Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1651 | 1 Brickhost | 1 Phpscheduleit | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field. | ||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2026-04-16 | N/A |
| phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges. | ||||
| CVE-2004-1654 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. | ||||
| CVE-2003-0584 | 1 Tolis Group | 1 Bru | 2026-04-16 | N/A |
| Format string vulnerability in Backup and Restore Utility for Unix (BRU) 17.0 and earlier, when running setuid, allows local users to execute arbitrary code via format string specifiers in a command line argument. | ||||
| CVE-2004-1656 | 1 Comersus Open Technologies | 1 Comersus Cart | 2026-04-16 | N/A |
| CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter. | ||||
| CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2026-04-16 | N/A |
| Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | ||||
| CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2026-04-16 | N/A |
| Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. | ||||
| CVE-2004-1668 | 1 Easyweb | 1 Factory Subjects Module | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters. | ||||
| CVE-2004-1669 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html. | ||||
| CVE-2004-1671 | 1 Icewarp | 1 Web Mail | 2026-04-16 | N/A |
| Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html. | ||||
| CVE-2004-1686 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | ||||
| CVE-2004-1689 | 1 Todd Miller | 1 Sudo | 2026-04-16 | N/A |
| sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. | ||||
| CVE-2004-1708 | 1 Shawn Webb | 1 Webbsyte Chat | 2026-04-16 | N/A |
| Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. | ||||
| CVE-2004-1709 | 1 Datakey | 1 Rainbow Ikey2032 Usb Token | 2026-04-16 | N/A |
| Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users. | ||||
| CVE-2004-1711 | 1 Moodle | 1 Moodle | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter. | ||||
| CVE-2004-1335 | 2 Linux, Redhat | 4 Linux Kernel, Enterprise Linux, Fedora Core and 1 more | 2026-04-16 | N/A |
| Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function. | ||||
| CVE-2004-1712 | 1 Typepad | 1 Typepad | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter. | ||||
| CVE-2004-1713 | 1 Hp | 2 Process Resource Manager, Workload Manager | 2026-04-16 | N/A |
| Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files. | ||||
| CVE-2004-1715 | 1 Clearswift | 1 Mimesweeper For Web | 2026-04-16 | N/A |
| Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. | ||||
| CVE-2004-1717 | 1 Gv | 1 Gv | 2026-04-16 | N/A |
| Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value. | ||||