Total
29916 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-2183 | 1 Wehelpbus | 1 Wehelpbus | 2026-04-16 | N/A |
| Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. | ||||
| CVE-2004-2184 | 1 Digicraft Software | 1 Yak | 2026-04-16 | N/A |
| Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put. | ||||
| CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | ||||
| CVE-2004-2185 | 1 Mediawiki | 1 Mediawiki | 2026-04-16 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage. | ||||
| CVE-2004-2212 | 1 Alivesites | 1 Alivesites Forum | 2026-04-16 | N/A |
| SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter. | ||||
| CVE-2004-2215 | 1 Marc Lehmann | 1 Rxvt-unicode | 2026-04-16 | N/A |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. | ||||
| CVE-2004-2216 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2026-04-16 | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. | ||||
| CVE-2005-1357 | 1 Text.cgi | 1 Text.cgi | 2026-04-16 | N/A |
| text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. | ||||
| CVE-2004-2213 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2026-04-16 | N/A |
| Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request. | ||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | ||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2026-04-16 | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | ||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2026-04-16 | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | ||||
| CVE-2004-2287 | 1 Dsm | 1 Light Web File Browser | 2026-04-16 | N/A |
| Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter. | ||||
| CVE-2004-2284 | 1 Open Webmail | 1 Open Webmail | 2026-04-16 | N/A |
| The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | ||||
| CVE-2004-2279 | 1 Invision Power Services | 1 Invision Power Board | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. | ||||
| CVE-2004-2281 | 1 Ibm | 1 Lotus Notes | 2026-04-16 | N/A |
| Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. | ||||
| CVE-2004-2282 | 1 Daniel Barron | 1 Dansguardian | 2026-04-16 | N/A |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. | ||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. | ||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2026-04-16 | N/A |
| The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | ||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2026-04-16 | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | ||||