NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 16, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
343651	2.6	LOW	gadu-gadu	gadu-gadu_instant_messenger	Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.	NVD-CWE-Other	CVE-2004-1411	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343652	4.3	MEDIUM	kayako	esupport	Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.	NVD-CWE-Other	CVE-2004-1412	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343653	5.0	MEDIUM	kayako	esupport	Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 …	NVD-CWE-Other	CVE-2004-1413	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343654	5.0	MEDIUM	ben3w	2bgal	SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.	NVD-CWE-Other	CVE-2004-1415	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343655	4.3	MEDIUM	-	-	Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error …	NVD-CWE-Other	CVE-2004-1418	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343656	6.8	MEDIUM	zeroboard	zeroboard	PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parame…	CWE-94 Code Injection	CVE-2004-1419	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343657	6.8	MEDIUM	zeroboard	zeroboard	requires that register_globals be enabled	CWE-94 Code Injection	CVE-2004-1419	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343658	4.3	MEDIUM	whm	autopilot	Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http…	NVD-CWE-Other	CVE-2004-1420	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343659	7.5	HIGH	whm	whm_autopilot	Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary …	NVD-CWE-Other	CVE-2004-1421	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343660	5.0	MEDIUM	whm	whm_autopilot	WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.	NVD-CWE-Other	CVE-2004-1422	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343661	7.5	HIGH	korweblog	korweblog	PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a …	NVD-CWE-Other	CVE-2004-1427	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343662	7.5	HIGH	argosoft	ftp_server	ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack.	NVD-CWE-Other	CVE-2004-1429	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343663	7.5	HIGH	ipbproarcade	ipbproarcade	SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter.	NVD-CWE-Other	CVE-2004-1430	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343664	5.0	MEDIUM	-	-	FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.	NVD-CWE-Other	CVE-2004-1431	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343665	7.5	HIGH	pavuk	pavuk	Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code.	NVD-CWE-Other	CVE-2004-1437	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343666	2.1	LOW	subversion	subversion	The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn co…	NVD-CWE-Other	CVE-2004-1438	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343667	7.5	HIGH	sapporoworks	black_jumbodog	Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.	NVD-CWE-Other	CVE-2004-1439	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343668	7.5	HIGH	putty	putty	Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the m…	NVD-CWE-Other	CVE-2004-1440	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343669	9.3	HIGH	board_power	board_power	Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.	NVD-CWE-Other	CVE-2004-1441	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343670	4.3	MEDIUM	horde	imp	Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arb…	NVD-CWE-Other	CVE-2004-1443	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343671	5.0	MEDIUM	roundup-tracker	roundup	Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request.	CWE-22 Path Traversal	CVE-2004-1444	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343672	3.7	LOW	nessus	nessus	A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.	NVD-CWE-Other	CVE-2004-1445	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343673	5.0	MEDIUM	juniper	netscreen_screenos	Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.	NVD-CWE-Other	CVE-2004-1446	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343674	5.0	MEDIUM	jetbox	jetbox_one_cms	Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information.	NVD-CWE-Other	CVE-2004-1447	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343675	4.6	MEDIUM	jetbox	jetbox_one_cms	Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.	NVD-CWE-Other	CVE-2004-1448	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343676	7.2	HIGH	gentoo	linux	Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat g…	NVD-CWE-Other	CVE-2004-1452	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343677	5.0	MEDIUM	cisco	ios	Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.	NVD-CWE-Other	CVE-2004-1454	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343678	5.1	MEDIUM	xine	xine-lib	Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.	NVD-CWE-Other	CVE-2004-1455	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343679	7.5	HIGH	cvstrac	cvstrac	filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.	NVD-CWE-Other	CVE-2004-1456	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343680	5.0	MEDIUM	novell	bordermanager	The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISA…	NVD-CWE-Other	CVE-2004-1457	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343681	5.0	MEDIUM	-	-	Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) vi…	NVD-CWE-Other	CVE-2004-1459	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343682	7.5	HIGH	cisco	secure_access_control_server secure_acs_solution_engine	Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers t…	NVD-CWE-Other	CVE-2004-1460	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343683	7.5	HIGH	cisco	secure_access_control_server secure_acs_solution_engine	Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers t…	NVD-CWE-Other	CVE-2004-1461	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343684	7.5	HIGH	moinmoin	moinmoin	Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.	NVD-CWE-Other	CVE-2004-1462	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343685	10.0	HIGH	moinmoin	moinmoin	Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.	NVD-CWE-Other	CVE-2004-1463	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343686	3.7	LOW	winzip	winzip	Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.	NVD-CWE-Other	CVE-2004-1465	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343687	7.5	HIGH	gallery_project	gallery	The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attac…	NVD-CWE-Other	CVE-2004-1466	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343688	4.3	MEDIUM	egroupware	egroupware	Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calenda…	NVD-CWE-Other	CVE-2004-1467	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343689	7.5	HIGH	usermin webmin	usermin webmin	The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.	NVD-CWE-Other	CVE-2004-1468	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343690	7.2	HIGH	peter_d._gray	sus	Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument tha…	NVD-CWE-Other	CVE-2004-1469	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343691	5.0	MEDIUM	snipsnap	snipsnap	CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.	NVD-CWE-Other	CVE-2004-1470	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343692	7.1	HIGH	cvs openpkg sgi freebsd gentoo openbsd	cvs openpkg propack freebsd linux openbsd	Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) a…	NVD-CWE-Other	CVE-2004-1471	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343693	7.1	HIGH	cvs openpkg sgi freebsd gentoo openbsd	cvs openpkg propack freebsd linux openbsd	Failed exploit attempts will likely cause a denial of service condition.	NVD-CWE-Other	CVE-2004-1471	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343694	5.0	MEDIUM	symantec	firewall_vpn_appliance_100 firewall_vpn_appliance_200 firewall_vpn_appliance_200r gateway_security nexland_isb_soho_firewall_appliance nexland_pro100_firewall_appliance nexland_pro4…	Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN int…	NVD-CWE-Other	CVE-2004-1472	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343695	5.0	MEDIUM	symantec	firewall_vpn_appliance_100 firewall_vpn_appliance_200 firewall_vpn_appliance_200r gateway_security_320 gateway_security_360 gateway_security_360r nexland_isb_soho_firewall_appliance…	Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filter…	NVD-CWE-Other	CVE-2004-1473	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343696	5.0	MEDIUM	symantec	firewall_vpn_appliance_100 firewall_vpn_appliance_200 firewall_vpn_appliance_200r gateway_security_320 gateway_security_360 gateway_security_360r nexland_isb_soho_firewall_appliance…	Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP communit…	NVD-CWE-Other	CVE-2004-1474	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343697	5.1	MEDIUM	xine	xine xine-lib	Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.	NVD-CWE-Other	CVE-2004-1475	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343698	5.1	MEDIUM	xine suse	xine xine-lib suse_linux	Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk labe…	NVD-CWE-Other	CVE-2004-1476	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343699	4.3	MEDIUM	macromedia	jrun	Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.	NVD-CWE-Other	CVE-2004-1477	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm

343700	7.5	HIGH	hitachi macromedia	cosminexus_enterprise cosminexus_server coldfusion jrun	JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.	NVD-CWE-Other	CVE-2004-1478	2017-07-11 10:31	2004-12-31	Show	GitHub Exploit DB Packet Storm