ReportizFlow
Filtered by vendor
Subscriptions
Total
29885 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1461 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2025-04-03 | N/A |
| Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. | ||||
| CVE-2004-1487 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2025-04-03 | N/A |
| wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite certain files via a redirection URL containing a ".." that resolves to the IP address of the malicious server, which bypasses wget's filtering for ".." sequences. | ||||
| CVE-2004-1492 | 1 Quicksilver | 1 Master Of Orion Iii | 2025-04-03 | N/A |
| Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation to fail. | ||||
| CVE-2004-1494 | 1 Kingsoft | 1 Xdict | 2025-04-03 | N/A |
| Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code via a long string. | ||||
| CVE-2004-1497 | 1 Minihttpserver.net | 1 Web Forums Server | 2025-04-03 | N/A |
| Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges. | ||||
| CVE-2004-1496 | 1 Minihttpserver.net | 1 Web Forums Server | 2025-04-03 | N/A |
| Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash). | ||||
| CVE-2004-1506 | 1 Webcalendar | 1 Webcalendar | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using img srg tags. | ||||
| CVE-2004-1517 | 1 Zonelabs | 1 Imsecure | 2025-04-03 | N/A |
| Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions. | ||||
| CVE-2002-1473 | 1 Hp | 1 Hp-ux | 2025-04-03 | N/A |
| Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.11 (11i) allow local users to cause a denial of service and possibly execute arbitrary code. | ||||
| CVE-2004-1538 | 1 Phpkit | 1 Phpkit | 2025-04-03 | N/A |
| SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2004-1532 | 1 Appserv Open Project | 1 Appserv | 2025-04-03 | N/A |
| AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access. | ||||
| CVE-2004-1550 | 1 Motorola | 1 Wr850g | 2025-04-03 | N/A |
| Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. | ||||
| CVE-2004-1563 | 1 W-agora | 1 W-agora | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. | ||||
| CVE-2004-1600 | 1 Coolphp | 1 Coolphp | 2025-04-03 | N/A |
| index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message. | ||||
| CVE-2004-1612 | 1 Saleslogix Corporation | 1 Saleslogix | 2025-04-03 | N/A |
| Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request. | ||||
| CVE-2004-1619 | 1 Akella | 1 Privateers Bounty Age Of Sail Ii | 2025-04-03 | N/A |
| Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname. | ||||
| CVE-2004-1624 | 1 Altiris | 1 Carbon Copy | 2025-04-03 | N/A |
| Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe). | ||||
| CVE-2002-1521 | 1 Mdg Computer Services | 1 Web Server 4d | 2025-04-03 | N/A |
| Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. | ||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2025-04-03 | N/A |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | ||||
| CVE-2002-1524 | 1 Nullsoft | 1 Winamp | 2025-04-03 | N/A |
| Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | ||||