Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1504 | 1 Salims Softhouse | 1 Jaf Cms | 2026-04-16 | N/A |
| The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php. | ||||
| CVE-2004-1505 | 1 Salims Softhouse | 1 Jaf Cms | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter. | ||||
| CVE-2004-1511 | 1 Hotfoon Corporation | 1 Hotfoon | 2026-04-16 | N/A |
| Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window. | ||||
| CVE-2004-1514 | 1 Soft3304 | 1 04webserver | 2026-04-16 | N/A |
| 04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2. | ||||
| CVE-2004-1519 | 1 Benjamin Curtis | 1 Phpbugtracker | 2026-04-16 | N/A |
| SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation. | ||||
| CVE-2004-1522 | 1 3do | 1 Army Men Real Time Strategy Game | 2026-04-16 | N/A |
| Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings. | ||||
| CVE-2004-1525 | 1 New Media Generation | 1 Hired Team Trial | 2026-04-16 | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command. | ||||
| CVE-2004-1533 | 1 Digital Mappings Systems | 1 Pop3 Server | 2026-04-16 | N/A |
| Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password. | ||||
| CVE-2004-1542 | 1 Raven Software | 1 Soldier Of Fortune | 2026-04-16 | N/A |
| Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply. | ||||
| CVE-2004-1544 | 1 Jspwiki | 1 Jspwiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter. | ||||
| CVE-2004-1545 | 1 Moniwiki | 1 Moniwiki | 2026-04-16 | N/A |
| UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code. | ||||
| CVE-2005-0548 | 1 Sun | 1 Solaris Answerbook2 | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function. | ||||
| CVE-2005-0554 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability." | ||||
| CVE-2004-1571 | 1 Aj-fork | 1 Aj-fork | 2026-04-16 | N/A |
| AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message. | ||||
| CVE-2005-0577 | 1 Dna | 1 Mkbold-mkitalic | 2026-04-16 | N/A |
| Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files. | ||||
| CVE-2004-1583 | 1 Tridcomm | 1 Tridcomm | 2026-04-16 | N/A |
| Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT. | ||||
| CVE-2005-0592 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in the UTF8ToNewUnicode function for Firefox before 1.0.1 and Mozilla before 1.7.6 might allow remote attackers to cause a denial of service (crash) or execute arbitrary code via invalid sequences in a UTF8 encoded string that result in a zero length value. | ||||
| CVE-2005-0603 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message. | ||||
| CVE-2004-1723 | 1 Php Fusion | 1 Php Fusion | 2026-04-16 | N/A |
| The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | ||||
| CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2026-04-16 | N/A |
| Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | ||||