Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-1999-1369 1 Realnetworks 1 Realserver 2026-04-16 N/A
Real Media RealServer (rmserver) 6.0.3.353 stores a password in plaintext in the world-readable rmserver.cfg file, which allows local users to gain privileges.
CVE-2004-2040 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
CVE-2004-1664 1 Activision 2 Call Of Duty, Call Of Duty United Offensive 2026-04-16 N/A
Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430.
CVE-2004-2041 1 E107 1 E107 2026-04-16 N/A
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
CVE-2004-2042 1 E107 1 E107 2026-04-16 N/A
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
CVE-2004-2044 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more 2026-04-16 N/A
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
CVE-2004-2045 1 Conceptronic 1 Cadslr1 Adsl Router 2026-04-16 N/A
The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username.
CVE-2004-2046 1 Apc 1 Powerchute 2026-04-16 N/A
Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.
CVE-2004-2049 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.
CVE-2004-2050 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.
CVE-2004-2058 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.
CVE-2004-1175 6 Debian, Gentoo, Midnight Commander and 3 more 8 Debian Linux, Linux, Midnight Commander and 5 more 2026-04-16 N/A
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
CVE-2004-2063 1 Antiboard 1 Antiboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.
CVE-2004-2064 1 Verylost 1 Lostbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.
CVE-2004-0560 1 University Of Minnesota 1 Gopherd 2026-04-16 N/A
Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.
CVE-2004-2067 1 Jaws 1 Jaws 2026-04-16 N/A
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
CVE-2004-1182 1 Hylafax 1 Hylafax 2026-04-16 N/A
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
CVE-2004-2068 1 Leafnode 1 Leafnode 2026-04-16 N/A
fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.
CVE-2004-2069 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
CVE-1999-1448 1 Qualcomm 2 Eudora, Eudora Light 2026-04-16 N/A
Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which causes a segmentation fault.