Search Results (366310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2029 1 Trevor Hogan 1 Bnbt 2026-04-16 N/A
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
CVE-2004-2030 1 Liferay 1 Liferay Enterprise Portal 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject.
CVE-2004-2031 1 E107 1 E107 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields.
CVE-2004-2032 1 Netgear 1 Rp114 2026-04-16 N/A
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
CVE-2004-2033 1 Orenosv 1 Orenosv Http Ftp Server 2026-04-16 N/A
Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
CVE-2004-2034 1 Wildtangent 1 Webdriver 2026-04-16 N/A
Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.
CVE-2004-2035 1 Minishare 1 Minimal Http Server 2026-04-16 N/A
MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences.
CVE-2004-2036 1 Jportal 1 Jportal Web Portal 2026-04-16 N/A
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
CVE-2004-2037 1 Mollensoft Software 1 Lightweight Ftp Server 2026-04-16 N/A
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
CVE-2004-2038 1 Neocrome 1 Land Down Under 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php.
CVE-2004-2039 1 E107 1 E107 2026-04-16 N/A
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
CVE-2004-2040 1 E107 1 E107 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php.
CVE-2004-2041 1 E107 1 E107 2026-04-16 N/A
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
CVE-2004-2042 1 E107 1 E107 2026-04-16 N/A
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
CVE-2004-2043 2 Borland Software, Firebirdsql 3 Interbase, Interbase Superserver, Firebird 2026-04-16 N/A
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
CVE-2004-2044 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more 2026-04-16 N/A
PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
CVE-2004-2045 1 Conceptronic 1 Cadslr1 Adsl Router 2026-04-16 N/A
The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username.
CVE-2004-2046 1 Apc 1 Powerchute 2026-04-16 N/A
Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.
CVE-2004-2048 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
CVE-2004-2049 1 Esesix 7 Thintune Extreme, Thintune L, Thintune M and 4 more 2026-04-16 N/A
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access.