Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0181 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device.
CVE-2004-1039 1 Sco 2 Openserver, Unixware 2025-04-03 N/A
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.
CVE-2004-2306 1 Sun 2 Solaris, Sunos 2025-04-03 N/A
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
CVE-2005-0885 1 Xmb Forum 1 Xmb 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.
CVE-2004-0998 1 Telnetd 2 Telnetd, Telnetd-ssl 2025-04-03 N/A
Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code.
CVE-2004-2318 1 Netwin 1 Surgeftp 2025-04-03 N/A
The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter.
CVE-2004-1345 1 Sun 3 Enterprise Storage Manager, Storedge 3310 Scsi Array, Storedge 3510 Fc Array 2025-04-03 N/A
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
CVE-2005-1005 1 Profitcode 1 Payprocart 2025-04-03 N/A
ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.
CVE-2004-1054 1 Ibm 1 Aix 2025-04-03 N/A
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
CVE-2004-2324 1 Dotnetnuke 1 Dotnetnuke 2025-04-03 N/A
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.
CVE-2004-2326 1 Ip3 Networks 3 Ip3 Netaccess, Ip3 Netaccess - Hospitality, Ip3 Netaccess - Wireless Hotspots 2025-04-03 N/A
SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.
CVE-2004-1055 2 Gentoo, Phpmyadmin 2 Linux, Phpmyadmin 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
CVE-2004-2328 1 Clearswift 1 Mailsweeper 2025-04-03 N/A
Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached.
CVE-2004-1057 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-04-03 N/A
Multiple drivers in Linux kernel 2.4.19 and earlier do not properly mark memory with the VM_IO flag, which causes incorrect reference counts and may lead to a denial of service (kernel panic) when accessing freed kernel pages.
CVE-2004-2194 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2025-04-03 N/A
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
CVE-2004-2329 1 Kerio 1 Personal Firewall 2025-04-03 N/A
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box.
CVE-2004-0986 4 Debian, Linux, Redhat and 1 more 4 Debian Linux, Linux Kernel, Fedora Core and 1 more 2025-04-03 N/A
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
CVE-2004-2334 1 Emumail 1 Emu Webmail 2025-04-03 N/A
Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page.
CVE-2004-0182 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2025-04-03 N/A
Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field.
CVE-2002-0461 1 Microsoft 1 Internet Explorer 2025-04-03 N/A
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.