Total
29923 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1605 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. | ||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | ||||
| CVE-2004-1612 | 1 Saleslogix Corporation | 1 Saleslogix | 2026-04-16 | N/A |
| Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request. | ||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2026-04-16 | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | ||||
| CVE-1999-0826 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| Buffer overflow in FreeBSD angband allows local users to gain privileges. | ||||
| CVE-2004-1616 | 1 Links | 1 Links | 2026-04-16 | N/A |
| Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme. | ||||
| CVE-2004-1618 | 1 Vypress | 1 Tonecast | 2026-04-16 | N/A |
| Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream. | ||||
| CVE-2006-4823 | 1 Reamday Enterprises | 1 Magic News Pro | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in scripts/news_page.php in Reamday Enterprises Magic News Pro 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter. | ||||
| CVE-2004-1620 | 1 S9y | 1 Serendipity | 2026-04-16 | N/A |
| CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. | ||||
| CVE-2006-4912 | 1 Php Docwriter | 1 Php Docwriter | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in PHP DocWriter 0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the script parameter. | ||||
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature | ||||
| CVE-2004-1622 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter. | ||||
| CVE-2004-1624 | 1 Altiris | 1 Carbon Copy | 2026-04-16 | N/A |
| Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe). | ||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2026-04-16 | N/A |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2004-1648 | 1 Web Animations | 1 Password Protect | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter. | ||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | ||||
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2026-04-16 | N/A |
| D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | ||||
| CVE-2004-1651 | 1 Brickhost | 1 Phpscheduleit | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field. | ||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2026-04-16 | N/A |
| phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges. | ||||
| CVE-2004-1654 | 1 Phpwebsite | 1 Phpwebsite | 2026-04-16 | N/A |
| SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. | ||||