Export limit exceeded: 20127 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (362966 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1864 | 1 Xmb Forum | 1 Xmb | 2026-04-16 | N/A |
| SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. | ||||
| CVE-2004-1865 | 1 Bblog | 1 Bblog | 2026-04-16 | 4.8 Medium |
| Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability. | ||||
| CVE-2004-1866 | 1 Nstx | 1 Ip Over Dns Utility | 2026-04-16 | N/A |
| nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a denial of service (crash) via a large packet, which triggers a null dereference. | ||||
| CVE-2004-1868 | 1 Esignal | 1 Esignal | 2026-04-16 | N/A |
| Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag. | ||||
| CVE-2004-1869 | 1 Nival Interactive | 2 Etherlords, Etherlords Ii | 2026-04-16 | N/A |
| Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory. | ||||
| CVE-2004-1870 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php. | ||||
| CVE-2004-1871 | 1 Photopost | 1 Photopost Php Pro | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. | ||||
| CVE-2004-1875 | 1 Cpanel | 1 Cpanel | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. | ||||
| CVE-2004-1883 | 1 Progress | 1 Ws Ftp Server | 2026-04-16 | N/A |
| Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. | ||||
| CVE-2004-1884 | 2 Ipswitch, Progress | 3 Ws Ftp Pro, Ws Ftp Server, Ws Ftp Server | 2026-04-16 | N/A |
| Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. | ||||
| CVE-2004-1885 | 1 Progress | 1 Ws Ftp Server | 2026-04-16 | N/A |
| Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. | ||||
| CVE-2004-1887 | 1 Ada | 1 Imgsvr | 2026-04-16 | N/A |
| Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null). | ||||
| CVE-2004-1889 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. | ||||
| CVE-2004-1890 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. | ||||
| CVE-2004-1891 | 1 Sgi | 1 Irix | 2026-04-16 | N/A |
| The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. | ||||
| CVE-2004-1892 | 1 Emule | 1 Emule | 2026-04-16 | N/A |
| Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. | ||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2026-04-16 | N/A |
| Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | ||||
| CVE-2004-1894 | 1 Pragma Ade | 1 Context | 2026-04-16 | N/A |
| TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log. | ||||
| CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2026-04-16 | N/A |
| YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | ||||
| CVE-2004-1901 | 1 Gentoo | 2 Linux, Portage | 2026-04-16 | 5.5 Medium |
| Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | ||||