Export limit exceeded: 25548 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366291 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1799 1 Openbsd 1 Openbsd 2026-04-16 N/A
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
CVE-2004-1800 1 Sysbotz 1 Simpledata 2026-04-16 N/A
Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie.
CVE-2004-1801 1 Pwebserver 1 Pwebserver Web Server 2026-04-16 N/A
Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2004-1802 1 Lionmax Software 1 Chat Anywhere 2026-04-16 N/A
Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.
CVE-2004-1804 1 Invicta 1 Wmcam Server 2026-04-16 N/A
wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command.
CVE-2004-1805 1 Epic Games 1 Unreal Engine 2026-04-16 N/A
Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names.
CVE-2004-1806 1 Dogpatch Software 1 Cfwebstore 2026-04-16 N/A
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters.
CVE-2004-1807 1 Dogpatch Software 1 Cfwebstore 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2004-1808 1 Metamail Corporation 1 Metamail 2026-04-16 N/A
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2004-1809 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php.
CVE-2004-1810 1 Opera 1 Opera Browser 2026-04-16 N/A
The Javascript engine in Opera 7.23 allows remote attackers to cause a denial of service (crash) by creating a new Array object with a large size value, then writing into that array.
CVE-2004-1811 1 Hp 1 Ssl Http Server 2026-04-16 N/A
The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.
CVE-2004-1812 1 Broadcom 1 Unicenter Tng 2026-04-16 N/A
Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.
CVE-2004-1813 1 Vocaltec 1 Vgw4 8 Telephony Gateway 2026-04-16 N/A
VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/).
CVE-2004-1814 1 Vocaltec 1 Vgw4 8 Telephony Gateway 2026-04-16 N/A
Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allows remote attackers to read protected files via .. (dot dot) sequences in an HTTP request, as demonstrated using home.asp.
CVE-2004-1815 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2026-04-16 N/A
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1816 2 Macromedia, Sun 3 Coldfusion, Jrun, One Application Server 2026-04-16 N/A
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
CVE-2004-1817 1 Francisco Burzi 1 Php-nuke 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field.
CVE-2004-1818 1 Warpspeed 1 4nalbum Module 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.
CVE-2004-1819 1 Warpspeed 1 4nalbum Module 2026-04-16 N/A
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.