Export limit exceeded: 29908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29908 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2236 | 1 Moodle | 1 Moodle | 2025-04-03 | N/A |
| Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | ||||
| CVE-2004-1638 | 1 Tabs Laboratories | 1 Mailcarrier | 2025-04-03 | N/A |
| Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command. | ||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2025-04-03 | N/A |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | ||||
| CVE-2004-1640 | 1 Xoops | 1 Xoops Dictionary | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php. | ||||
| CVE-2004-1641 | 1 South River Technologies | 1 Titan Ftp Server | 2025-04-03 | N/A |
| Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | ||||
| CVE-2004-1642 | 1 Texas Imperial Software | 1 Wftpd | 2025-04-03 | N/A |
| WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. | ||||
| CVE-2004-1643 | 1 Progress | 1 Ws Ftp Server | 2025-04-03 | N/A |
| WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence. | ||||
| CVE-2004-1644 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | N/A |
| Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address. | ||||
| CVE-2004-1645 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x. | ||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | N/A |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2004-1647 | 1 Web Animations | 1 Password Protect | 2025-04-03 | N/A |
| SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp. | ||||
| CVE-2004-1648 | 1 Web Animations | 1 Password Protect | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter. | ||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | ||||
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2025-04-03 | N/A |
| D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | ||||
| CVE-2004-1651 | 1 Brickhost | 1 Phpscheduleit | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field. | ||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2025-04-03 | N/A |
| phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges. | ||||
| CVE-2004-1653 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | ||||
| CVE-2004-1654 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | N/A |
| SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. | ||||
| CVE-2004-1655 | 1 Phpwebsite | 1 Phpwebsite | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module. | ||||
| CVE-2004-1656 | 1 Comersus Open Technologies | 1 Comersus Cart | 2025-04-03 | N/A |
| CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter. | ||||