Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1928 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2017-07-11 | 7.5 HIGH | N/A |
| The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | |||||
| CVE-2004-1929 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | |||||
| CVE-2004-1930 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. | |||||
| CVE-2004-1932 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. | |||||
| CVE-2004-1933 | 1 Citadel | 1 Ux | 2017-07-11 | 2.1 LOW | N/A |
| Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. | |||||
| CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | |||||
| CVE-2004-1935 | 1 Sct Corporation | 1 Campus Pipeline | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. | |||||
| CVE-2004-1936 | 1 Zonelabs | 1 Zonealarm | 2017-07-11 | 7.5 HIGH | N/A |
| ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters. | |||||
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | |||||
| CVE-2004-1938 | 1 Phorum | 1 Phorum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | |||||
| CVE-2004-1939 | 1 Rhinosoft | 1 Zaep Antispam | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. | |||||
| CVE-2004-1940 | 1 Kphone | 1 Kphone | 2017-07-11 | 5.0 MEDIUM | N/A |
| sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read. | |||||
| CVE-2004-1941 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | |||||
| CVE-2004-1942 | 1 Sun | 1 Patch Manager | 2017-07-11 | 7.5 HIGH | N/A |
| The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | |||||
| CVE-2004-1943 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2004-1944 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. | |||||
| CVE-2004-1945 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field. | |||||
| CVE-2004-1946 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability. | |||||
| CVE-2004-1947 | 1 Softwin | 1 Bitdefender | 2017-07-11 | 5.0 MEDIUM | N/A |
| The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab. | |||||
| CVE-2004-1948 | 1 Ncftp Software | 1 Ncftp | 2017-07-11 | 4.6 MEDIUM | N/A |
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | |||||
| CVE-2004-1949 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. | |||||
| CVE-2004-1950 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | |||||
| CVE-2004-1951 | 1 Xine | 3 Xine, Xine-lib, Xine-ui | 2017-07-11 | 5.0 MEDIUM | N/A |
| xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | |||||
| CVE-2004-1952 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. | |||||
| CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2017-07-11 | 5.0 MEDIUM | N/A |
| phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-1954 | 1 Phprofession | 1 Phprofession | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. | |||||
| CVE-2004-1955 | 1 Phprofession | 1 Phprofession | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. | |||||
| CVE-2004-1956 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | |||||
| CVE-2004-1957 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php. | |||||
| CVE-2004-1958 | 1 Epic Games | 3 Unreal Engine, Unreal Tournament, Unreal Tournament 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file. | |||||
| CVE-2004-1959 | 1 Protector System | 1 Protector System | 2017-07-11 | 5.0 MEDIUM | N/A |
| blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1960 | 1 Protector System | 1 Protector System | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. | |||||
| CVE-2004-1962 | 1 Protector System | 1 Protector System | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. | |||||
| CVE-2004-1963 | 1 Freshmeat | 1 Network Query Tool | 2017-07-11 | 5.0 MEDIUM | N/A |
| nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1964 | 1 Freshmeat | 1 Network Query Tool | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. | |||||
| CVE-2004-1965 | 1 Openbb | 1 Openbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. | |||||
| CVE-2004-1966 | 1 Openbb | 1 Openbb | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. | |||||
| CVE-2004-1967 | 1 Openbb | 1 Openbb | 2017-07-11 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | |||||
| CVE-2004-1968 | 1 Openbb | 1 Openbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter. | |||||
| CVE-2004-1969 | 1 Openbb | 1 Openbb | 2017-07-11 | 7.5 HIGH | N/A |
| The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. | |||||
| CVE-2004-1970 | 1 Securecomputing | 1 Smartether Ss6215s Switch | 2017-07-11 | 7.5 HIGH | N/A |
| Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. | |||||
| CVE-2004-1971 | 1 Oscar Fafian | 1 Video Gallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1972 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. | |||||
| CVE-2004-1973 | 1 Digi | 1 Www Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters. | |||||
| CVE-2004-1974 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message. | |||||
| CVE-2004-1975 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. | |||||
| CVE-2004-1976 | 1 Smc Networks | 1 Smc7004vbr | 2017-07-11 | 7.5 HIGH | N/A |
| SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900. | |||||
| CVE-2004-1977 | 1 3com | 1 Webbngss3nbxnts | 2017-07-11 | 5.0 MEDIUM | N/A |
| 3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode. | |||||
| CVE-2004-1979 | 1 Props | 1 Props | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. | |||||
| CVE-2004-1980 | 1 Props | 1 Props | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. (dot dot) in (1) module or (2) format variables. | |||||