Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1593 | 1 Sct Corporation | 1 Campus Pipeline | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. | |||||
| CVE-2004-1594 | 1 E-zone Media Inc. | 1 Fusetalk | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag. | |||||
| CVE-2004-1595 | 1 Shixxnote | 1 Shixxnote | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field. | |||||
| CVE-2004-1596 | 1 3com | 1 3cradsl72 | 2017-07-11 | 7.5 HIGH | N/A |
| The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. | |||||
| CVE-2004-1597 | 1 Rim | 1 Blackberry | 2017-07-11 | 5.0 MEDIUM | N/A |
| RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored. | |||||
| CVE-2004-1598 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 5.0 MEDIUM | N/A |
| Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory. | |||||
| CVE-2004-1599 | 1 Coolphp | 1 Coolphpweb Portal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters. | |||||
| CVE-2004-1600 | 1 Coolphp | 1 Coolphp | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message. | |||||
| CVE-2004-1601 | 1 Coolphp | 1 Coolphp Web Portal | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter. | |||||
| CVE-2004-1602 | 1 Proftpd Project | 1 Proftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. | |||||
| CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 5.0 MEDIUM | N/A |
| cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | |||||
| CVE-2004-1605 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 7.5 HIGH | N/A |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. | |||||
| CVE-2004-1606 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 6.4 MEDIUM | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | |||||
| CVE-2004-1607 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 5.0 MEDIUM | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. | |||||
| CVE-2004-1608 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation. | |||||
| CVE-2004-1609 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 5.0 MEDIUM | N/A |
| SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | |||||
| CVE-2004-1611 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 5.1 MEDIUM | N/A |
| SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707. | |||||
| CVE-2004-1612 | 1 Saleslogix Corporation | 1 Saleslogix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request. | |||||
| CVE-2004-1616 | 1 Links | 1 Links | 2017-07-11 | 5.0 MEDIUM | N/A |
| Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme. | |||||
| CVE-2004-1618 | 1 Vypress | 1 Tonecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream. | |||||
| CVE-2004-1619 | 1 Akella | 1 Privateers Bounty Age Of Sail Ii | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2004-1620 | 1 S9y | 1 Serendipity | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. | |||||
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature. | |||||
| CVE-2004-1622 | 1 Ubbcentral | 1 Ubb.threads | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter. | |||||
| CVE-2004-1623 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 5.0 MEDIUM | N/A |
| The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | |||||
| CVE-2004-1624 | 1 Altiris | 1 Carbon Copy | 2017-07-11 | 7.2 HIGH | N/A |
| Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe). | |||||
| CVE-2004-1625 | 1 Pgina | 1 Pgina | 2017-07-11 | 5.0 MEDIUM | N/A |
| pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown. | |||||
| CVE-2004-1626 | 1 Code-crafters | 1 Ability Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. | |||||
| CVE-2004-1627 | 1 Code-crafters | 1 Ability Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command. | |||||
| CVE-2004-1629 | 1 Distinct Web Creations | 1 Dwc Articles | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-1630 | 1 Openwfe | 1 Work Flow Engine | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. | |||||
| CVE-2004-1631 | 1 Openwfe | 1 Work Flow Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results. | |||||
| CVE-2004-1632 | 1 Moniwiki | 1 Moniwiki | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php. | |||||
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | |||||
| CVE-2004-1634 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. | |||||
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | |||||
| CVE-2004-1636 | 1 Net Integration Technologies Inc. | 1 Wvtftp | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet. | |||||
| CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2017-07-11 | 7.5 HIGH | N/A |
| The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. | |||||
| CVE-2004-1638 | 1 Tabs Laboratories | 1 Mailcarrier | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command. | |||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | |||||
| CVE-2004-1640 | 1 Xoops | 1 Xoops Dictionary | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php. | |||||
| CVE-2004-1641 | 1 South River Technologies | 1 Titan Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | |||||
| CVE-2004-1642 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. | |||||
| CVE-2004-1644 | 1 Jerod Moemeka | 1 Xedus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address. | |||||
| CVE-2004-1645 | 1 Jerod Moemeka | 1 Xedus | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x. | |||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2004-1647 | 1 Web Animations | 1 Password Protect | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp. | |||||
| CVE-2004-1648 | 1 Web Animations | 1 Password Protect | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter. | |||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | |||||
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2017-07-11 | 7.5 HIGH | N/A |
| D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | |||||