Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2175 1 All Enthusiast Inc 1 Reviewpost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.
CVE-2004-2176 1 Microsoft 1 Windows Xp 2026-04-16 N/A
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
CVE-2004-2177 1 Devoybb 1 Devoybb Web Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-2178 1 Devoybb 1 Devoybb Web Forum 2026-04-16 N/A
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2181 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVE-2004-2183 1 Wehelpbus 1 Wehelpbus 2026-04-16 N/A
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.
CVE-2004-2184 1 Digicraft Software 1 Yak 2026-04-16 N/A
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
CVE-2004-2189 1 Dmxready 1 Dmxready Site Chassis Manager 2026-04-16 N/A
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2196 1 Zanfi Solutions 1 Zanfi Cms Lite 2026-04-16 N/A
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
CVE-2004-2197 1 Kdocker 1 Kdocker 2026-04-16 N/A
kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.
CVE-2004-2198 1 Duware 1 Duclassmate 2026-04-16 N/A
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
CVE-2004-2199 1 Duware 1 Duclassified 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
CVE-2004-2200 1 Duware 1 Duforum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.
CVE-2004-2201 1 Duware 1 Duforum 2026-04-16 N/A
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
CVE-2004-2203 1 Ansel 1 Ansel 2026-04-16 N/A
Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories.
CVE-2004-2204 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
CVE-2004-2205 1 Symantec Veritas 1 Cluster Server 2026-04-16 N/A
Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.
CVE-2004-2206 1 Natterchat 1 Natterchat 2026-04-16 N/A
SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2208 1 Ideal Science 1 Idealbb 2026-04-16 N/A
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.
CVE-2004-2209 1 Ideal Science 1 Idealbb 2026-04-16 N/A
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.