Search Results (29926 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2505 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
CVE-2004-2509 1 Ubbcentral 1 Ubb.threads 2026-04-16 N/A
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
CVE-2004-2515 1 Vmware 1 Workstation 2026-04-16 N/A
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
CVE-2004-2519 1 Geeos Team 1 Gattaca Server 2003 2026-04-16 N/A
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
CVE-2004-2523 1 Openftpd 1 Openftpd Ftp Server 2026-04-16 N/A
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
CVE-2004-2525 1 S9y 1 Serendipity 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
CVE-1999-1306 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 9.1 and earlier does not properly handle extended IP access lists when the IP route cache is enabled and the "established" keyword is set, which could allow attackers to bypass filters.
CVE-2004-2527 1 Microsoft 2 Windows 2003 Server, Windows Xp 2026-04-16 N/A
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
CVE-2004-2528 1 Webcam Corp 1 Webcam Watchdog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
CVE-2004-2536 1 Linux 1 Linux Kernel 2026-04-16 N/A
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
CVE-2004-2538 1 Nilesh Dosooye 1 Phpcodegenie 2026-04-16 N/A
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.
CVE-1999-1307 1 Novell 1 Unixware 2026-04-16 N/A
Vulnerability in urestore in Novell UnixWare 1.1 allows local users to gain root privileges.
CVE-2004-2542 1 Dynix 1 Webpac 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.
CVE-2004-2544 1 Securecomputing 1 Sidewinder G2 2026-04-16 N/A
Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information.
CVE-1999-0084 1 Sun 1 Nfs 2026-04-16 8.4 High
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
CVE-2006-3062 1 Myphp Guestbook 1 Myphp Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in myPHP Guestbook 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2004-2552 1 Tim Mann 1 Xboard 2026-04-16 N/A
Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called from remote programs, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
CVE-2004-2558 1 Ibm 6 Tivoli Access Manager For E-business, Tivoli Access Manager Identity Manager Solution, Tivoli Configuration Manager and 3 more 2026-04-16 N/A
Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration Manager for Automated Teller Machines 2.1.0, and IBM WebSphere Everyplace Server, Service Provider Offering for Multi-platforms 2.1.3 to 2.15 allow remote attackers to hijack sessions of authenticated users via unknown attack vectors involving certain cookies, aka "Potential Credential Impersonation Attack."
CVE-2006-3071 1 Anton Belev 1 Mp3 Search Archive 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in MP3 Search/Archive 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) keywords parameter, as used by the "search box", and (2) res parameter.
CVE-1999-0087 1 Ibm 1 Aix 2026-04-16 N/A
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.