Search Results (366296 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0008 3 Redhat, Rob Flynn, Ultramagnetic 4 Enterprise Linux, Linux, Gaim and 1 more 2026-04-16 N/A
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
CVE-2004-0050 1 Verity 1 Ultraseek 2026-04-16 N/A
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2026-04-16 N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
CVE-2004-0003 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Linux 2026-04-16 N/A
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
CVE-2004-0001 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
CVE-2004-0031 1 Phpgedview 1 Phpgedview 2026-04-16 N/A
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
CVE-2005-1016 1 Maxwebportal 1 Maxwebportal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL.
CVE-2005-1005 1 Profitcode 1 Payprocart 2026-04-16 N/A
ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.
CVE-2004-2548 1 Netwin 2 Surgemail, Webmail 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
CVE-2004-2532 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
CVE-2005-1003 1 Profitcode 1 Payprocart 2026-04-16 N/A
Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via .. (dot dot) sequences in the modID parameter.
CVE-2005-1002 1 Logics Software 1 Log-ft 2026-04-16 N/A
logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters.
CVE-2004-2516 1 Myserver 1 Myserver 2026-04-16 N/A
Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences.
CVE-2005-1001 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.
CVE-2004-2504 1 Alt-n 1 Mdaemon 2026-04-16 N/A
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
CVE-2001-0326 1 Oracle 2 Application Server, Oracle8i 2026-04-16 N/A
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
CVE-2004-2488 1 Nexgen 1 Nexgen Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
CVE-2004-2487 1 Nexgen 1 Nexgen Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands.
CVE-2000-0331 1 Microsoft 3 Terminal Server, Windows 2000, Windows Nt 2026-04-16 N/A
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
CVE-2004-2480 1 National Science Foundation 1 Squid Web Proxy Cache 2026-04-16 N/A
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.