Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2074 1 Bolintech 1 Dream Ftp Server 2025-04-03 N/A
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
CVE-2004-2077 1 Nadeo 3 Game Engine, Trackmania, Virtual Skipper 2025-04-03 N/A
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.
CVE-2004-0475 1 Microsoft 1 Ie 2025-04-03 N/A
The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041.
CVE-2004-2087 1 Sandsurfer 1 Sandsurfer 2025-04-03 N/A
Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.
CVE-2004-2096 1 Mephistoles Internet Suite 1 Mephistoles Httpd 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL.
CVE-2004-2097 1 Suse 1 Suse Linux 2025-04-03 N/A
Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.
CVE-2004-2098 1 Native Solutions 1 Tbe Banner Engine 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.
CVE-2004-2106 1 Novell 1 Netware 2025-04-03 N/A
Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.
CVE-2004-2115 1 Oracle 1 Http Server 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request.
CVE-2004-2112 1 Herberlin 1 Bremsserver 2025-04-03 N/A
Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.
CVE-2004-2113 1 Herberlin 1 Bremsserver 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2003-0104 1 Peoplesoft 1 Peopletools 2025-04-03 N/A
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
CVE-2004-2114 1 Internetnow 1 Proxynow 2025-04-03 N/A
Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.
CVE-2003-0103 1 Nokia 1 6210 Handset 2025-04-03 N/A
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
CVE-2004-2117 1 Tinyserver 1 Tinyserver 2025-04-03 N/A
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version.
CVE-2004-2116 1 Tinyserver 1 Tinyserver 2025-04-03 N/A
Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.
CVE-2003-0101 3 Engardelinux, Usermin, Webmin 3 Guardian Digital Webtool, Usermin, Webmin 2025-04-03 N/A
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
CVE-2004-2124 1 Gallery Project 1 Gallery 2025-04-03 N/A
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
CVE-2004-2161 1 Tutos 1 Tutos 2025-04-03 N/A
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
CVE-2003-0098 2 Apcupsd, Debian 2 Apcupsd, Debian Linux 2025-04-03 N/A
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.