Total
29944 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1295 | 1 Uml-utilities | 1 Uml-utilities | 2026-04-16 | N/A |
| The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled). | ||||
| CVE-2004-2071 | 1 Macallan | 1 Mail Solution | 2026-04-16 | N/A |
| Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. | ||||
| CVE-2004-2081 | 1 Karjasoft | 1 Sami Ftp Server | 2026-04-16 | N/A |
| The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file. | ||||
| CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. | ||||
| CVE-2004-2101 | 1 Geovision | 1 Geohttpserver | 2026-04-16 | N/A |
| The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. | ||||
| CVE-2004-2105 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter. | ||||
| CVE-2004-2108 | 1 Quadcomm | 1 Q-shop | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp. | ||||
| CVE-2004-2109 | 1 Quadcomm | 1 Q-shop | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL. | ||||
| CVE-2004-2119 | 1 Tinyserver | 1 Tinyserver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL. | ||||
| CVE-2004-2128 | 1 Brs | 1 Webweaver | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. | ||||
| CVE-2004-2140 | 1 Yabb | 1 Yabb | 2026-04-16 | N/A |
| CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable. | ||||
| CVE-2004-2142 | 1 Jorg Schilling | 1 Sdd | 2026-04-16 | N/A |
| Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors. | ||||
| CVE-2004-2153 | 1 Real Estate Management Software | 1 Real Estate Management Software | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors. | ||||
| CVE-2004-2164 | 1 Virtual Programming | 1 Vp-asp | 2026-04-16 | N/A |
| shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption). | ||||
| CVE-2004-2167 | 1 Latex2rtf | 1 Latex2rtf | 2026-04-16 | N/A |
| Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand. | ||||
| CVE-2004-2171 | 1 Cherokee | 1 Cherokee Httpd | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page. | ||||
| CVE-2004-2174 | 1 Early Impact | 1 Productcart | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter. | ||||
| CVE-2004-2178 | 1 Devoybb | 1 Devoybb Web Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2004-2181 | 1 Wowbb | 1 Wowbb Web Forum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. | ||||
| CVE-2004-2198 | 1 Duware | 1 Duclassmate | 2026-04-16 | N/A |
| account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. | ||||