Total
29947 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1027 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module. | ||||
| CVE-2004-2405 | 1 F-secure | 4 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 1 more | 2026-04-16 | N/A |
| Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. | ||||
| CVE-2004-2414 | 1 Novell | 1 Netware | 2026-04-16 | N/A |
| Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | ||||
| CVE-2004-2417 | 1 Smtp.proxy | 1 Smtp.proxy | 2026-04-16 | N/A |
| Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message. | ||||
| CVE-2004-2094 | 1 Darkwet | 1 Webcam Xp | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script. | ||||
| CVE-2004-2455 | 1 Sweex | 1 Wireless Broadband Router Accesspoint 802.11g | 2026-04-16 | N/A |
| Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file. | ||||
| CVE-2004-2470 | 1 Madbms | 1 Madbms | 2026-04-16 | N/A |
| Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins. | ||||
| CVE-2004-2471 | 1 Jamesoff | 1 Quoteengine | 2026-04-16 | N/A |
| SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2004-2477 | 1 Diamondcs | 1 Process Guard Free | 2026-04-16 | N/A |
| DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe. | ||||
| CVE-2004-2481 | 1 Myproxy | 1 Myproxy | 2026-04-16 | N/A |
| MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command. | ||||
| CVE-2004-2495 | 1 Code-crafters | 1 Ability Mail Server | 2026-04-16 | N/A |
| The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service. | ||||
| CVE-2004-2496 | 1 Opentext | 1 Opentext Firstclass | 2026-04-16 | N/A |
| The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | ||||
| CVE-2004-2502 | 1 Im-switch | 1 Im-switch | 2026-04-16 | N/A |
| im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file. | ||||
| CVE-2004-2505 | 1 Macromedia | 1 Coldfusion | 2026-04-16 | N/A |
| Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | ||||
| CVE-2004-2510 | 1 Ubbcentral | 1 Ubb.threads | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. | ||||
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. | ||||
| CVE-2004-2517 | 1 Myserver | 1 Myserver | 2026-04-16 | N/A |
| myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html. | ||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. | ||||
| CVE-2004-2521 | 1 Geeos Team | 1 Gattaca Server 2003 | 2026-04-16 | N/A |
| Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP). | ||||
| CVE-2004-2524 | 1 Whm Autopilot | 1 Whm Autopilot | 2026-04-16 | N/A |
| clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | ||||