Export limit exceeded: 366301 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366301 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1650 1 D-link 1 Dcs-900 Internet Camera 2026-04-16 N/A
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
CVE-2004-1651 1 Brickhost 1 Phpscheduleit 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field.
CVE-2004-1652 1 Brickhost 1 Phpscheduleit 2026-04-16 N/A
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
CVE-2004-1653 1 Openbsd 1 Openssh 2026-04-16 N/A
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
CVE-2004-1654 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.
CVE-2004-1655 1 Phpwebsite 1 Phpwebsite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module.
CVE-2004-1656 1 Comersus Open Technologies 1 Comersus Cart 2026-04-16 N/A
CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.
CVE-2004-1657 1 Newtelligence 1 Dasblog 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers.
CVE-2004-1658 1 Kerio 1 Personal Firewall 2026-04-16 N/A
Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable.
CVE-2004-1659 1 Cutephp 1 Cutenews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter.
CVE-2004-1660 1 Cutephp 1 Cutenews 2026-04-16 N/A
PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.
CVE-2004-1661 1 Sitecubed 1 Mailworks Professional 2026-04-16 N/A
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
CVE-2004-1662 1 Yabb 1 Yabb 2026-04-16 N/A
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
CVE-2004-1663 5 Broadcom, Brocade, Engenio and 2 more 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more 2026-04-16 N/A
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
CVE-2004-2237 1 Moodle 1 Moodle 2026-04-16 N/A
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
CVE-2004-1664 1 Activision 2 Call Of Duty, Call Of Duty United Offensive 2026-04-16 N/A
Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430.
CVE-2004-1665 1 Psnews 1 Psnews 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter.
CVE-2004-1666 1 Cerulean Studios 1 Trillian 2026-04-16 N/A
Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.
CVE-2004-1667 1 Gearbox Software 1 Halo Combat Evolved 2026-04-16 N/A
Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response.
CVE-2004-1668 1 Easyweb 1 Factory Subjects Module 2026-04-16 N/A
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.