Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 4.0 MEDIUM | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | |||||
| CVE-2004-2521 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP). | |||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. | |||||
| CVE-2004-2523 | 1 Openftpd | 1 Openftpd Ftp Server | 2017-07-11 | 6.5 MEDIUM | N/A |
| Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument. | |||||
| CVE-2004-2524 | 1 Whm Autopilot | 1 Whm Autopilot | 2017-07-11 | 5.0 MEDIUM | N/A |
| clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | |||||
| CVE-2004-2528 | 1 Webcam Corp | 1 Webcam Watchdog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter. | |||||
| CVE-2004-2529 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities. | |||||
| CVE-2004-2530 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 2.6 LOW | N/A |
| Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box. | |||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2017-07-11 | 7.8 HIGH | N/A |
| X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. | |||||
| CVE-2004-2534 | 1 Fastream | 1 Netfile Server | 2017-07-11 | 7.8 HIGH | N/A |
| Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests. | |||||
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2017-07-11 | 5.0 MEDIUM | N/A |
| The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key. | |||||
| CVE-2004-2536 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.5 HIGH | N/A |
| The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges. | |||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | |||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2017-07-11 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer. | |||||
| CVE-2004-2539 | 1 Network Appliance | 2 Data Ontap, Netcache | 2017-07-11 | 7.8 HIGH | N/A |
| Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vectors, possibly related to unspecified worms, as identified by bug ID | |||||
| CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 5.0 MEDIUM | N/A |
| readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | |||||
| CVE-2004-2542 | 1 Dynix | 1 Webpac | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases. | |||||
| CVE-2004-2543 | 1 Securecomputing | 1 Sidewinder G2 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | |||||
| CVE-2004-2544 | 1 Securecomputing | 1 Sidewinder G2 | 2017-07-11 | 2.1 LOW | N/A |
| Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information. | |||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2017-07-11 | 2.6 LOW | N/A |
| NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | |||||
| CVE-2004-1399 | 1 Opentools | 1 Attachment Mod | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. | |||||
| CVE-2004-1400 | 1 Active Server Corner | 1 Asp Calendar | 2017-07-11 | 7.5 HIGH | N/A |
| The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. | |||||
| CVE-2004-1401 | 1 Asp-rider | 1 Asp-rider | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter. | |||||
| CVE-2004-1402 | 1 Iwebnegar | 1 Iwebnegar | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page. | |||||
| CVE-2004-1403 | 1 Sir | 1 Gnuboard | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1404 | 1 Opentools | 1 Attachment Mod | 2017-07-11 | 7.5 HIGH | N/A |
| Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | |||||
| CVE-2004-1406 | 1 Ikonboard.com | 1 Ikonboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter. | |||||
| CVE-2004-2452 | 1 Hitachi | 1 Cosminexus Portal Framework | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library. | |||||
| CVE-2004-2241 | 1 Phorum | 1 Phorum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. | |||||
| CVE-2004-2216 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. | |||||
| CVE-2004-2211 | 1 Alivesites | 1 Alivesites Forum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp. | |||||
| CVE-2004-2439 | 1 Hp | 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. | |||||
| CVE-2004-2525 | 1 S9y | 1 Serendipity | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. | |||||
| CVE-2004-2205 | 1 Symantec Veritas | 1 Cluster Server | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors. | |||||
| CVE-2004-2492 | 1 Hitachi | 1 Groupmax World Wide Web Desktop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. | |||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-11 | 5.4 MEDIUM | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | |||||
| CVE-2004-2490 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | |||||
| CVE-2004-2493 | 1 Hitachi | 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop | 2017-07-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter. | |||||
| CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 7.2 HIGH | N/A |
| Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | |||||
| CVE-2004-2131 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. | |||||
| CVE-2004-2489 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename. | |||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2017-07-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands. | |||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | |||||
| CVE-2004-2480 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2017-07-11 | 5.0 MEDIUM | N/A |
| Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. | |||||
| CVE-2004-1051 | 5 Debian, Mandrakesoft, Todd Miller and 2 more | 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more | 2017-07-11 | 7.2 HIGH | N/A |
| sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | |||||
| CVE-2004-0466 | 1 Openconnect | 1 Webconnect | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. | |||||
| CVE-2004-0467 | 1 Juniper | 1 Junos | 2017-07-11 | 5.0 MEDIUM | N/A |
| Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. | |||||
| CVE-2004-1033 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2017-07-11 | 2.1 LOW | N/A |
| Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. | |||||
| CVE-2004-1037 | 2 Gentoo, Twiki | 2 Linux, Twiki | 2017-07-11 | 10.0 HIGH | N/A |
| The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. | |||||
| CVE-2004-1035 | 1 Imap Proxy | 1 Imap Proxy | 2017-07-11 | 6.4 MEDIUM | N/A |
| Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain literal values that are not properly handled when using the IMAP_Line_Read function. | |||||