Export limit exceeded: 366936 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366936 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1556 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time.
CVE-2004-1557 1 Mywebserver 1 Mywebserver 2026-04-16 N/A
MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.
CVE-2004-1558 1 Ypops 1 Ypops 2026-04-16 N/A
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
CVE-2004-1559 1 Wordpress 1 Wordpress 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
CVE-2004-1560 1 Microsoft 1 Sql Server 2026-04-16 N/A
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
CVE-2004-1561 1 Icecast 1 Icecast 2026-04-16 N/A
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
CVE-2004-1562 1 W-agora 1 W-agora 2026-04-16 N/A
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
CVE-2004-1563 1 W-agora 1 W-agora 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php.
CVE-2004-1564 1 W-agora 1 W-agora 2026-04-16 N/A
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter.
CVE-2004-1565 1 W-agora 1 W-agora 2026-04-16 N/A
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
CVE-2004-1566 1 Silent-storm 1 Silent-storm Portal 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.
CVE-2004-1567 1 Silent-storm 1 Silent-storm Portal 2026-04-16 N/A
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.
CVE-2004-1568 1 Parachat 1 Parachat Server 2026-04-16 N/A
Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
CVE-2004-1569 1 Illustrate 2 Dbpoweramp Audio Player, Dbpoweramp Music Converter 2026-04-16 N/A
Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields.
CVE-2004-1570 1 Eaden Mckee 1 Bblog 2026-04-16 N/A
SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.
CVE-2004-1571 1 Aj-fork 1 Aj-fork 2026-04-16 N/A
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message.
CVE-2004-1572 1 Aj-fork 1 Aj-fork 2026-04-16 N/A
AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request.
CVE-2004-1573 2 Aj-fork, Cutephp 2 Aj-fork, Cutenews 2026-04-16 N/A
The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.
CVE-2004-1574 1 Vypress 1 Vypres Messenger 2026-04-16 N/A
Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field.
CVE-2004-1575 1 Apache 1 Xerces-c\+\+ 2026-04-16 N/A
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.