Vulnerabilidades CVE
Base de datos de vulnerabilidades CVE enriquecida con datos de CISA KEV y NVD
| CVE ID | CVSS | Severidad | KEV | Avistamientos |
|---|---|---|---|---|
| CVE-2004-2214 Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. | 9.8 | CRITICAL | β | 0 |
| CVE-2004-2215 RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. | N/A | NONE | β | 0 |
| CVE-2006-1794 SQL injection vulnerability in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via (1) the $username variable in the mosGetParam function a... | N/A | NONE | β | 0 |
| CVE-2004-2216 Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (cr... | N/A | NONE | β | 0 |
| CVE-2004-2217 Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. | N/A | NONE | β | 0 |
| CVE-2004-2218 SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. | N/A | NONE | β | 0 |
| CVE-2004-2219 Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.ba... | N/A | NONE | β | 0 |
| CVE-2004-2220 F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. | N/A | NONE | β | 0 |
| CVE-2004-2221 Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. | N/A | NONE | β | 0 |
| CVE-2004-2222 Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter. | N/A | NONE | β | 0 |
| CVE-2004-2223 FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image. | N/A | NONE | β | 0 |
| CVE-2004-2224 Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. | N/A | NONE | β | 0 |
| CVE-2005-4794 Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compress... | N/A | NONE | β | 0 |
| CVE-2004-2225 Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. | N/A | NONE | β | 0 |
| CVE-2004-2226 Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style S... | N/A | NONE | β | 0 |
| CVE-2004-2227 Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. | N/A | NONE | β | 0 |
| CVE-2004-2228 Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. | N/A | NONE | β | 0 |
| CVE-2004-2229 Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | N/A | NONE | β | 0 |
| CVE-2004-2230 Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. | N/A | NONE | β | 0 |
| CVE-2004-2231 Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. | N/A | NONE | β | 0 |
| CVE-2004-2232 SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. | N/A | NONE | β | 0 |
| CVE-2013-2566 The RC4 algorithm, as used in the TLS protocol and SSL protocol, has many single-byte biases, which makes it easier for remote attackers to conduct plaintext-recovery attacks via statistical analysis ... | N/A | NONE | β | 0 |
| CVE-2004-2233 Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors. | N/A | NONE | β | 0 |
| CVE-2004-2234 Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | N/A | NONE | β | 0 |
| CVE-2004-2235 Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. | N/A | NONE | β | 0 |
| CVE-2004-2236 Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting. | N/A | NONE | β | 0 |
| CVE-2004-2237 Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts." | N/A | NONE | β | 0 |
| CVE-2004-2238 Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when ... | N/A | NONE | β | 0 |
| CVE-2026-33105 Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | 10.0 | CRITICAL | β | 0 |
| CVE-2026-32173 Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | 8.6 | HIGH | β | 0 |
| CVE-2026-35507 Shynet before 0.14.0 allows Host header injection in the password reset flow. | 6.4 | MEDIUM | β | 0 |
| CVE-2026-35536 In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. | 7.2 | HIGH | β | 0 |
| CVE-2010-3856 ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) ... | N/A | NONE | β | 0 |
| CVE-2026-35535 In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. | 7.4 | HIGH | β | 0 |
| CVE-2026-35508 Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | 5.4 | MEDIUM | β | 0 |
| CVE-2026-28815 A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime p... | 7.5 | HIGH | β | 0 |
| CVE-2004-2239 Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. | N/A | NONE | β | 0 |
| CVE-2004-2240 Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | N/A | NONE | β | 0 |
| CVE-2004-2241 Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected ... | N/A | NONE | β | 0 |
| CVE-2004-2242 Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. | N/A | NONE | β | 0 |
| CVE-2004-2243 Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected vers... | N/A | NONE | β | 0 |
| CVE-2004-2244 The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote a... | N/A | NONE | β | 0 |
| CVE-2004-2245 Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic... | N/A | NONE | β | 0 |
| CVE-2004-2246 Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. | N/A | NONE | β | 0 |
| CVE-2004-2247 Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. | N/A | NONE | β | 0 |
| CVE-2004-2248 Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." | N/A | NONE | β | 0 |
| CVE-2004-2249 Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | N/A | NONE | β | 0 |
| CVE-2004-2250 Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | N/A | NONE | β | 0 |
| CVE-2004-2251 The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. | N/A | NONE | β | 0 |
| CVE-2004-2252 The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attac... | N/A | NONE | β | 0 |
This product uses data from the NVD API but is not endorsed or certified by the NVD.