp in WebCortex WebStores 2000 6.0 allows remote attackers to execute arbitrary script as other users and steal session IDs via the Message_id parameter. | ||||
| CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2026-04-16 | N/A |
| OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | ||||
| CVE-2004-0301 | 1 Ecommerce Corporation Online | 1 Store Kit | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter. | ||||
| CVE-2005-2862 | 1 Road Runner | 1 Adsl Road Runner Modem | 2026-04-16 | N/A |
| ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access. | ||||
| CVE-2004-0298 | 1 Aclogic | 1 Cesarftp | 2026-04-16 | N/A |
| CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter. | ||||
| CVE-2005-2856 | 1 Winace | 1 Winace | 2026-04-16 | N/A |
| Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive. | ||||
| CVE-2004-0294 | 1 Yabbforumsoftware | 1 Yet Another Bulletin Board | 2026-04-16 | N/A |
| YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack. | ||||
| CVE-2005-2844 | 1 Indiatimes Messenger | 1 Indiatimes Messenger | 2026-04-16 | N/A |
| Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object. | ||||
| CVE-2004-0287 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2026-04-16 | N/A |
| Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow. | ||||
| CVE-2004-0286 | 1 Robotftp | 1 Robotftp Server | 2026-04-16 | N/A |
| Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username. | ||||
| CVE-2004-0285 | 3 Allmyguests Project, Allmylinks Project, Allmyvisitors Project | 3 Allmyguests, Allmylinks, Allmyvisitors | 2026-04-16 | 9.8 Critical |
| PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. | ||||
| CVE-2004-0284 | 1 Microsoft | 3 Ie, Internet Explorer, Outlook | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name. | ||||
| CVE-2005-2843 | 1 Helpdesk Software | 1 Hesk | 2026-04-16 | N/A |
| Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php. | ||||