Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2314 1 Novell 1 Ichain 2025-04-03 N/A
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.
CVE-2004-2315 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2025-04-03 N/A
Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.
CVE-2004-2321 1 Bea 1 Weblogic Server 2025-04-03 N/A
BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword.
CVE-2004-2322 1 Phpwebsite 1 Phpwebsite 2025-04-03 N/A
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module.
CVE-2004-2323 1 Dotnetnuke 1 Dotnetnuke 2025-04-03 N/A
DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config.
CVE-2004-2330 1 Macromedia 1 Coldfusion 2025-04-03 N/A
ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.
CVE-2004-2352 1 Martin Bauer 1 Gbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is not cleansed by PHP-Nuke.
CVE-2004-2341 1 Isearch 1 Isearch 2025-04-03 N/A
PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter.
CVE-2004-2350 1 Phpbb Group 1 Phpbb 2025-04-03 N/A
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
CVE-2004-2349 1 Tunez 1 Tunez 2025-04-03 N/A
Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries.
CVE-2004-2351 1 Martin Bauer 1 Gbook 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and (4) message, which do not use the <script> and <style> tags, which are filtered by PHP-Nuke.
CVE-2004-2357 1 Proofpoint 1 Proofpoint Protection Server 2025-04-03 N/A
The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.
CVE-2004-2360 1 Targem Games 1 Battle Mages 2025-04-03 N/A
Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent.
CVE-2004-2368 1 The Opt-x Project 1 Opt-x 2025-04-03 N/A
PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter.
CVE-2004-2369 1 Ibm 1 Lotus Domino 2025-04-03 N/A
Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.
CVE-2004-2370 1 Cerulean Studios 2 Trillian, Trillian Pro 2025-04-03 N/A
Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.
CVE-2004-2376 1 Twilight Utilities 1 Twilight Utilities Web Server 2025-04-03 N/A
Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a long attfile attribute.
CVE-2004-2378 1 Calacode 1 At Mail Webmail System 2025-04-03 N/A
@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.
CVE-2004-2387 2 Denis Sbragion, Peter Astrand 2 Sredird, Sercd 2025-04-03 N/A
Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code.
CVE-2004-2388 1 Ibm 1 Aix 2025-04-03 N/A
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.