Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1674 2 Icewarp, Merak 2 Web Mail, Mail Server 2026-04-16 N/A
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
CVE-2004-1677 1 Logicnow 1 Perldesk 2026-04-16 N/A
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.
CVE-2004-1678 1 Logicnow 1 Perldesk 2026-04-16 N/A
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
CVE-2004-1679 1 Jigunet 2 Twinftp Enterprise, Twinftp Standard 2026-04-16 N/A
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
CVE-2004-1680 1 Pingtel 1 Xpressa 2026-04-16 N/A
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
CVE-2004-1681 1 Qnx 2 Photon Microgui, Rtp 2026-04-16 N/A
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
CVE-2004-1704 1 Wire Plastic Design 1 Wpquiz 2026-04-16 N/A
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
CVE-2004-1705 1 Citadel 1 Ux 2026-04-16 N/A
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
CVE-2004-1706 1 U.s.robotics 1 Usr808054 2026-04-16 N/A
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
CVE-2004-1707 1 Oracle 5 Application Server, Application Server Portal, Database Server Lite and 2 more 2026-04-16 N/A
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
CVE-2004-1708 1 Shawn Webb 1 Webbsyte Chat 2026-04-16 N/A
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.
CVE-2004-1709 1 Datakey 1 Rainbow Ikey2032 Usb Token 2026-04-16 N/A
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
CVE-2004-1710 1 Andrew Kilpatrick 1 Page Cgi 2026-04-16 N/A
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
CVE-2004-1711 1 Moodle 1 Moodle 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
CVE-2004-1712 1 Typepad 1 Typepad 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.
CVE-2004-1757 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
CVE-2004-1758 1 Bea 1 Weblogic Server 2026-04-16 N/A
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
CVE-2004-1775 1 Cisco 2 Catos, Ios 2026-04-16 N/A
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
CVE-2004-1776 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard.
CVE-2004-1779 1 Thwboard 1 Thwboard Beta 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.