Export limit exceeded: 367154 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367154 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-2171 1 Cherokee 1 Cherokee Httpd 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
CVE-2004-2172 1 Netsourcecommerce 1 Productcart 2026-04-16 7.5 High
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
CVE-2004-2173 1 Early Impact 1 Productcart 2026-04-16 N/A
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.
CVE-2004-2174 1 Early Impact 1 Productcart 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter.
CVE-2004-2175 1 All Enthusiast Inc 1 Reviewpost Php Pro 2026-04-16 N/A
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.
CVE-2004-2176 1 Microsoft 1 Windows Xp 2026-04-16 N/A
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
CVE-2004-2177 1 Devoybb 1 Devoybb Web Forum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-2178 1 Devoybb 1 Devoybb Web Forum 2026-04-16 N/A
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2179 1 Microsoft 2 Frontpage, Ie 2026-04-16 N/A
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
CVE-2004-2180 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.
CVE-2004-2181 1 Wowbb 1 Wowbb Web Forum 2026-04-16 N/A
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
CVE-2004-2182 1 Macromedia 1 Jrun 2026-04-16 N/A
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
CVE-2004-2183 1 Wehelpbus 1 Wehelpbus 2026-04-16 N/A
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.
CVE-2004-2184 1 Digicraft Software 1 Yak 2026-04-16 N/A
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
CVE-2004-2185 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
CVE-2004-2186 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
CVE-2004-2187 1 Mediawiki 1 Mediawiki 2026-04-16 N/A
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
CVE-2004-2188 1 Dmxready 1 Dmxready Site Chassis Manager 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-2189 1 Dmxready 1 Dmxready Site Chassis Manager 2026-04-16 N/A
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2190 1 Unzoo 1 Unzoo 2026-04-16 N/A
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.