Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2714 | 1 Windowmaker | 1 Windowmaker | 2017-07-29 | 6.0 MEDIUM | N/A |
| Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. | |||||
| CVE-2004-2715 | 1 Php Heaven | 1 Phpmychat | 2017-07-29 | 7.5 HIGH | N/A |
| edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. | |||||
| CVE-2004-2716 | 1 Php Heaven | 1 Phpmychat | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. | |||||
| CVE-2004-2720 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email parameter. | |||||
| CVE-2004-2721 | 1 Heiko Stamer | 1 Openskat | 2017-07-29 | 4.3 MEDIUM | N/A |
| The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt messages. | |||||
| CVE-2004-2722 | 1 Nessus | 1 Nessus | 2017-07-29 | 2.1 LOW | N/A |
| ** DISPUTED ** Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue. | |||||
| CVE-2004-2723 | 1 Nessus | 1 Nessuswx | 2017-07-29 | 2.1 LOW | N/A |
| NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords. | |||||
| CVE-2004-2724 | 1 Lionmax Software | 1 Chat Anywhere | 2017-07-29 | 7.1 HIGH | N/A |
| LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. | |||||
| CVE-2004-2725 | 1 Aztek Forum | 1 Aztek Forum | 2017-07-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email parameter in (b) subscribe.php, and (3) the return and (4) title parameters in (c) forum_2.php. | |||||
| CVE-2004-2727 | 1 Mailenable | 1 Mailenable | 2017-07-29 | 4.3 MEDIUM | N/A |
| Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request. | |||||
| CVE-2004-2728 | 1 Hummingbird | 1 Connectivity | 2017-07-29 | 3.5 LOW | N/A |
| Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command. | |||||
| CVE-2004-2729 | 1 Hummingbird | 1 Connectivity | 2017-07-29 | 4.4 MEDIUM | N/A |
| Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections. | |||||
| CVE-2004-2730 | 1 Microsoft | 11 Psexec, Psgetsid, Psinfo and 8 more | 2017-07-29 | 4.6 MEDIUM | N/A |
| Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) PsPasswd before 1.21, (8) PsService before 2.12, (9) PsSuspend before 1.05, and (10) PsShutdown before 2.32, does not properly disconnect from remote IPC$ and ADMIN$ shares, which allows local users to access the shares with elevated privileges by using the existing share mapping. | |||||
| CVE-2004-2732 | 1 Netbilling | 1 Netbilling | 2017-07-29 | 4.3 MEDIUM | N/A |
| nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key. | |||||
| CVE-2004-2733 | 1 Webwiz | 1 Web Wiz Forums | 2017-07-29 | 5.8 MEDIUM | N/A |
| Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp. | |||||
| CVE-2004-2734 | 1 Novell | 1 Netware | 2017-07-29 | 10.0 HIGH | N/A |
| webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. | |||||
| CVE-2004-2735 | 1 Fredric Fredricson | 1 P4db | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH parameter in branchView.cgi; (3) FSPC and (4) COMPLETE parameters in changeByUsers.cgi; (5) FSPC, (6) LABEL, (7) EXLABEL, (8) STATUS, (9) MAXCH, (10) FIRSTCH, (11) CHOFFSETDISP, (12) SEARCHDESC, (13) SEARCH_INVERT, (14) USER, (15) GROUP, and (16) CLIENT parameters in changeList.cgi; (17) CH parameter in changeView.cgi; (18) USER parameter in clientList.cgi; (19) CLIENT parameter in clientView.cgi; (20) FSPC parameter in depotTreeBrowser.cgi; (21) FSPC parameter in depotStats.cgi; (22) FSPC, (23) REV, (24) ACT, (25) FSPC2, (26) REV2, (27) CH, and (28) CONTEXT parameters in fileDiffView.cgi; (29) FSPC and (30) REV parameters in fileDownLoad.cgi; (31) FSPC, (32) LISTLAB, and (33) SHOWBRANCH parameters in fileLogView.cgi; (34) FSPC and (35) LABEL parameters in fileSearch.cgi; (36) FSPC, (37) REV, and (38) FORCE parameters in fileViewer.cgi; (39) FSPC parameter in filesChangedSince.cgi; (40) GROUP parameter in groupView.cgi; (41) TYPE, (42) FSPC, and (43) REV parameters in htmlFileView.cgi; (44) CMD parameter in javaDataView.cgi; (45) JOBVIEW and (46) FLD parameters in jobList.cgi; (47) JOB parameter in jobView.cgi; (48) LABEL1 and (49) LABEL2 parameters in labelDiffView.cgi; (50) LABEL parameter in labelView.cgi; (51) FSPC parameter in searchPattern.cgi; (52) TYPE, (53) FSPC, and (54) REV parameters in specialFileView.cgi; (55) GROUPSONLY parameter in userList.cgi; or (56) USER parameter in userView.cgi. | |||||
| CVE-2004-2736 | 1 Polar Software | 1 Helpdesk | 2017-07-29 | 5.0 MEDIUM | N/A |
| Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. | |||||
| CVE-2004-2737 | 1 Netsupport | 1 Dna Helpdesk | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. | |||||
| CVE-2004-2738 | 1 Zeroboard | 1 Zeroboard | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter. | |||||
| CVE-2004-2739 | 1 Phprojekt | 1 Phprojekt | 2017-07-29 | 7.5 HIGH | N/A |
| The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors. | |||||
| CVE-2004-2740 | 1 Phprojekt | 1 Phprojekt | 2017-07-29 | 4.3 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter. | |||||
| CVE-2004-2741 | 1 Horde | 1 Application Framework | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) topic, or (3) module parameters. | |||||
| CVE-2004-2742 | 1 Businessobjects | 1 Crystal Enterprise | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report (RPT) file. | |||||
| CVE-2004-2743 | 1 Raditha Dissanayake | 1 Mega Upload Progress Bar | 2017-07-29 | 6.4 MEDIUM | N/A |
| upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | |||||
| CVE-2004-2744 | 1 Phplist | 1 Mailing List Manager | 2017-07-29 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | |||||
| CVE-2004-2749 | 1 2wire | 1 Homeportal | 2017-07-29 | 4.3 MEDIUM | N/A |
| Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | |||||
| CVE-2004-2751 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-29 | 6.8 MEDIUM | N/A |
| SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | |||||
| CVE-2004-2753 | 1 Hp | 1 Hp-ux | 2017-07-29 | 5.6 MEDIUM | N/A |
| Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner." | |||||
| CVE-2004-2755 | 1 Symantec | 1 Web Security | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. | |||||
| CVE-2004-2757 | 1 Novell | 1 Ichain | 2017-07-29 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | |||||
| CVE-2005-4817 | 1 Tmsnc | 1 Tmsnc | 2017-07-29 | 7.5 HIGH | N/A |
| Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function. | |||||
| CVE-2005-4819 | 1 Ibm | 1 Lotus Domino | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2005-4820 | 1 Smc Networks | 1 Smc7904wbra | 2017-07-29 | 5.0 MEDIUM | N/A |
| SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic. | |||||
| CVE-2005-4822 | 1 Digger Solutions | 1 Intranet Open Source | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id parameter. | |||||
| CVE-2005-4832 | 1 Oracle | 1 Oracle10g | 2017-07-29 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197. | |||||
| CVE-2005-4848 | 1 Rim | 1 Blackberry Enterprise Server | 2017-07-29 | 7.5 HIGH | N/A |
| Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets. | |||||
| CVE-2005-4863 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter. | |||||
| CVE-2005-4864 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable. | |||||
| CVE-2005-4865 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname. | |||||
| CVE-2005-4866 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow. | |||||
| CVE-2005-4867 | 1 Ibm | 1 Db2 Universal Database | 2017-07-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter. | |||||
| CVE-2005-4869 | 1 Ibm | 1 Db2 | 2017-07-29 | 2.1 LOW | N/A |
| The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference. | |||||
| CVE-2005-4870 | 1 Ibm | 1 Db2 | 2017-07-29 | 4.3 MEDIUM | N/A |
| Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument. | |||||
| CVE-2005-4871 | 1 Ibm | 1 Db2 | 2017-07-29 | 4.3 MEDIUM | N/A |
| Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile. | |||||
| CVE-2006-6122 | 1 Tin | 1 Tin | 2017-07-29 | 7.5 HIGH | N/A |
| Multiple buffer overflows in TIN before 1.8.2 have unspecified impact and attack vectors, a different vulnerability than CVE-2006-0804. | |||||
| CVE-2006-6123 | 1 Coppermine | 1 Coppermine Photo Gallery | 2017-07-29 | 2.6 LOW | N/A |
| Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected. | |||||
| CVE-2006-6124 | 1 Biba Software | 1 Seleniumserver Web Server | 2017-07-29 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
| CVE-2006-6126 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 2.1 LOW | N/A |
| Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure. | |||||
| CVE-2006-6127 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-29 | 2.1 LOW | N/A |
| Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent. | |||||