Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1868 | 1 Esignal | 1 Esignal | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag. | |||||
| CVE-2004-1869 | 1 Nival Interactive | 2 Etherlords, Etherlords Ii | 2017-07-11 | 5.0 MEDIUM | N/A |
| Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory. | |||||
| CVE-2004-1870 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php. | |||||
| CVE-2004-1871 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. | |||||
| CVE-2004-1872 | 1 Webct | 1 Webct | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. | |||||
| CVE-2004-1874 | 1 Alan Ward | 1 A-cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. | |||||
| CVE-2004-1875 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 9.3 HIGH | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10. | |||||
| CVE-2004-1876 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 4.6 MEDIUM | N/A |
| The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2004-1877 | 1 Oracle | 2 Application Server, Http Server | 2017-07-11 | 2.6 LOW | N/A |
| The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password. | |||||
| CVE-2004-1878 | 1 Linbit Technologies | 1 Linbox Officeserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). | |||||
| CVE-2004-1879 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. | |||||
| CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | |||||
| CVE-2004-1882 | 1 Cactusoft | 1 Cactushop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. | |||||
| CVE-2004-1887 | 1 Ada | 1 Imgsvr | 2017-07-11 | 5.0 MEDIUM | N/A |
| Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null). | |||||
| CVE-2004-1889 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. | |||||
| CVE-2004-1890 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. | |||||
| CVE-2004-1892 | 1 Emule | 1 Emule | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. | |||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2017-07-11 | 5.0 MEDIUM | N/A |
| Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | |||||
| CVE-2004-1894 | 1 Pragma Ade | 1 Context | 2017-07-11 | 2.1 LOW | N/A |
| TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log. | |||||
| CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2017-07-11 | 2.1 LOW | N/A |
| YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | |||||
| CVE-2004-1896 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | |||||
| CVE-2004-1897 | 1 Tildeslash | 1 Monit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. | |||||
| CVE-2004-1898 | 1 Tildeslash | 1 Monit | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | |||||
| CVE-2004-1899 | 1 Tildeslash | 1 Monit | 2017-07-11 | 5.0 MEDIUM | N/A |
| The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | |||||
| CVE-2004-1900 | 1 Pan Vision | 1 I.g.i-2 Covert Strike | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. | |||||
| CVE-2004-1901 | 1 Gentoo | 1 Linux | 2017-07-11 | 4.6 MEDIUM | N/A |
| Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | |||||
| CVE-2004-1902 | 1 Citrix | 1 Metaframe Password Manager | 2017-07-11 | 2.1 LOW | N/A |
| The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | |||||
| CVE-2004-1903 | 1 Blaxxun | 1 Contact 3d | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag. | |||||
| CVE-2004-1904 | 1 Panda | 1 Activescan | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string. | |||||
| CVE-2004-1905 | 1 Panda | 1 Activescan | 2017-07-11 | 5.0 MEDIUM | N/A |
| ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function. | |||||
| CVE-2004-1906 | 1 Mcafee | 1 Freescan | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. | |||||
| CVE-2004-1907 | 1 Kerio | 1 Personal Firewall | 2017-07-11 | 2.6 LOW | N/A |
| The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". | |||||
| CVE-2004-1908 | 1 Mcafee | 1 Freescan | 2017-07-11 | 5.0 MEDIUM | N/A |
| McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters. | |||||
| CVE-2004-1909 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 2.6 LOW | N/A |
| Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm. | |||||
| CVE-2004-1910 | 1 Symantec | 1 Security Check Virus Detection | 2017-07-11 | 5.0 MEDIUM | N/A |
| rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged. | |||||
| CVE-2004-1911 | 1 Azerbaijan Development Group | 1 Azdgdating | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. | |||||
| CVE-2004-1912 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | |||||
| CVE-2004-1913 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | |||||
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | |||||
| CVE-2004-1915 | 1 Lcdproc | 1 Lcdproc | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments. | |||||
| CVE-2004-1916 | 1 Lcdproc | 1 Lcdproc | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function. | |||||
| CVE-2004-1917 | 1 Lcdproc | 1 Lcdproc | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. | |||||
| CVE-2004-1918 | 1 Rsniff | 1 Rsniff | 2017-07-11 | 5.0 MEDIUM | N/A |
| RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly. | |||||
| CVE-2004-1919 | 1 Crackalaka | 1 Crackalaka | 2017-07-11 | 5.0 MEDIUM | N/A |
| The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | |||||
| CVE-2004-1920 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2017-07-11 | 7.5 HIGH | N/A |
| X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. | |||||
| CVE-2004-1921 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2017-07-11 | 7.5 HIGH | N/A |
| X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | |||||
| CVE-2004-1923 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to gain sensitive information via a direct request to (1) banner_click.php, (2) categorize.php, (3) tiki-admin_include_directory.php, (4) tiki-directory_search.php, which reveal the web server path in an error message. | |||||
| CVE-2004-1924 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via via the (1) theme parameter to tiki-switch_theme.php, (2) find and priority parameters to messu-mailbox.php, (3) flag, priority, flagval, sort_mode, or find parameters to messu-read.php, (4) articleId parameter to tiki-read_article.php, (5) parentId parameter to tiki-browse_categories.php, (6) comments_threshold parameter to tiki-index.php (7) articleId parameter to tiki-print_article.php, (8) galleryId parameter to tiki-list_file_gallery.php, (9) galleryId parameter to tiki-upload_file.php, (10) faqId parameter to tiki-view_faq.php, (11) chartId parameter to tiki-view_chart.php, or (12) surveyId parameter to tiki-survey_stats_survey.php. | |||||
| CVE-2004-1925 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sort_mode parameter in (1) tiki-usermenu.php, (2) tiki-list_file_gallery.php, (3) tiki-directory_ranking.php, (4) tiki-browse_categories.php, (5) tiki-index.php, (6) tiki-user_tasks.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-file_galleries.php, (10) tiki-list_faqs.php, (11) tiki-list_trackers.php, (12) tiki-list_blogs.php, or via the offset parameter in (13) tiki-usermenu.php, (14) tiki-browse_categories.php, (15) tiki-index.php, (16) tiki-user_tasks.php, (17) tiki-list_faqs.php, (18) tiki-list_trackers.php, or (19) tiki-list_blogs.php. | |||||
| CVE-2004-1927 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the map feature (tiki-map.phtml) in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to determine the existence of arbitrary files via .. (dot dot) sequences in the mapfile parameter. | |||||