ReportizFlow
Filtered by vendor
Subscriptions
Total
29916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0660 | 1 Cutephp | 1 Cutenews | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter. | ||||
| CVE-2004-0662 | 1 Powerportal | 1 Powerportal | 2026-04-16 | N/A |
| PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message. | ||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2026-04-16 | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | ||||
| CVE-2004-0848 | 1 Microsoft | 6 Office, Powerpoint, Project and 3 more | 2026-04-16 | N/A |
| Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. | ||||
| CVE-2004-0891 | 5 Gentoo, Redhat, Rob Flynn and 2 more | 5 Linux, Enterprise Linux, Gaim and 2 more | 2026-04-16 | N/A |
| Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. | ||||
| CVE-2004-0903 | 4 Conectiva, Mozilla, Redhat and 1 more | 9 Linux, Mozilla, Thunderbird and 6 more | 2026-04-16 | N/A |
| Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | ||||
| CVE-2004-0913 | 1 Ecartis | 1 Ecartis | 2026-04-16 | N/A |
| Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration. | ||||
| CVE-2004-0914 | 6 Gentoo, Lesstif, Redhat and 3 more | 8 Linux, Lesstif, Enterprise Linux and 5 more | 2026-04-16 | N/A |
| Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions. | ||||
| CVE-2004-0919 | 1 Freebsd | 1 Freebsd | 2026-04-16 | N/A |
| The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates. | ||||
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2026-04-16 | N/A |
| process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | ||||
| CVE-2004-1819 | 1 Warpspeed | 1 4nalbum Module | 2026-04-16 | N/A |
| 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message. | ||||
| CVE-2004-1843 | 1 Expinion.net | 1 Member Management System | 2026-04-16 | N/A |
| SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp. | ||||
| CVE-2004-1847 | 1 Expinion.net | 1 News Manager Lite | 2026-04-16 | N/A |
| News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. | ||||
| CVE-2004-1910 | 1 Symantec | 1 Security Check Virus Detection | 2026-04-16 | N/A |
| rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged. | ||||
| CVE-2004-1911 | 1 Azerbaijan Development Group | 1 Azdgdating | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. | ||||
| CVE-2004-1929 | 1 Francisco Burzi | 1 Php-nuke | 2026-04-16 | N/A |
| SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | ||||
| CVE-2004-1948 | 1 Ncftp Software | 1 Ncftp | 2026-04-16 | N/A |
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | ||||
| CVE-2004-1950 | 1 Phpbb Group | 1 Phpbb | 2026-04-16 | N/A |
| phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | ||||
| CVE-2004-1971 | 1 Oscar Fafian | 1 Video Gallery | 2026-04-16 | N/A |
| modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | ||||
| CVE-2004-1986 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2026-04-16 | N/A |
| Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. | ||||