Export limit exceeded: 351395 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351395 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1557 | 1 Mywebserver | 1 Mywebserver | 2026-04-16 | N/A |
| MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html. | ||||
| CVE-2004-1558 | 1 Ypops | 1 Ypops | 2026-04-16 | N/A |
| Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request. | ||||
| CVE-2004-1559 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. | ||||
| CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | ||||
| CVE-2004-2666 | 1 Mantis | 1 Mantis | 2026-04-16 | N/A |
| Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | ||||
| CVE-2004-1561 | 1 Icecast | 1 Icecast | 2026-04-16 | N/A |
| Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. | ||||
| CVE-2004-1562 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. | ||||
| CVE-2004-1563 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. | ||||
| CVE-2004-2667 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2004-1564 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. | ||||
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2026-04-16 | N/A |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | ||||
| CVE-2004-2668 | 1 Interchange Development Group | 1 Interchange | 2026-04-16 | N/A |
| SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | ||||
| CVE-2005-0319 | 1 Alt-n | 1 Webadmin | 2026-04-16 | N/A |
| Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks. | ||||
| CVE-2004-1566 | 1 Silent-storm | 1 Silent-storm Portal | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter. | ||||
| CVE-2004-2671 | 1 Endonesia | 1 Endonesia | 2026-04-16 | N/A |
| mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters. | ||||
| CVE-2004-1567 | 1 Silent-storm | 1 Silent-storm Portal | 2026-04-16 | N/A |
| profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator. | ||||
| CVE-2004-2673 | 1 Argosoft | 1 Ftp Server | 2026-04-16 | N/A |
| Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument. | ||||
| CVE-2004-1568 | 1 Parachat | 1 Parachat Server | 2026-04-16 | N/A |
| Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL. | ||||
| CVE-2004-1569 | 1 Illustrate | 2 Dbpoweramp Audio Player, Dbpoweramp Music Converter | 2026-04-16 | N/A |
| Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields. | ||||
| CVE-2004-1570 | 1 Eaden Mckee | 1 Bblog | 2026-04-16 | N/A |
| SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||