Export limit exceeded: 349441 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349441 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2602 | 1 Ubertec | 1 Help Center Live | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php. | ||||
| CVE-2004-2596 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address. | ||||
| CVE-2004-2597 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address. | ||||
| CVE-2004-2598 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used. | ||||
| CVE-2004-2599 | 1 Id Software | 1 Quake Ii Server | 2026-04-16 | N/A |
| Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon. | ||||
| CVE-2004-2601 | 1 Ubertec | 1 Help Center Live | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.php. | ||||
| CVE-2004-2604 | 1 Phproxy | 1 Phproxy | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter. | ||||
| CVE-2004-2605 | 1 Astats | 1 Astats | 2026-04-16 | N/A |
| aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files. | ||||
| CVE-2004-2606 | 1 Linksys | 2 Befsr41 V3, Wrt54g | 2026-04-16 | N/A |
| The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | ||||
| CVE-2004-2607 | 1 Linux | 1 Linux Kernel | 2026-04-16 | N/A |
| A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received as an int but cast to a short, which prevents a read loop from filling a buffer. | ||||
| CVE-2004-2609 | 1 Symantec | 1 Powerquest Deploycenter | 2026-04-16 | N/A |
| The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuffit /f:stuffit.dat" invocations, possibly due to a buffer overflow. | ||||
| CVE-2004-2624 | 1 Wackowiki | 1 Wackowiki | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. | ||||
| CVE-2004-2625 | 1 Outblaze | 1 Outblaze Email | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. | ||||
| CVE-2004-2626 | 1 Siemens | 1 S55 | 2026-04-16 | N/A |
| GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message. | ||||
| CVE-2004-2627 | 1 Sun | 1 J2me | 2026-04-16 | N/A |
| Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. | ||||
| CVE-2004-2628 | 1 Acme Labs | 1 Thttpd | 2026-04-16 | N/A |
| Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:"). | ||||
| CVE-2004-2630 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. | ||||
| CVE-2004-2631 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. | ||||
| CVE-2004-2632 | 1 Phpmyadmin | 1 Phpmyadmin | 2026-04-16 | N/A |
| phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables. | ||||
| CVE-2004-2633 | 1 Arjohn Kampman | 1 Sesame Rdf Container | 2026-04-16 | N/A |
| Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors. | ||||