ReportizFlow
Filtered by vendor
Subscriptions
Total
29909 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-1466 | 1 Gallery Project | 1 Gallery | 2026-04-16 | N/A |
| The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. | ||||
| CVE-2004-1484 | 1 Socat | 1 Socat | 2026-04-16 | N/A |
| Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message. | ||||
| CVE-2002-0790 | 1 Ibm | 1 Aix | 2026-04-16 | N/A |
| clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges. | ||||
| CVE-2004-1498 | 1 Webhost Automation | 1 Helm Control Panel | 2026-04-16 | N/A |
| SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter. | ||||
| CVE-2003-0083 | 2 Apache, Redhat | 4 Http Server, Linux, Rhel Stronghold and 1 more | 2026-04-16 | N/A |
| Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020. | ||||
| CVE-2004-1505 | 1 Salims Softhouse | 1 Jaf Cms | 2026-04-16 | N/A |
| Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show parameter. | ||||
| CVE-2004-1473 | 1 Symantec | 12 Firewall Vpn Appliance 100, Firewall Vpn Appliance 200, Firewall Vpn Appliance 200r and 9 more | 2026-04-16 | N/A |
| Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filtering and determine whether the device is running services such as tftpd, snmpd, or isakmp via a UDP port scan with a source port of UDP 53. | ||||
| CVE-2004-1530 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2026-04-16 | N/A |
| SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters. | ||||
| CVE-2004-1542 | 1 Raven Software | 1 Soldier Of Fortune | 2026-04-16 | N/A |
| Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply. | ||||
| CVE-2004-1551 | 1 Php Arena | 1 Pafiledb | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter. | ||||
| CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2026-04-16 | N/A |
| Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | ||||
| CVE-2004-1567 | 1 Silent-storm | 1 Silent-storm Portal | 2026-04-16 | N/A |
| profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator. | ||||
| CVE-2004-1570 | 1 Eaden Mckee | 1 Bblog | 2026-04-16 | N/A |
| SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter. | ||||
| CVE-2004-1573 | 2 Aj-fork, Cutephp | 2 Aj-fork, Cutenews | 2026-04-16 | N/A |
| The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator. | ||||
| CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2026-04-16 | N/A |
| CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | ||||
| CVE-2004-1590 | 1 Clientexec | 1 Clientexec | 2026-04-16 | N/A |
| Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function. | ||||
| CVE-2004-1591 | 1 Micronet | 1 Sp916bm | 2026-04-16 | N/A |
| The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. | ||||
| CVE-2004-1606 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | ||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2026-04-16 | N/A |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | ||||
| CVE-2004-1618 | 1 Vypress | 1 Tonecast | 2026-04-16 | N/A |
| Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream. | ||||