Search Results (366303 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2057 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.
CVE-2004-2058 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.
CVE-2004-2059 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.
CVE-2004-2060 1 Xlinesoft 1 Asprunner 2026-04-16 N/A
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.
CVE-2004-2061 1 Risearch 2 Risearch, Risearch Pro 2026-04-16 9.8 Critical
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
CVE-2004-2062 1 Antiboard 1 Antiboard 2026-04-16 N/A
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.
CVE-2004-2063 1 Antiboard 1 Antiboard 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.
CVE-2004-2064 1 Verylost 1 Lostbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.
CVE-2004-2065 1 Daniel Barron 1 Dansguardian 2026-04-16 N/A
DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
CVE-2004-2066 1 Linpha 1 Linpha 2026-04-16 N/A
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
CVE-2004-2067 1 Jaws 1 Jaws 2026-04-16 N/A
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
CVE-2004-2068 1 Leafnode 1 Leafnode 2026-04-16 N/A
fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.
CVE-2004-2069 2 Openbsd, Redhat 2 Openssh, Enterprise Linux 2026-04-16 N/A
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
CVE-2004-2070 1 Altiris 1 Client Service 2026-04-16 N/A
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
CVE-2004-1847 1 Expinion.net 1 News Manager Lite 2026-04-16 N/A
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
CVE-2004-1848 2 Ipswitch, Progress 2 Ws Ftp Server, Ws Ftp Server 2026-04-16 N/A
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
CVE-2004-1849 1 Cpanel 1 Cpanel 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html.
CVE-2004-1626 1 Code-crafters 1 Ability Server 2026-04-16 N/A
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
CVE-2004-1627 1 Code-crafters 1 Ability Server 2026-04-16 N/A
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
CVE-2004-1628 1 Pizzashack 1 Rssh 2026-04-16 N/A
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.