Export limit exceeded: 366692 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 366692 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366692 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-0576 1 Gnu 1 Radius 2026-04-16 N/A
The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID.
CVE-2004-0577 1 Qbik 1 Wingate 2026-04-16 N/A
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
CVE-2004-0578 1 Qbik 1 Wingate 2026-04-16 N/A
WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
CVE-2004-0579 2 Debian, William Deich 2 Debian Linux, Super 2026-04-16 N/A
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.
CVE-2004-0580 1 Linksys 12 Befcmu10, Befn2ps4, Befsr11 and 9 more 2026-04-16 N/A
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
CVE-2004-0581 2 Gnu, Mandrakesoft 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server 2026-04-16 N/A
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
CVE-2004-0582 1 Webmin 1 Webmin 2026-04-16 N/A
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.
CVE-2004-0583 3 Debian, Usermin, Webmin 3 Debian Linux, Usermin, Webmin 2026-04-16 N/A
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords.
CVE-2004-0584 1 Horde 1 Imp 2026-04-16 N/A
Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability.
CVE-2004-0586 1 Ibm 1 Acprunner 2026-04-16 N/A
acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods.
CVE-2004-0587 3 Mandrakesoft, Redhat, Suse 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more 2026-04-16 N/A
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
CVE-2004-0588 1 Usermin 1 Usermin 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
CVE-2004-0589 1 Cisco 1 Ios 2026-04-16 N/A
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
CVE-2004-0590 3 Frees Wan, Openswan, Strongswan 4 Frees Wan, Super Frees Wan, Openswan and 1 more 2026-04-16 N/A
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
CVE-2004-0591 1 Inter7 1 Sqwebmail 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type.
CVE-2004-0593 1 Sygate Technologies 2 Enforcer, Secure Enterprise 2026-04-16 N/A
Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules.
CVE-2004-0594 7 Avaya, Debian, Hp and 4 more 9 Converged Communications Server, Debian Linux, Hp-ux and 6 more 2026-04-16 N/A
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
CVE-2004-0595 4 Avaya, Php, Redhat and 1 more 11 Converged Communications Server, Integrated Management, S8300 and 8 more 2026-04-16 N/A
The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.
CVE-2004-0596 1 Linux 1 Linux Kernel 2026-04-16 N/A
The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference.
CVE-2004-0597 3 Greg Roelofs, Microsoft, Redhat 7 Libpng, Msn Messenger, Windows 98se and 4 more 2026-04-16 N/A
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.