Search Results (366897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1200 1 Mozilla 1 Firefox 2026-04-16 N/A
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
CVE-2004-1201 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
CVE-2004-1202 1 Phpcms 1 Phpcms 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
CVE-2004-1203 1 Phpcms 1 Phpcms 2026-04-16 N/A
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
CVE-2004-1204 1 Fluxbox-team 1 Fluxbot 2026-04-16 N/A
FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.
CVE-2004-1205 1 Pntresmailer 1 Pntresmailer 2026-04-16 N/A
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.
CVE-2004-1206 1 Pntresmailer 1 Pntresmailer 2026-04-16 N/A
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.
CVE-2004-1207 1 Serioussam 1 Seriousengine 2026-04-16 N/A
The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero.
CVE-2004-1208 1 21-6 Productions 1 Orbz 2026-04-16 N/A
Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request.
CVE-2004-1209 1 Verisign 1 Payflow Link 2026-04-16 N/A
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.
CVE-2004-1210 1 Ipcop 1 Ipcop 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables.
CVE-2004-1211 1 David Harris 1 Mercury 2026-04-16 N/A
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
CVE-2004-1212 1 Blog Torrent 1 Blog Torrent Preview 2026-04-16 N/A
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.
CVE-2004-1213 1 Advanced Guestbook 1 Advanced Guestbook 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
CVE-2004-1214 1 Burut 1 Kreed 2026-04-16 N/A
Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.
CVE-2004-1215 1 Burut 1 Kreed 2026-04-16 N/A
Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error.
CVE-2004-1216 1 Burut 1 Kreed 2026-04-16 N/A
The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game.
CVE-2004-1217 1 Hosting Controller 1 Hosting Controller 2026-04-16 N/A
Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp.
CVE-2004-1218 1 Ibex Software 1 Remote Execute 2026-04-16 N/A
Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.
CVE-2004-1219 1 Php Arena 1 Pafiledb 2026-04-16 N/A
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.