Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1687 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter. | |||||
| CVE-2004-1688 | 1 Tech-noel | 1 Pigeon Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103. | |||||
| CVE-2004-1689 | 1 Todd Miller | 1 Sudo | 2017-07-11 | 2.1 LOW | N/A |
| sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. | |||||
| CVE-2004-1690 | 1 Rhinosoft | 1 Dns4me | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. | |||||
| CVE-2004-1691 | 1 Rhinosoft | 1 Dns4me | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data. | |||||
| CVE-2004-1692 | 1 Mambo | 1 Mambo Open Source | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. | |||||
| CVE-2004-1693 | 1 Mambo | 1 Mambo | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2017-07-11 | 7.5 HIGH | N/A |
| Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2004-1695 | 1 Emulive | 1 Server4 | 2017-07-11 | 10.0 HIGH | N/A |
| EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash). | |||||
| CVE-2004-1696 | 1 Emulive | 1 Server4 | 2017-07-11 | 5.0 MEDIUM | N/A |
| EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66. | |||||
| CVE-2004-1697 | 1 Ca | 1 Unicenter Management | 2017-07-11 | 7.5 HIGH | N/A |
| The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames. | |||||
| CVE-2004-1698 | 1 Leadmind | 1 Popmessenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash. | |||||
| CVE-2004-1699 | 1 Pinnacle Systems | 1 Showcenter | 2017-07-11 | 5.0 MEDIUM | N/A |
| SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter. | |||||
| CVE-2004-1700 | 1 Pinnacle Systems | 1 Showcenter | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message. | |||||
| CVE-2004-1701 | 1 Gnu | 1 Cfengine | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication. | |||||
| CVE-2004-1702 | 1 Gnu | 1 Cfengine | 2017-07-11 | 5.0 MEDIUM | N/A |
| The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2004-1703 | 1 Fusionphp | 1 Fusion News | 2017-07-11 | 7.5 HIGH | N/A |
| Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag. | |||||
| CVE-2004-1704 | 1 Wire Plastic Design | 1 Wpquiz | 2017-07-11 | 7.5 HIGH | N/A |
| WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory. | |||||
| CVE-2004-1705 | 1 Citadel | 1 Ux | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username. | |||||
| CVE-2004-1706 | 1 U.s.robotics | 1 Usr808054 | 2017-07-11 | 7.5 HIGH | N/A |
| The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string. | |||||
| CVE-2004-1707 | 1 Oracle | 5 Application Server, Application Server Portal, Database Server Lite and 2 more | 2017-07-11 | 7.2 HIGH | N/A |
| The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0. | |||||
| CVE-2004-1708 | 1 Shawn Webb | 1 Webbsyte Chat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections. | |||||
| CVE-2004-1709 | 1 Datakey | 1 Rainbow Ikey2032 Usb Token | 2017-07-11 | 2.1 LOW | N/A |
| Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users. | |||||
| CVE-2004-1710 | 1 Andrew Kilpatrick | 1 Page Cgi | 2017-07-11 | 7.5 HIGH | N/A |
| page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter. | |||||
| CVE-2004-1713 | 1 Hp | 2 Process Resource Manager, Workload Manager | 2017-07-11 | 2.1 LOW | N/A |
| Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files. | |||||
| CVE-2004-1714 | 1 Iss | 2 Blackice Pc Protection, Blackice Server Protection | 2017-07-11 | 2.1 LOW | N/A |
| BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. | |||||
| CVE-2004-1715 | 1 Clearswift | 1 Mimesweeper For Web | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL. | |||||
| CVE-2004-1716 | 1 Powie | 1 Pforum | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile. | |||||
| CVE-2004-1717 | 1 Gv | 1 Gv | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value. | |||||
| CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2017-07-11 | 2.1 LOW | N/A |
| The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument. | |||||
| CVE-2004-1719 | 1 Merak | 1 Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. | |||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | |||||
| CVE-2004-1721 | 1 Merak | 1 Mail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000. | |||||
| CVE-2004-1722 | 1 Merak | 1 Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter. | |||||
| CVE-2004-1723 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 5.0 MEDIUM | N/A |
| The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | |||||
| CVE-2004-1724 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 7.5 HIGH | N/A |
| The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password. | |||||
| CVE-2004-1725 | 1 John Bradley | 1 Xv | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2004-1726 | 1 John Bradley | 1 Xv | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. | |||||
| CVE-2004-1727 | 1 Working Resources Inc. | 1 Badblue | 2017-07-11 | 5.0 MEDIUM | N/A |
| BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address. | |||||
| CVE-2004-1728 | 1 British National Corpus | 1 Sara | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string. | |||||
| CVE-2004-1729 | 1 Nihuo Software | 1 Web Log Analyzer | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2004-1730 | 1 Mantis | 1 Mantis | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. | |||||
| CVE-2004-1731 | 1 Mantis | 1 Mantis | 2017-07-11 | 5.0 MEDIUM | N/A |
| signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. | |||||
| CVE-2004-1732 | 1 Mydms | 1 Mydms | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter. | |||||
| CVE-2004-1733 | 1 Mydms | 1 Mydms | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL. | |||||
| CVE-2004-1734 | 1 Mantis | 1 Mantis | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1735 | 1 Sympa | 1 Sympa | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. | |||||
| CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | |||||
| CVE-2004-1737 | 2 Gentoo, The Cacti Group | 2 Linux, Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||||
| CVE-2004-1738 | 1 Jshop E-commerce | 1 Jshop Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter. | |||||