Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1739 | 1 Bird Chat | 1 Internet Chat Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users. | |||||
| CVE-2004-1740 | 1 Music Daemon | 1 Music Daemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST. | |||||
| CVE-2004-1741 | 1 Music Daemon | 1 Music Daemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST. | |||||
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. | |||||
| CVE-2004-1743 | 1 Efs Software | 1 Efs Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. | |||||
| CVE-2004-1744 | 1 Efs Software | 1 Efs Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests. | |||||
| CVE-2004-1745 | 1 People Can Fly | 1 Painkiller | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. | |||||
| CVE-2004-1746 | 1 Php Code Snippet Library | 1 Php Code Snippet Library | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters. | |||||
| CVE-2004-1747 | 1 Network Everywhere | 1 Nr041 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option. | |||||
| CVE-2004-1748 | 1 Sysinternals | 1 Regmon | 2017-07-11 | 2.1 LOW | N/A |
| NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue. | |||||
| CVE-2004-1749 | 1 Toplayer | 1 Attack Mitigator | 2017-07-11 | 5.0 MEDIUM | N/A |
| Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests. | |||||
| CVE-2004-1750 | 1 Vnc | 1 Realvnc | 2017-07-11 | 5.0 MEDIUM | N/A |
| RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. | |||||
| CVE-2004-1751 | 1 Massive Entertainment | 1 Ground Control Ii Operation Exodus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error. | |||||
| CVE-2004-1752 | 1 Nakedsoft | 1 Gaucho | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header. | |||||
| CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-07-11 | 2.6 LOW | N/A |
| The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | |||||
| CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | |||||
| CVE-2004-1756 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | |||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2004-1759 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. | |||||
| CVE-2004-1760 | 2 Cisco, Ibm | 17 Call Manager, Conference Connection, Emergency Responder and 14 more | 2017-07-11 | 10.0 HIGH | N/A |
| The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. | |||||
| CVE-2004-1762 | 1 F-secure | 1 F-secure Anti-virus | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV. | |||||
| CVE-2004-1763 | 1 Haht Commerce | 1 Hahtsite Scenario Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name. | |||||
| CVE-2004-1765 | 1 Mod Security | 1 Mod Security | 2017-07-11 | 7.5 HIGH | N/A |
| Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests. | |||||
| CVE-2004-1766 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing. | |||||
| CVE-2004-1768 | 1 Symantec | 1 Brightmail Antispam | 2017-07-11 | 5.0 MEDIUM | N/A |
| The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters. | |||||
| CVE-2004-1769 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 10.0 HIGH | N/A |
| The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass. | |||||
| CVE-2004-1770 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 10.0 HIGH | N/A |
| The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter. | |||||
| CVE-2004-1771 | 1 Open Group | 1 Scalable Ogo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users. | |||||
| CVE-2004-1774 | 1 Oracle | 2 Application Server, Oracle10g | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | |||||
| CVE-2004-1775 | 1 Cisco | 2 Catos, Ios | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. | |||||
| CVE-2004-1776 | 1 Cisco | 1 Ios | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. | |||||
| CVE-2004-1779 | 1 Thwboard | 1 Thwboard Beta | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter. | |||||
| CVE-2004-1784 | 1 Webcam Corp | 1 Webcam Watchdog | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-1786 | 1 Iatek | 1 Portalapp | 2017-07-11 | 5.0 MEDIUM | N/A |
| PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb. | |||||
| CVE-2004-1787 | 1 Postnuke Software Foundation | 1 Postcalendar | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. | |||||
| CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | |||||
| CVE-2004-1790 | 1 Edimax | 1 Full Rate Adsl Router | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2004-1792 | 1 Yatsoft | 1 Switch Off | 2017-07-11 | 5.0 MEDIUM | N/A |
| swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000). | |||||
| CVE-2004-1793 | 1 Yatsoft | 1 Switch Off | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm. | |||||
| CVE-2004-1794 | 1 Vcard4j | 1 Vcard4j | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard. | |||||
| CVE-2004-1796 | 1 Hotnews | 1 Hotnews | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3. | |||||
| CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2004-1800 | 1 Sysbotz | 1 Simpledata | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie. | |||||
| CVE-2004-1801 | 1 Pwebserver | 1 Pwebserver Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2004-1802 | 1 Lionmax Software | 1 Chat Anywhere | 2017-07-11 | 5.0 MEDIUM | N/A |
| Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page. | |||||
| CVE-2004-1804 | 1 Invicta | 1 Wmcam Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command. | |||||
| CVE-2004-1805 | 1 Epic Games | 1 Unreal Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names. | |||||
| CVE-2004-1806 | 1 Dogpatch Software | 1 Cfwebstore | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters. | |||||
| CVE-2004-1807 | 1 Dogpatch Software | 1 Cfwebstore | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||