Search Results (366627 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0328 1 Gigabyte 1 Gn-b46b 2026-04-16 N/A
Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system.
CVE-2004-0329 1 Freechat 1 Freechat 2026-04-16 N/A
FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".
CVE-2004-0330 1 Solarwinds 1 Serv-u File Server 2026-04-16 N/A
Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticated users to execute arbitrary code via a long time zone argument to the MDTM command.
CVE-2004-0331 1 Dell 1 Openmanage 2026-04-16 N/A
Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable.
CVE-2004-0332 1 Extremail 1 Extremail 2026-04-16 N/A
Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.
CVE-2004-0333 4 Gentoo, Openpkg, Uudeview and 1 more 4 Linux, Openpkg, Uudeview and 1 more 2026-04-16 N/A
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
CVE-2004-0334 1 Innomedia 1 Innomedia Videophone 2026-04-16 N/A
InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error.
CVE-2004-0335 1 Software602 1 602pro Lan Suite 2026-04-16 N/A
LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.
CVE-2004-0336 1 Software602 1 602pro Lan Suite 2026-04-16 N/A
LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.
CVE-2004-0337 1 Software602 1 602pro Lan Suite 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future.
CVE-2004-0338 1 Invision Power Services 1 Invision Board 2026-04-16 N/A
SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter.
CVE-2004-0339 1 Phpbb Group 1 Phpbb 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter.
CVE-2004-0340 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.
CVE-2004-0341 1 Texas Imperial Software 1 Wftpd 2026-04-16 N/A
WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.
CVE-2004-0342 1 Wftpd Pro Server Project 1 Wftpd Pro Server 2026-04-16 5.5 Medium
WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.
CVE-2004-0343 1 Yabb 1 Yabb 2026-04-16 N/A
Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php.
CVE-2004-0344 1 Yabb 1 Yabb 2026-04-16 N/A
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
CVE-2004-0345 1 Volition 1 Red Faction 2026-04-16 N/A
Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name.
CVE-2004-0346 1 Proftpd 1 Proftpd 2026-04-16 7.8 High
Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command.
CVE-2004-0347 1 Netscreen 1 Netscreen-sa 5000 Series 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.