Export limit exceeded: 363090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (29948 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1932 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
CVE-2004-1937 1 Nuked-klan 1 Nuked-klan 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.
CVE-2004-1938 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
CVE-2004-1944 1 Qualcomm 1 Eudora 2026-04-16 N/A
Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.
CVE-2004-1945 1 Kinesphere Corporation 1 Exchange Pop3 2026-04-16 N/A
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field.
CVE-2004-1946 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.
CVE-2004-1947 1 Softwin 1 Bitdefender 2026-04-16 N/A
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
CVE-2004-1948 1 Ncftp Software 1 Ncftp 2026-04-16 N/A
NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list.
CVE-2004-1949 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module.
CVE-2004-1950 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.
CVE-2004-1951 1 Xine 3 Xine, Xine-lib, Xine-ui 2026-04-16 N/A
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
CVE-2004-1952 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-16 N/A
SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.
CVE-2004-1953 1 Phprofession 1 Phprofession 2026-04-16 N/A
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
CVE-2004-1954 1 Phprofession 1 Phprofession 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.
CVE-2004-2039 1 E107 1 E107 2026-04-16 N/A
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
CVE-2004-2040 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
CVE-2004-2041 1 E107 1 E107 2026-04-16 N/A
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
CVE-2004-2042 1 E107 1 E107 2026-04-16 N/A
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
CVE-2004-2043 2 Borland Software, Firebirdsql 3 Interbase, Interbase Superserver, Firebird 2026-04-16 N/A
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
CVE-2004-2044 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more 2026-04-16 N/A
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.