Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2248 | 1 Goosequill | 1 Remoteeditor | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." | |||||
| CVE-2004-2249 | 1 Goosequill | 1 Audienceconnect Secureeditor | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
| CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
| CVE-2004-2251 | 1 Astaro | 1 Security Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. | |||||
| CVE-2004-2252 | 1 Astaro | 1 Security Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||||
| CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. | |||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2017-07-11 | 7.5 HIGH | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | |||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | |||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
| CVE-2004-2257 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |||||
| CVE-2004-2258 | 1 Hummingbird | 1 Exceed | 2017-07-11 | 2.1 LOW | N/A |
| Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. | |||||
| CVE-2004-2261 | 1 E107 | 1 E107 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. | |||||
| CVE-2004-2263 | 1 Playsms | 1 Playsms | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. | |||||
| CVE-2004-2264 | 1 Gnu | 1 Less | 2017-07-11 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed. | |||||
| CVE-2004-2265 | 1 Uudeview | 1 Uudeview | 2017-07-11 | 7.2 HIGH | N/A |
| UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. | |||||
| CVE-2004-2266 | 1 Ansel | 1 Ansel | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. | |||||
| CVE-2004-2267 | 1 Ansel | 1 Ansel | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. | |||||
| CVE-2004-2268 | 1 Pimentech | 1 Pimengest2 | 2017-07-11 | 5.0 MEDIUM | N/A |
| PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php. | |||||
| CVE-2004-2269 | 1 Matt Shelton | 1 Pads | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability. | |||||
| CVE-2004-2270 | 1 Ibm | 1 Parallel Environment | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. | |||||
| CVE-2004-2271 | 1 Minishare | 1 Minimal Http Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-2272 | 1 Evan Sims | 1 Effingerd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. | |||||
| CVE-2004-2274 | 1 W3c | 1 Jigsaw | 2017-07-11 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI. | |||||
| CVE-2004-2275 | 1 I-mall Commerce | 1 I-mall.cgi | 2017-07-11 | 10.0 HIGH | N/A |
| i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. | |||||
| CVE-2004-2276 | 1 F-secure | 1 F-secure Anti-virus | 2017-07-11 | 2.1 LOW | N/A |
| F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. | |||||
| CVE-2004-2277 | 1 Agsm | 1 Agsm | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response. | |||||
| CVE-2004-2278 | 1 Chaogic Systems | 1 Vhost | 2017-07-11 | 4.3 MEDIUM | N/A |
| Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. | |||||
| CVE-2004-2279 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. | |||||
| CVE-2004-2284 | 1 Open Webmail | 1 Open Webmail | 2017-07-11 | 10.0 HIGH | N/A |
| The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | |||||
| CVE-2004-2286 | 2 Activestate, Larry Wall | 2 Activeperl, Perl | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. | |||||
| CVE-2004-2290 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 7.5 HIGH | N/A |
| Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. | |||||
| CVE-2004-2292 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. | |||||
| CVE-2004-2293 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. | |||||
| CVE-2004-2295 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2004-2296 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. | |||||
| CVE-2004-2297 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. | |||||
| CVE-2004-2299 | 1 Omnicron | 1 Omnihttpd | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. | |||||
| CVE-2004-2300 | 1 Ucd-snmp | 1 Ucd-snmp | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE. | |||||
| CVE-2004-2301 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. | |||||
| CVE-2004-2303 | 1 Mtools | 1 Mformat | 2017-07-11 | 3.6 LOW | N/A |
| MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files. | |||||
| CVE-2004-2304 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | |||||
| CVE-2004-2308 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. | |||||
| CVE-2004-2309 | 1 Crob | 1 Crob Ftp Server | 2017-07-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command. | |||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. | |||||
| CVE-2004-2311 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 3.6 LOW | N/A |
| Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog. | |||||
| CVE-2004-2312 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||||
| CVE-2004-2313 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | |||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2017-07-11 | 7.5 HIGH | N/A |
| The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | |||||
| CVE-2004-2315 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | |||||
| CVE-2004-2316 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. | |||||