Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1657 1 Newtelligence 1 Dasblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
CVE-2004-1659 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
CVE-2005-4059 1 Locazo 1 Locazolist 2026-04-16 N/A
SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter.
CVE-2004-1661 1 Sitecubed 1 Mailworks Professional 2026-04-16 N/A
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
CVE-2004-1662 1 Yabb 1 Yabb 2026-04-16 N/A
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
CVE-2004-1736 1 The Cacti Group 1 Cacti 2026-04-16 N/A
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
CVE-2002-2316 1 Cisco 1 Catos 2026-04-16 N/A
Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7.1.2 do not always learn MAC addresses from a single initial packet, which causes unicast traffic to be broadcast across the switch and allows remote attackers to obtain sensitive network information by sniffing.
CVE-2004-1737 2 Gentoo, The Cacti Group 2 Linux, Cacti 2026-04-16 N/A
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
CVE-2004-1740 1 Music Daemon 1 Music Daemon 2026-04-16 N/A
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
CVE-1999-1165 1 Gnu 1 Fingerd 2026-04-16 N/A
GNU fingerd 1.37 does not properly drop privileges before accessing user information, which could allow local users to (1) gain root privileges via a malicious program in the .fingerrc file, or (2) read arbitrary files via symbolic links from .plan, .forward, or .project files.
CVE-2004-1742 1 Web-app.org 1 Webapp 2026-04-16 N/A
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
CVE-2000-0331 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2026-04-16 N/A
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
CVE-2004-1744 1 Efs Software 1 Efs Web Server 2026-04-16 N/A
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
CVE-2004-1746 1 Php Code Snippet Library 1 Php Code Snippet Library 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.
CVE-2004-1749 1 Toplayer 1 Attack Mitigator 2026-04-16 N/A
Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.
CVE-2004-1753 2 Mozilla, Netscape 3 Firefox, Mozilla, Navigator 2026-04-16 N/A
The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs.
CVE-2004-1754 1 Symantec 2 Enterprise Firewall, Gateway Security 2026-04-16 N/A
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
CVE-2004-1755 1 Bea 1 Weblogic Server 2026-04-16 N/A
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
CVE-2004-1870 1 Photopost 1 Photopost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
CVE-2004-1872 1 Webct 1 Webct 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag.