Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0741 | 1 Lionmax Software | 1 Www File Share Pro | 2017-07-11 | 5.0 MEDIUM | N/A |
| LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow. | |||||
| CVE-2004-0740 | 1 Lexmark | 1 T522 Network Printer | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow. | |||||
| CVE-2004-0739 | 1 Snapfiles | 1 Whisper Ftp Surfer | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename. | |||||
| CVE-2004-0738 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. | |||||
| CVE-2004-0737 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters. | |||||
| CVE-2004-0736 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. | |||||
| CVE-2004-0735 | 1 Electronic Arts | 1 Medal Of Honor Allied Assault | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors. | |||||
| CVE-2004-0734 | 1 Extropia | 1 Extropia Webstore | 2017-07-11 | 7.5 HIGH | N/A |
| Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||
| CVE-2004-1027 | 2 Arj Software Inc., Gentoo | 2 Unarj, Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences. | |||||
| CVE-2004-0732 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | |||||
| CVE-2004-0731 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | |||||
| CVE-2004-0730 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. | |||||
| CVE-2004-0729 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message. | |||||
| CVE-2004-0728 | 1 Microsoft | 1 Systems Management Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. | |||||
| CVE-2004-0724 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet. | |||||
| CVE-2004-0723 | 1 Microsoft | 1 Java Virtual Machine | 2017-07-11 | 6.4 MEDIUM | N/A |
| Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." | |||||
| CVE-2004-0720 | 1 Apple | 1 Safari | 2017-07-11 | 7.5 HIGH | N/A |
| Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-1023 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. | |||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | |||||
| CVE-2004-0713 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 6.4 MEDIUM | N/A |
| The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. | |||||
| CVE-2004-0712 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. | |||||
| CVE-2004-0711 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. | |||||
| CVE-2004-0709 | 1 Hp | 1 Openview Select Access | 2017-07-11 | 7.5 HIGH | N/A |
| HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions. | |||||
| CVE-2004-1291 | 1 Amir Malik | 1 Qwik Smtpd | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. | |||||
| CVE-2004-1022 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | |||||
| CVE-2004-0708 | 1 Moinmoin | 1 Moinmoin | 2017-07-11 | 7.5 HIGH | N/A |
| MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges. | |||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | |||||
| CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 2.1 LOW | N/A |
| Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | |||||
| CVE-2004-1290 | 1 William Hoggarth | 1 Pgn2web | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file. | |||||
| CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. | |||||
| CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | |||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | |||||
| CVE-2004-0699 | 1 Checkpoint | 2 Firewall-1, Vpn-1 | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data. | |||||
| CVE-2004-0698 | 1 4d | 1 Webstar | 2017-07-11 | 3.6 LOW | N/A |
| 4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack. | |||||
| CVE-2004-0697 | 1 4d | 1 Webstar | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information. | |||||
| CVE-2004-0696 | 1 4d | 1 Webstar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character. | |||||
| CVE-2004-0695 | 1 4d | 1 Webstar | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command. | |||||
| CVE-2004-1289 | 1 Pcal | 1 Pcal | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file. | |||||
| CVE-2004-0684 | 1 Ibm | 2 Websphere Caching Proxy Server, Websphere Edge Server Caching Proxy | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters. | |||||
| CVE-2004-0683 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories. | |||||
| CVE-2004-0682 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 7.5 HIGH | N/A |
| comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL. | |||||
| CVE-2004-0681 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter. | |||||
| CVE-2004-0680 | 1 Zoom | 1 Model 5560 X3 Ethernet Adsl Modem | 2017-07-11 | 10.0 HIGH | N/A |
| Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2004-0679 | 1 Unreal | 1 Unrealircd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses. | |||||
| CVE-2004-0677 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A"). | |||||
| CVE-2004-0676 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. | |||||
| CVE-2004-1288 | 1 Siag | 1 O3read | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file. | |||||
| CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. | |||||
| CVE-2004-0674 | 1 Enterasys | 3 Xsr-1805, Xsr-1850, Xsr-3000 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set. | |||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | |||||