Export limit exceeded: 20038 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362962 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1951 1 Xine 3 Xine, Xine-lib, Xine-ui 2026-04-16 N/A
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link.
CVE-2004-1952 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-16 N/A
SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.
CVE-2004-1953 1 Phprofession 1 Phprofession 2026-04-16 N/A
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.
CVE-2004-1954 1 Phprofession 1 Phprofession 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter.
CVE-2004-1956 1 Postnuke Software Foundation 1 Postnuke 2026-04-16 N/A
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
CVE-2004-1960 1 Protector System 1 Protector System 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters.
CVE-2004-1966 1 Openbb 1 Openbb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php.
CVE-2004-1967 1 Openbb 1 Openbb 2026-04-16 8.8 High
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link.
CVE-2004-1970 1 Securecomputing 1 Smartether Ss6215s Switch 2026-04-16 N/A
Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message.
CVE-2004-1979 1 Props 1 Props 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter.
CVE-2004-1981 1 Businessobjects 2 Crystal Enterprise, Crystal Reports 2026-04-16 N/A
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
CVE-2004-1984 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
CVE-2004-1986 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter.
CVE-2004-1987 2 Coppermine, Francisco Burzi 2 Coppermine Photo Gallery, Php-nuke 2026-04-16 N/A
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters.
CVE-2004-1995 1 Fusetalk 1 Fusetalk 2026-04-16 6.5 Medium
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.
CVE-2004-2005 1 Qualcomm 1 Eudora 2026-04-16 N/A
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
CVE-2004-2007 1 Adam Webb 1 Nukejokes 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function.
CVE-2004-2010 1 Phpshop 1 Phpshop 2026-04-16 N/A
PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg.
CVE-2004-2012 3 Netbsd, Niels, Vladimir Kotal 3 Netbsd, Provos Systrace, Systrace Port For Freebsd 2026-04-16 N/A
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
CVE-2004-2014 2 Gnu, Redhat 2 Wget, Enterprise Linux 2026-04-16 N/A
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.