Total
29737 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0208 | 1 Microsoft | 4 Windows 2000, Windows 2003 Server, Windows Nt and 1 more | 2025-04-03 | N/A |
| The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | ||||
| CVE-2004-0242 | 1 Qualiteam | 1 X-cart | 2025-04-03 | N/A |
| X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | ||||
| CVE-2004-0236 | 1 Steelid | 1 Thephototool | 2025-04-03 | N/A |
| SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field. | ||||
| CVE-2004-0237 | 1 Aprox Portal | 1 Aprox Portal | 2025-04-03 | N/A |
| Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter. | ||||
| CVE-2004-0239 | 1 Photopost | 1 Photopost Php Pro | 2025-04-03 | N/A |
| SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | ||||
| CVE-2004-0240 | 1 Qualiteam | 1 X-cart | 2025-04-03 | N/A |
| Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php. | ||||
| CVE-2004-0241 | 1 Qualiteam | 1 X-cart | 2025-04-03 | N/A |
| X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | ||||
| CVE-2004-0264 | 2 Jim Rees, Shaun2k2 | 2 Jim Rees Httpd, Palmhttpd | 2025-04-03 | N/A |
| palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. | ||||
| CVE-2004-0265 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules. | ||||
| CVE-2004-0266 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter. | ||||
| CVE-2004-0268 | 1 Evolutionx | 1 Evolutionx | 2025-04-03 | N/A |
| Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server. | ||||
| CVE-2004-0269 | 1 Francisco Burzi | 1 Php-nuke | 2025-04-03 | N/A |
| SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module. | ||||
| CVE-2004-0270 | 1 Clam Anti-virus | 1 Clamav | 2025-04-03 | N/A |
| libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | ||||
| CVE-2004-0311 | 1 Apc | 1 Ap9606 | 2025-04-03 | N/A |
| American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access. | ||||
| CVE-2004-0314 | 1 Freewebs | 1 Webzedit | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 and earlier allows remote attackers to execute arbitrary script as other users via the message parameter. | ||||
| CVE-2004-0315 | 1 Avirt | 1 Voice | 2025-04-03 | N/A |
| Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long GET request on port 1080. | ||||
| CVE-2004-0317 | 1 Platform | 1 Lsf | 2025-04-03 | N/A |
| Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x allows local users or remote attackers within the LSF cluster to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long LSF_From_PC parameter. | ||||
| CVE-2004-0318 | 1 Platform | 1 Lsf | 2025-04-03 | N/A |
| Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges. | ||||
| CVE-2004-0338 | 1 Invision Power Services | 1 Invision Board | 2025-04-03 | N/A |
| SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter. | ||||
| CVE-2004-0339 | 1 Phpbb Group | 1 Phpbb | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. | ||||