Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0711 1 Bea 1 Weblogic Server 2026-04-16 N/A
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
CVE-2004-0713 1 Bea 1 Weblogic Server 2026-04-16 N/A
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
CVE-2004-0716 1 Hp 1 Hp-ux 2026-04-16 N/A
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
CVE-2004-0717 3 Linux, Microsoft, Opera 3 Linux Kernel, Windows, Opera Browser 2026-04-16 N/A
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0718 4 Firebirdsql, Mozilla, Netscape and 1 more 4 Firebird, Mozilla, Navigator and 1 more 2026-04-16 N/A
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0719 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0720 1 Apple 1 Safari 2026-04-16 N/A
Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0721 2 Kde, Redhat 2 Konqueror, Enterprise Linux 2026-04-16 N/A
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
CVE-2004-0722 3 Mozilla, Netscape, Redhat 3 Mozilla, Navigator, Enterprise Linux 2026-04-16 N/A
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
CVE-2004-0728 1 Microsoft 1 Systems Management Server 2026-04-16 N/A
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
CVE-2004-0724 1 Valve Software 2 Half-life, Half-life Dedicated Server 2026-04-16 N/A
The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.
CVE-2004-0725 1 Moodle 1 Moodle 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2004-0727 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
CVE-2004-0729 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
CVE-2004-0730 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
CVE-2004-0732 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
CVE-2004-0733 1 Ollydbg 1 Ollydbg 2026-04-16 N/A
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
CVE-2004-0734 1 Extropia 1 Extropia Webstore 2026-04-16 N/A
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
CVE-2004-0736 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
CVE-2004-0737 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.