Search Results (367183 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2475 1 Google 1 Toolbar 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability.
CVE-2004-2476 1 Microsoft 1 Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop and crash) via an IFRAME with "?" as the file source.
CVE-2004-2477 1 Diamondcs 1 Process Guard Free 2026-04-16 N/A
DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe.
CVE-2004-2478 3 Ca, Ibm, Jetty 3 Unicenter Web Services Distributed Management, Trading Partner Interchange, Jetty Http Server 2026-04-16 N/A
Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange before 4.2.4, (2) CA Unicenter Web Services Distributed Management (WSDM) before 3.11, and possibly other products, allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2004-2479 2 National Science Foundation, Redhat 2 Squid Web Proxy Cache, Enterprise Linux 2026-04-16 N/A
Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.
CVE-2004-2480 1 National Science Foundation 1 Squid Web Proxy Cache 2026-04-16 N/A
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.
CVE-2004-2481 1 Myproxy 1 Myproxy 2026-04-16 N/A
MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.
CVE-2004-2482 1 Microsoft 1 Outlook 2026-04-16 N/A
Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code.
CVE-2004-2483 1 Kerio 1 Winroute Firewall 2026-04-16 N/A
Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss).
CVE-2004-2484 1 Php Gift Registry 1 Phpgiftreg 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php.
CVE-2004-2485 1 Php Live 1 Php Live 2026-04-16 N/A
Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors.
CVE-2004-2486 1 Dropbear Ssh Project 1 Dropbear Ssh 2026-04-16 N/A
The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which might allow remote attackers to gain access.
CVE-2004-2487 1 Nexgen 1 Nexgen Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands.
CVE-2004-2496 1 Opentext 1 Opentext Firstclass 2026-04-16 N/A
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
CVE-2004-2488 1 Nexgen 1 Nexgen Ftp Server 2026-04-16 N/A
Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands.
CVE-2004-2489 1 Ibm 1 Informix Dynamic Server 2026-04-16 N/A
Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename.
CVE-2004-2490 1 Ibm 2 Informix Dynamic Server, Informix Extended Parallel Server 2026-04-16 N/A
Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable.
CVE-2004-2491 1 Opera 1 Opera Browser 2026-04-16 N/A
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
CVE-2004-2492 1 Hitachi 1 Groupmax World Wide Web Desktop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter.
CVE-2004-2493 1 Hitachi 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop 2026-04-16 N/A
Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter.