Search Results (29815 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2477 1 Diamondcs 1 Process Guard Free 2025-04-03 N/A
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
CVE-2005-4352 2 Linux, Netbsd 2 Linux Kernel, Netbsd 2025-04-03 N/A
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
CVE-2001-1490 1 Mozilla 1 Mozilla 2025-04-03 N/A
Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.
CVE-2004-2481 1 Myproxy 1 Myproxy 2025-04-03 N/A
MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.
CVE-2005-4353 1 Toenda Software Development 1 Toendacms 2025-04-03 N/A
SQL injection vulnerability in index.php in toendaCMS 0.6.2.1, when configured to use a SQL database, allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2004-2492 1 Hitachi 1 Groupmax World Wide Web Desktop 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
CVE-2004-2494 1 Code-crafters 1 Ability Mail Server 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter.
CVE-2004-2495 1 Code-crafters 1 Ability Mail Server 2025-04-03 N/A
The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.
CVE-2005-4356 1 Xmpie 1 Ustore 2025-04-03 N/A
SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2004-2498 1 Hitachi 2 Web Page Generator, Web Page Generator Enterprise 2025-04-03 N/A
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors.
CVE-2004-2499 1 Hitachi 2 Web Page Generator, Web Page Generator Enterprise 2025-04-03 N/A
Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."
CVE-2004-2503 1 Inweb 1 Mail Server 2025-04-03 N/A
INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services.
CVE-2005-4362 1 Komodo 1 Komodo Cms 2025-04-03 N/A
SQL injection vulnerability in page.php in Komodo CMS 2.1 allows remote attackers to execute arbitrary SQL commands via the page parameter.
CVE-2004-2512 1 Codeworx Technologies 1 Dcp-portal 2025-04-03 N/A
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
CVE-2004-2514 1 Powerportal 1 Powerportal 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.
CVE-2004-2515 1 Vmware 1 Workstation 2025-04-03 N/A
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
CVE-2004-2524 1 Whm Autopilot 1 Whm Autopilot 2025-04-03 N/A
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
CVE-2004-2526 1 Ibm 1 Tivoli Directory Server 2025-04-03 N/A
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
CVE-2005-4363 1 Komodo 1 Komodo Cms 2025-04-03 N/A
Cross-site scripting (XSS) vulnerability in the search engine in Komodo CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters.
CVE-2006-0965 1 Ncp Network Communications 1 Secure Client 2025-04-03 N/A
NCP Network Communication Secure Client 8.11 Build 146, and possibly other versions, allows local users to bypass security protections and configure privileged options via a long argument to ncpmon.exe, which provides access to alternate privileged menus, possibly due to a buffer overflow.