Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0253 | 1 Ibm | 1 Cloudscape | 2017-07-11 | 10.0 HIGH | N/A |
| IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. | |||||
| CVE-2004-1215 | 1 Burut | 1 Kreed | 2017-07-11 | 5.0 MEDIUM | N/A |
| Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error. | |||||
| CVE-2004-0252 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name. | |||||
| CVE-2004-1214 | 1 Burut | 1 Kreed | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text. | |||||
| CVE-2004-1213 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter. | |||||
| CVE-2004-0251 | 1 Rxgoogle.cgi | 1 Rxgoogle.cgi | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter. | |||||
| CVE-2004-0250 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php. | |||||
| CVE-2004-0249 | 1 Phpx | 1 Phpx | 2017-07-11 | 10.0 HIGH | N/A |
| PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID. | |||||
| CVE-2004-1330 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. | |||||
| CVE-2004-0248 | 1 Phpx | 1 Phpx | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. | |||||
| CVE-2004-0247 | 1 Cauldron | 2 Chaser Client, Chaser Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory. | |||||
| CVE-2004-1212 | 1 Blog Torrent | 1 Blog Torrent Preview | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument. | |||||
| CVE-2004-0246 | 1 Laurent Adda | 1 Les Commentaires | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter. | |||||
| CVE-2004-0245 | 1 Web Crossing Inc | 1 Web Crossing | 2017-07-11 | 5.0 MEDIUM | N/A |
| Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. | |||||
| CVE-2004-1210 | 1 Ipcop | 1 Ipcop | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables. | |||||
| CVE-2004-0243 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | |||||
| CVE-2004-0242 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | |||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 2.6 LOW | N/A |
| Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | |||||
| CVE-2004-1208 | 1 21-6 Productions | 1 Orbz | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request. | |||||
| CVE-2004-0241 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 10.0 HIGH | N/A |
| X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | |||||
| CVE-2004-0240 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php. | |||||
| CVE-2004-0239 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | |||||
| CVE-2004-1327 | 1 Crystal Art Software | 1 Crystal Ftp | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension. | |||||
| CVE-2004-1326 | 1 Ultrix | 1 Dxterm | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute arbitrary code via a long -setup parameter. | |||||
| CVE-2004-1325 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. | |||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 2.6 LOW | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | |||||
| CVE-2004-1203 | 1 Phpcms | 1 Phpcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. | |||||
| CVE-2004-1202 | 1 Phpcms | 1 Phpcms | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2004-1323 | 1 Netbsd | 1 Netbsd | 2017-07-11 | 2.1 LOW | N/A |
| Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions. | |||||
| CVE-2004-1200 | 1 Mozilla | 1 Firefox | 2017-07-11 | 5.0 MEDIUM | N/A |
| Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2004-1199 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2004-1197 | 1 Insite | 2 Inmail, Inshop | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter. | |||||
| CVE-2004-1196 | 1 Insite | 2 Inmail, Inshop | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter. | |||||
| CVE-2004-1195 | 1 Lucasarts | 1 Star Wars Battlefront | 2017-07-11 | 5.0 MEDIUM | N/A |
| Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory. | |||||
| CVE-2004-1194 | 1 Lucasarts | 1 Star Wars Battlefront | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname. | |||||
| CVE-2004-1192 | 1 Citadel | 1 Ux | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server. | |||||
| CVE-2004-1191 | 1 Suse | 1 Suse Linux | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." | |||||
| CVE-2004-1181 | 1 Toshiaki Kanosue | 1 Htmlheadline | 2017-07-11 | 4.6 MEDIUM | N/A |
| htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2004-1322 | 1 Cisco | 1 Unity Server | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. | |||||
| CVE-2004-1176 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-1174 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||||
| CVE-2004-1172 | 1 Symantec Veritas | 1 Backup Exec | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname. | |||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2017-07-11 | 2.1 LOW | N/A |
| KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | |||||
| CVE-2004-1169 | 1 Mysql | 1 Maxdb | 2017-07-11 | 5.0 MEDIUM | N/A |
| MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference. | |||||
| CVE-2004-1168 | 1 Mysql | 1 Maxdb | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header. | |||||
| CVE-2004-1167 | 1 Gentoo | 1 Mirrorselect | 2017-07-11 | 5.0 MEDIUM | N/A |
| mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-1164 | 1 Cisco | 1 Cns Network Registrar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence." | |||||
| CVE-2004-1163 | 1 Cisco | 1 Cns Network Registrar | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. | |||||
| CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2017-07-11 | 7.5 HIGH | N/A |
| The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | |||||
| CVE-2004-1320 | 1 Asante | 1 Fm2008 Managed Ethernet Switch | 2017-07-11 | 7.5 HIGH | N/A |
| Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access. | |||||