Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2288 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. | |||||
| CVE-2004-2273 | 1 Evan Sims | 1 Effingerd | 2008-09-05 | 5.0 MEDIUM | N/A |
| efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. | |||||
| CVE-2004-2338 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. | |||||
| CVE-2004-2091 | 1 Microsoft | 1 Baseline Security Analyzer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. | |||||
| CVE-2004-2070 | 1 Altiris | 1 Client Service | 2008-09-05 | 7.2 HIGH | N/A |
| The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. | |||||
| CVE-2004-2025 | 1 Zen Cart | 1 Zen Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2004-2317 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. | |||||
| CVE-2004-2160 | 1 Xmlstarlet | 1 Command Line Xml Toolkit | 2008-09-05 | 6.4 MEDIUM | N/A |
| Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-2225 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. | |||||
| CVE-2004-2298 | 1 Novell | 2 Internet Messaging System, Netmail | 2008-09-05 | 6.4 MEDIUM | N/A |
| Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. | |||||
| CVE-2004-2194 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands. | |||||
| CVE-2004-2283 | 1 Daniel Barron | 1 Dansguardian | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. | |||||
| CVE-2004-2189 | 1 Dmxready | 1 Dmxready Site Chassis Manager | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-1783 | 1 Net2soft | 1 Flash Ftp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot). | |||||
| CVE-2004-1781 | 1 Info Touch | 1 Surfnet | 2008-09-05 | 4.6 MEDIUM | N/A |
| Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. | |||||
| CVE-2004-1780 | 1 Info Touch | 1 Surfnet | 2008-09-05 | 4.6 MEDIUM | N/A |
| Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts. | |||||
| CVE-2004-1791 | 1 Edimax | 1 Full Rate Adsl Router | 2008-09-05 | 7.5 HIGH | N/A |
| The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access. | |||||
| CVE-2004-1788 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. | |||||
| CVE-2004-1795 | 1 Info Touch | 1 Surfnet | 2008-09-05 | 2.1 LOW | N/A |
| Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI. | |||||
| CVE-2004-1891 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. | |||||
| CVE-2004-2001 | 1 Sgi | 1 Irix | 2008-09-05 | 4.6 MEDIUM | N/A |
| ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received. | |||||
| CVE-2004-1785 | 1 Invision Power Services | 1 Invision Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | |||||
| CVE-2004-1754 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records. | |||||
| CVE-2004-2024 | 1 Zen Cart | 1 Zen Cart | 2008-09-05 | 7.5 HIGH | N/A |
| The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php. | |||||
| CVE-2004-1451 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 2.6 LOW | N/A |
| Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks. | |||||
| CVE-2004-1449 | 2 Firebirdsql, Mozilla | 3 Firebird, Mozilla, Thunderbird | 2008-09-05 | 2.6 LOW | N/A |
| Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control. | |||||
| CVE-2004-1343 | 1 Cvs | 1 Cvs | 2008-09-05 | 5.0 MEDIUM | N/A |
| CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). | |||||
| CVE-2004-1374 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges. | |||||
| CVE-2004-1342 | 1 Cvs | 1 Cvs | 2008-09-05 | 7.5 HIGH | N/A |
| CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. | |||||
| CVE-2004-1450 | 1 Mozilla | 1 Mozilla | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations. | |||||
| CVE-2004-1160 | 1 Netscape | 1 Navigator | 2008-09-05 | 7.5 HIGH | N/A |
| Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | |||||
| CVE-2004-0997 | 1 Linux | 1 Linux Kernel | 2008-09-05 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors. | |||||
| CVE-2004-1312 | 1 Gfi | 2 Mailessentials, Mailsecurity | 2008-09-05 | 10.0 HIGH | N/A |
| A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues. | |||||
| CVE-2004-1039 | 1 Sco | 2 Openserver, Unixware | 2008-09-05 | 5.0 MEDIUM | N/A |
| The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request. | |||||
| CVE-2004-1077 | 1 Citrix | 2 Metaframe Client, Program Neighborhood Agent | 2008-09-05 | 5.0 MEDIUM | N/A |
| Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive. | |||||
| CVE-2004-1078 | 1 Citrix | 2 Metaframe Client, Program Neighborhood Agent | 2008-09-05 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element. | |||||
| CVE-2004-0921 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2008-09-05 | 7.5 HIGH | N/A |
| AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets. | |||||
| CVE-2004-0922 | 1 Apple | 3 Mac Os X, Mac Os X Server, Quicktime | 2008-09-05 | 5.0 MEDIUM | N/A |
| AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box. | |||||
| CVE-2004-0924 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2008-09-05 | 5.0 MEDIUM | N/A |
| NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not. | |||||
| CVE-2004-0926 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2008-09-05 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image. | |||||
| CVE-2004-0945 | 1 Mitel | 1 Mitel 3300 Integrated Communication Platform | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum. | |||||
| CVE-2004-0944 | 1 Mitel | 1 Mitel 3300 Integrated Communication Platform | 2008-09-05 | 5.0 MEDIUM | N/A |
| The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie. | |||||
| CVE-2004-0927 | 2 Apple, Easy Software Products | 3 Mac Os X, Mac Os X Server, Cups | 2008-09-05 | 5.0 MEDIUM | N/A |
| ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions. | |||||
| CVE-2004-0540 | 1 Microsoft | 1 Windows 2000 | 2008-09-05 | 10.0 HIGH | N/A |
| Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. | |||||
| CVE-2004-0498 | 1 Stonesoft | 1 Firewall Engine | 2008-09-05 | 5.0 MEDIUM | N/A |
| The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets. | |||||
| CVE-2004-0560 | 1 University Of Minnesota | 1 Gopherd | 2008-09-05 | 7.5 HIGH | N/A |
| Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow. | |||||
| CVE-2004-0561 | 1 University Of Minnesota | 1 Gopherd | 2008-09-05 | 7.5 HIGH | N/A |
| Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-0090 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. | |||||
| CVE-2003-1516 | 1 Sun | 1 Java Plug-in | 2008-09-05 | 6.8 MEDIUM | N/A |
| The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet. | |||||
| CVE-2003-1476 | 1 Cerberus | 1 Ftp Server | 2008-09-05 | 2.1 LOW | N/A |
| Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, which could allow local users to gain access. | |||||