Export limit exceeded: 362238 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29946 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1699 1 Pinnacle Systems 1 Showcenter 2026-04-16 N/A
SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.
CVE-2004-1700 1 Pinnacle Systems 1 Showcenter 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message.
CVE-2004-1710 1 Andrew Kilpatrick 1 Page Cgi 2026-04-16 N/A
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
CVE-2004-1717 1 Gv 1 Gv 2026-04-16 N/A
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
CVE-2004-1718 1 Pedestal Software 1 Integrity Protection Driver 2026-04-16 N/A
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
CVE-2004-1721 1 Merak 1 Mail Server 2026-04-16 N/A
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
CVE-2004-1724 1 Php Fusion 1 Php Fusion 2026-04-16 N/A
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
CVE-2004-1751 1 Massive Entertainment 1 Ground Control Ii Operation Exodus 2026-04-16 N/A
Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.
CVE-2004-2006 1 Trend Micro 1 Officescan 2026-04-16 N/A
Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection.
CVE-2004-2009 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message.
CVE-2004-2036 1 Jportal 1 Jportal Web Portal 2026-04-16 N/A
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
CVE-2004-2043 2 Borland Software, Firebirdsql 3 Interbase, Interbase Superserver, Firebird 2026-04-16 N/A
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
CVE-2004-2051 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.
CVE-2004-2053 1 Easyins 1 Easyins 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.
CVE-2004-2077 1 Nadeo 3 Game Engine, Trackmania, Virtual Skipper 2026-04-16 N/A
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.
CVE-2004-2082 1 Karjasoft 1 Sami Ftp Server 2026-04-16 N/A
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
CVE-2004-2084 1 Jshop E-commerce 2 Jshop Professional, Jshop Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.
CVE-2005-0002 1 Gentoo 1 Poppassd Pam 2026-04-16 N/A
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
CVE-2005-0009 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).
CVE-2005-0014 1 Ncpfs 1 Ncpfs 2026-04-16 N/A
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.