Search Results (367171 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2505 1 Macromedia 1 Coldfusion 2026-04-16 N/A
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
CVE-2004-2506 1 Wikindx 1 Wikindx 2026-04-16 N/A
Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.
CVE-2004-2074 1 Bolintech 1 Dream Ftp Server 2026-04-16 N/A
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
CVE-2004-2075 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.
CVE-2004-2076 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
CVE-2004-2077 1 Nadeo 3 Game Engine, Trackmania, Virtual Skipper 2026-04-16 N/A
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.
CVE-2004-2078 1 Red-m 1 Red-alert 2026-04-16 N/A
Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.
CVE-2004-2079 1 Red-m 1 Red-alert 2026-04-16 N/A
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
CVE-2004-2080 1 Red-m 1 Red-alert 2026-04-16 N/A
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
CVE-2004-2081 1 Karjasoft 1 Sami Ftp Server 2026-04-16 N/A
The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file.
CVE-2004-2082 1 Karjasoft 1 Sami Ftp Server 2026-04-16 N/A
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
CVE-2004-2083 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
CVE-2004-2084 1 Jshop E-commerce 2 Jshop Professional, Jshop Server 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.
CVE-2004-2085 1 Brad Fears 1 Phpcodecabinet 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.
CVE-2004-2086 1 Sambar 1 Sambar Server 2026-04-16 N/A
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
CVE-2004-2087 1 Sandsurfer 1 Sandsurfer 2026-04-16 N/A
Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.
CVE-2004-2088 1 Sophos 1 Sophos Anti-virus 2026-04-16 N/A
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
CVE-2004-2089 1 Matrix 1 Matrix Ftp Server 2026-04-16 N/A
Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command.
CVE-2004-2098 1 Native Solutions 1 Tbe Banner Engine 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.
CVE-2004-2090 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.