Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1318 | 1 Namazu | 1 Namazu | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. | |||||
| CVE-2004-1317 | 1 Netcat | 1 Netcat | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. | |||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | |||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | |||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 10.0 HIGH | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-1146 | 1 Cvstrac | 1 Cvstrac | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. | |||||
| CVE-2004-1136 | 1 Globalscape | 1 Cuteftp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | |||||
| CVE-2004-1135 | 1 Ipswitch | 1 Ws Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | |||||
| CVE-2004-1134 | 1 Microsoft | 1 W3who.dll | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. | |||||
| CVE-2004-1133 | 1 Microsoft | 1 W3who.dll | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. | |||||
| CVE-2004-1131 | 1 Sco | 1 Openserver | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2004-1130 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. | |||||
| CVE-2004-1129 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | |||||
| CVE-2004-1315 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm. | |||||
| CVE-2004-1128 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename. | |||||
| CVE-2004-1127 | 1 Open Dc Hub | 1 Direct Connect Peer-to-peer Client | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command. | |||||
| CVE-2004-0172 | 1 Juan Cespedes | 1 Ltrace | 2017-07-11 | 7.2 HIGH | N/A |
| Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed. | |||||
| CVE-2004-0231 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations." | |||||
| CVE-2004-0232 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-0156 | 1 Ssmtp | 1 Ssmtp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-0219 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a malformed IPSEC SA payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0236 | 1 Steelid | 1 Thephototool | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field. | |||||
| CVE-2004-0221 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with a delete payload containing a large number of SPIs, which triggers an out-of-bounds read error, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0228 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.2 HIGH | N/A |
| Integer signedness error in the cpufreq proc handler (cpufreq_procctl) in Linux kernel 2.6 allows local users to gain privileges. | |||||
| CVE-2004-0222 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remote attackers to cause a denial of service (memory exhaustion) via certain ISAKMP packets, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0229 | 2 Gentoo, Linux | 2 Linux, Linux Kernel | 2017-07-11 | 4.6 MEDIUM | N/A |
| The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact. | |||||
| CVE-2004-0224 | 3 Double Precision Incorporated, Gentoo, Inter7 | 4 Courier Mta, Sqwebmail, Linux and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | |||||
| CVE-2004-0157 | 1 Xonix | 1 Xonix | 2017-07-11 | 4.6 MEDIUM | N/A |
| x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. | |||||
| CVE-2004-0218 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service (infinite loop) via an ISAKMP packet with a zero-length payload, as demonstrated by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-0227 | 1 Triornis | 1 Zoneminder | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string. | |||||
| CVE-2004-0166 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." | |||||
| CVE-2004-0158 | 1 Lgames | 1 Lbreakout2 | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c. | |||||
| CVE-2004-0161 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients. | |||||
| CVE-2004-0237 | 1 Aprox Portal | 1 Aprox Portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter. | |||||
| CVE-2004-0238 | 1 0verkill | 1 0verkill | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function. | |||||
| CVE-2004-0163 | 1 Sygate Technologies | 1 Secure Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session. | |||||
| CVE-2004-0162 | 3 Clearswift, F-secure, Paul L Daniels | 3 Mailsweeper, Internet Gatekeeper, Ripmime | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. | |||||
| CVE-2004-0226 | 4 Gentoo, Midnight Commander, Sgi and 1 more | 4 Linux, Midnight Commander, Propack and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-0217 | 1 Symantec | 1 Antivirus Scan Engine | 2017-07-11 | 3.7 LOW | N/A |
| The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | |||||
| CVE-2004-0192 | 1 Symantec | 1 Gateway Security 5400 | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. | |||||
| CVE-2001-0753 | 1 Cisco | 1 Cbos | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges. | |||||
| CVE-2002-0086 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable. | |||||
| CVE-2002-0087 | 1 Lotus | 1 Domino | 2017-07-11 | 2.1 LOW | N/A |
| bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2000-1238 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| BEA Systems WebLogic Express and WebLogic Server 5.1 SP1-SP6 allows remote attackers to bypass access controls for restricted JSP or servlet pages via a URL with multiple / (forward slash) characters before the restricted pages. | |||||
| CVE-2001-0942 | 1 Oracle | 1 Database Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment variable to find and execute the dbsnmp program, which allows local users to execute arbitrary programs by pointing the ORACLE_HOME to an alternate directory that contains a malicious version of dbsnmp. | |||||
| CVE-2000-0963 | 3 Freebsd, Immunix, Redhat | 3 Freebsd, Immunix, Linux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFO_DIRS. | |||||
| CVE-2001-0799 | 1 Sgi | 1 Irix | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument. | |||||
| CVE-2002-0712 | 1 Entrust | 1 Entrust Authority Security Manager | 2017-07-11 | 2.1 LOW | N/A |
| Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations. | |||||
| CVE-2000-1028 | 1 Hp | 1 Hp-ux | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in cu program in HP-UX 11.0 may allow local users to gain privileges via a long -l command line argument. | |||||
| CVE-2000-1029 | 1 Isc | 1 Bind | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in host command allows a remote attacker to execute arbitrary commands via a long response to an AXFR query. | |||||