Total
29753 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | ||||
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2025-04-03 | N/A |
| Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | ||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2025-04-03 | N/A |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | ||||
| CVE-2006-1794 | 1 Mambo | 1 Mambo | 2025-04-03 | N/A |
| SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function and (2) the $task parameter in the mosMenuCheck function in (a) includes/mambo.php; and (3) the $filter variable to the showCategory function in the com_content component (content.php). | ||||
| CVE-2004-1653 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | ||||
| CVE-2004-1658 | 1 Kerio | 1 Personal Firewall | 2025-04-03 | N/A |
| Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. | ||||
| CVE-2004-1663 | 5 Broadcom, Brocade, Engenio and 2 more | 6 Fabric Operating System, Silkworm, Silkworm Fiber Channel Switch and 3 more | 2025-04-03 | N/A |
| Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets. | ||||
| CVE-2004-1674 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2025-04-03 | N/A |
| viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter. | ||||
| CVE-2006-1808 | 1 Lifetype | 1 Lifetype | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Lifetype 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the show parameter in a Template operation. | ||||
| CVE-2004-1690 | 1 Rhinosoft | 1 Dns4me | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. | ||||
| CVE-2006-1815 | 1 Tritanium Scripts | 1 Tritanium Bulletin Board | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in register.php in Tritanium Bulletin Board (TBB) 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) newuser_realname and (2) newuser_icq parameters, a different vector than CVE-2006-1768. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | ||||
| CVE-2000-0731 | 1 Jeremy Arnold | 1 Worm Webserver | 2025-04-03 | N/A |
| Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack. | ||||
| CVE-2004-1708 | 1 Shawn Webb | 1 Webbsyte Chat | 2025-04-03 | N/A |
| Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. | ||||
| CVE-2004-1715 | 1 Clearswift | 1 Mimesweeper For Web | 2025-04-03 | N/A |
| Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. | ||||
| CVE-2006-1828 | 1 Php121 | 1 Php121 Instant Messenger | 2025-04-03 | N/A |
| SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php. NOTE: the code execution occurs because the SQL query results are used in an include statement. | ||||
| CVE-2004-1726 | 1 John Bradley | 1 Xv | 2025-04-03 | N/A |
| Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. | ||||
| CVE-2004-1727 | 1 Working Resources Inc. | 1 Badblue | 2025-04-03 | N/A |
| BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address. | ||||
| CVE-2004-1729 | 1 Nihuo Software | 1 Web Log Analyzer | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | ||||
| CVE-2006-1844 | 1 Debian | 2 Base-config, Shadow | 2025-04-03 | N/A |
| The Debian installer for the (1) shadow 4.0.14 and (2) base-config 2.53.10 packages includes sensitive information in world-readable log files, including preseeded passwords and pppoeconf passwords, which might allow local users to gain privileges. | ||||
| CVE-2004-1733 | 1 Mydms | 1 Mydms | 2025-04-03 | N/A |
| Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL. | ||||