Export limit exceeded: 18570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1301 | 1 Xlreader | 1 Xlreader | 2026-04-16 | N/A |
| Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file. | ||||
| CVE-2004-2572 | 1 Amax Information Technologies | 1 Magic Winmail Server | 2026-04-16 | N/A |
| AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the netaddressbook.php web form, which reveals the path in an ldaplib.php error message when the ldap_search function fails, due to improper processing of the $keyword variable. | ||||
| CVE-2004-2573 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. | ||||
| CVE-2004-2574 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a calendar.uicalendar.planner menuaction. | ||||
| CVE-2004-2575 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message. | ||||
| CVE-2004-2576 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain sensitive information from these files. | ||||
| CVE-2004-2577 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess files, and possibly has other unknown impacts. | ||||
| CVE-2004-2578 | 1 Phpgroupware | 1 Phpgroupware | 2026-04-16 | N/A |
| phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords. | ||||
| CVE-2004-2579 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding." | ||||
| CVE-2004-2580 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors. | ||||
| CVE-2004-2581 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string." | ||||
| CVE-2004-1305 | 2 Microsoft, Nortel | 19 Windows 2000, Windows 2003 Server, Windows 98 and 16 more | 2026-04-16 | N/A |
| The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. | ||||
| CVE-2004-1308 | 2 Libtiff, Redhat | 2 Libtiff, Enterprise Linux | 2026-04-16 | N/A |
| Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. | ||||
| CVE-2004-1316 | 2 Mozilla, Redhat | 2 Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated. | ||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2026-04-16 | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | ||||
| CVE-2004-2587 | 1 Smartertools | 1 Smartermail | 2026-04-16 | N/A |
| login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow. | ||||
| CVE-2004-1087 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2026-04-16 | N/A |
| Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard Entry" is enabled even when it is not, which could result in a false sense of security for the user. | ||||
| CVE-2004-1086 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2026-04-16 | N/A |
| Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file. | ||||
| CVE-2005-0512 | 1 Mambo | 1 Mambo | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in Tar.php in Mambo 4.5.2 allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2004-1693. | ||||
| CVE-2005-0186 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port. | ||||