Export limit exceeded: 20038 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362966 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362966 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1910 1 Symantec 1 Security Check Virus Detection 2026-04-16 N/A
rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged.
CVE-2004-1914 2 Francisco Burzi, Shiba-design 2 Php-nuke, Nukecalendar 2026-04-16 N/A
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter.
CVE-2004-1915 1 Lcdproc 1 Lcdproc 2026-04-16 N/A
Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments.
CVE-2004-1916 1 Lcdproc 1 Lcdproc 2026-04-16 N/A
Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.
CVE-2004-1917 1 Lcdproc 1 Lcdproc 2026-04-16 N/A
Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable.
CVE-2004-1918 1 Rsniff 1 Rsniff 2026-04-16 N/A
RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly.
CVE-2004-1919 1 Crackalaka 1 Crackalaka 2026-04-16 N/A
The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings.
CVE-2004-1920 1 X-micro 1 Wlan 11b Broadband Router Firmware 2026-04-16 N/A
X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access.
CVE-2004-1921 1 X-micro 1 Wlan 11b Broadband Router Firmware 2026-04-16 N/A
X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access.
CVE-2004-1922 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of service (memory consumption) via a small BMP file with has a large memory size.
CVE-2004-1923 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message.
CVE-2004-1924 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php.
CVE-2004-1925 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php.
CVE-2004-1928 1 Tiki 1 Tikiwiki Cms\/groupware 2026-04-16 N/A
The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL.
CVE-2004-1932 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter.
CVE-2004-1937 1 Nuked-klan 1 Nuked-klan 2026-04-16 N/A
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.
CVE-2004-1938 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php.
CVE-2004-1944 1 Qualcomm 1 Eudora 2026-04-16 N/A
Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.
CVE-2004-1945 1 Kinesphere Corporation 1 Exchange Pop3 2026-04-16 N/A
Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field.
CVE-2004-1946 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability.