Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362815 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-1595 1 Codethat 1 Shoppingcart 2026-04-16 N/A
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
CVE-2005-1015 1 Mailenable 1 Imapd 2026-04-16 N/A
Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.
CVE-2004-1439 1 Sapporoworks 1 Black Jumbodog 2026-04-16 N/A
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
CVE-2004-1440 1 Putty 1 Putty 2026-04-16 N/A
Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication.
CVE-2004-1441 1 Board Power 1 Board Power 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.
CVE-2004-1442 1 Ibm 1 Net.data 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."
CVE-2004-1443 1 Horde 1 Imp 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
CVE-2004-1444 1 Roundup-tracker 1 Roundup 2026-04-16 N/A
Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.
CVE-2004-1445 1 Nessus 1 Nessus 2026-04-16 N/A
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
CVE-2004-1446 1 Juniper 1 Netscreen Screenos 2026-04-16 N/A
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
CVE-2004-1447 1 Jetbox 1 Jetbox One Cms 2026-04-16 N/A
Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information.
CVE-2004-1448 1 Jetbox 1 Jetbox One Cms 2026-04-16 N/A
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2026-04-16 N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2004-1450 1 Mozilla 1 Mozilla 2026-04-16 N/A
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
CVE-2004-1451 1 Mozilla 1 Mozilla 2026-04-16 N/A
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
CVE-2004-1452 1 Gentoo 1 Linux 2026-04-16 N/A
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts.
CVE-2004-1453 2 Gnu, Redhat 2 Glibc, Enterprise Linux 2026-04-16 N/A
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program.
CVE-2004-1454 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
CVE-2004-1455 1 Xine 1 Xine-lib 2026-04-16 N/A
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
CVE-2004-1459 1 Cisco 2 Secure Access Control Server, Secure Acs Solution Engine 2026-04-16 N/A
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests.