Export limit exceeded: 29946 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29946 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1645 | 1 Jerod Moemeka | 1 Xedus | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x. | ||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2026-04-16 | N/A |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2004-1647 | 1 Web Animations | 1 Password Protect | 2026-04-16 | N/A |
| SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp. | ||||
| CVE-2004-1648 | 1 Web Animations | 1 Password Protect | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter. | ||||
| CVE-2005-1759 | 1 Shtool | 1 Shtool | 2026-04-16 | N/A |
| Race condition in shtool 2.0.1 and earlier allows local users to modify or create arbitrary files via a symlink attack on temporary files after they have been created, a different vulnerability than CVE-2005-1751. | ||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2026-04-16 | N/A |
| phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges. | ||||
| CVE-2004-1653 | 1 Openbsd | 1 Openssh | 2026-04-16 | N/A |
| The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | ||||
| CVE-2004-1657 | 1 Newtelligence | 1 Dasblog | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. | ||||
| CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. | ||||
| CVE-2004-1659 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter. | ||||
| CVE-2004-1660 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php. | ||||
| CVE-1999-0773 | 1 Sun | 2 Solaris, Sunos | 2026-04-16 | N/A |
| Buffer overflow in Solaris lpset program allows local users to gain root access. | ||||
| CVE-2004-1661 | 1 Sitecubed | 1 Mailworks Professional | 2026-04-16 | N/A |
| MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." | ||||
| CVE-2004-1691 | 1 Rhinosoft | 1 Dns4me | 2026-04-16 | N/A |
| The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data. | ||||
| CVE-2005-1773 | 1 Lsoft | 1 Listserv | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available. | ||||
| CVE-2005-2519 | 1 Apple | 1 Mac Os X | 2026-04-16 | N/A |
| slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges. | ||||
| CVE-2004-1596 | 1 3com | 1 3cradsl72 | 2026-04-16 | N/A |
| The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. | ||||
| CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2026-04-16 | N/A |
| Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2004-1696 | 1 Emulive | 1 Server4 | 2026-04-16 | N/A |
| EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66. | ||||
| CVE-2004-1697 | 1 Ca | 1 Unicenter Management | 2026-04-16 | N/A |
| The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. | ||||