ReportizFlow
Filtered by vendor
Subscriptions
Total
29902 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1099 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2026-04-16 | N/A |
| Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. | ||||
| CVE-2004-1101 | 1 Tips | 1 Mailpost | 2026-04-16 | N/A |
| mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. | ||||
| CVE-2004-1104 | 1 Microsoft | 1 Ie | 2026-04-16 | N/A |
| Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | ||||
| CVE-2004-1105 | 1 Nortel | 1 Contivity | 2026-04-16 | N/A |
| Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | ||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | ||||
| CVE-2004-1116 | 1 Gentoo | 1 Linux | 2026-04-16 | N/A |
| The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | ||||
| CVE-2004-1117 | 1 Gentoo | 1 Linux | 2026-04-16 | N/A |
| The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | ||||
| CVE-2004-1123 | 1 Apple | 4 Darwin Streaming Server, Mac Os X, Mac Os X Server and 1 more | 2026-04-16 | N/A |
| Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | ||||
| CVE-2004-1131 | 1 Sco | 1 Openserver | 2026-04-16 | N/A |
| Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments. | ||||
| CVE-2004-1134 | 1 Microsoft | 1 W3who.dll | 2026-04-16 | N/A |
| Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. | ||||
| CVE-2004-1135 | 1 Ipswitch | 1 Ws Ftp Server | 2026-04-16 | N/A |
| Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | ||||
| CVE-2004-1136 | 1 Globalscape | 1 Cuteftp | 2026-04-16 | N/A |
| Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | ||||
| CVE-2004-1145 | 7 Altlinux, Conectiva, Debian and 4 more | 9 Alt Linux, Linux, Debian Linux and 6 more | 2026-04-16 | N/A |
| Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files. | ||||
| CVE-2004-1146 | 1 Cvstrac | 1 Cvstrac | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. | ||||
| CVE-2004-1154 | 4 Redhat, Samba, Suse and 1 more | 5 Enterprise Linux, Fedora Core, Samba and 2 more | 2026-04-16 | N/A |
| Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | ||||
| CVE-2004-1156 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2026-04-16 | N/A |
| Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | ||||
| CVE-2004-1161 | 2 Gentoo, Rssh | 2 Linux, Rssh | 2026-04-16 | N/A |
| rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. | ||||
| CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2026-04-16 | N/A |
| The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | ||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2026-04-16 | N/A |
| KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | ||||
| CVE-2004-1184 | 4 Gnu, Redhat, Sgi and 1 more | 5 Enscript, Enterprise Linux, Fedora Core and 2 more | 2026-04-16 | N/A |
| The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters. | ||||