Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1981 | 1 Businessobjects | 2 Crystal Enterprise, Crystal Reports | 2017-07-11 | 5.0 MEDIUM | N/A |
| The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder. | |||||
| CVE-2004-1982 | 1 Yabb | 1 Yabb | 2017-07-11 | 5.0 MEDIUM | N/A |
| Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. | |||||
| CVE-2004-1983 | 2 Gentoo, The Pax Team | 2 Linux, Pax Linux | 2017-07-11 | 2.1 LOW | N/A |
| The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2004-1984 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. | |||||
| CVE-2004-1985 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. | |||||
| CVE-2004-1986 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. | |||||
| CVE-2004-1987 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. | |||||
| CVE-2004-1988 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. | |||||
| CVE-2004-1989 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. | |||||
| CVE-2004-1990 | 1 Aldo Vargas | 1 Aldos Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request. | |||||
| CVE-2004-1993 | 1 Omail | 1 Omail Webmail | 2017-07-11 | 10.0 HIGH | N/A |
| The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password. | |||||
| CVE-2004-1994 | 1 E-zone Media Inc. | 1 Fusetalk | 2017-07-11 | 5.0 MEDIUM | N/A |
| FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. | |||||
| CVE-2004-1995 | 1 E-zone Media Inc. | 1 Fusetalk | 2017-07-11 | 7.5 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | |||||
| CVE-2004-1996 | 1 Simple Machines | 1 Smf | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. | |||||
| CVE-2004-1997 | 2 Kolab, Openpkg | 2 Kolab Groupware Server, Openpkg | 2017-07-11 | 4.6 MEDIUM | N/A |
| Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. | |||||
| CVE-2004-1999 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. | |||||
| CVE-2004-2002 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet. | |||||
| CVE-2004-2003 | 1 Delegate | 1 Delegate | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field. | |||||
| CVE-2004-2004 | 1 Suse | 1 Suse Linux | 2017-07-11 | 10.0 HIGH | N/A |
| The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. | |||||
| CVE-2004-2005 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. | |||||
| CVE-2004-2006 | 1 Trend Micro | 1 Officescan | 2017-07-11 | 4.6 MEDIUM | N/A |
| Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | |||||
| CVE-2004-2007 | 1 Adam Webb | 1 Nukejokes | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function. | |||||
| CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2017-07-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | |||||
| CVE-2004-2009 | 1 Adam Webb | 1 Nukejokes | 2017-07-11 | 5.0 MEDIUM | N/A |
| NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message. | |||||
| CVE-2004-2010 | 1 Phpshop | 1 Phpshop | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg. | |||||
| CVE-2004-2012 | 3 Netbsd, Niels, Vladimir Kotal | 3 Netbsd, Provos Systrace, Systrace Port For Freebsd | 2017-07-11 | 7.2 HIGH | N/A |
| The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | |||||
| CVE-2004-2013 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.2 HIGH | N/A |
| Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory. | |||||
| CVE-2004-2015 | 1 Webct | 1 Webct | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. | |||||
| CVE-2004-2016 | 1 Netchat | 1 Subnet Chat Application | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2004-2017 | 1 Turbotraffictrader | 1 Turbotraffictrader C | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel. | |||||
| CVE-2004-2018 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-2019 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message. | |||||
| CVE-2004-2021 | 1 Oscommerce | 1 Oscommerce | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument. | |||||
| CVE-2004-2022 | 1 Activestate | 1 Activeperl | 2017-07-11 | 2.1 LOW | N/A |
| ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl. | |||||
| CVE-2004-2026 | 1 Apsis | 1 Pound | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages. | |||||
| CVE-2004-2027 | 1 Icecast | 1 Icecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. | |||||
| CVE-2004-2028 | 1 E107 | 1 E107 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbitrary web script or HTML via the referer parameter to log.php. | |||||
| CVE-2004-2029 | 1 Trevor Hogan | 1 Bnbt | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value. | |||||
| CVE-2004-2030 | 1 Liferay | 1 Liferay Enterprise Portal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10/1/2004 allow remote attackers to inject arbitrary web script or HTML, as demonstrated using the message subject. | |||||
| CVE-2004-2031 | 1 E107 | 1 E107 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbitrary web script or HTML via the (1) URL, (2) MSN, or (3) AIM fields. | |||||
| CVE-2004-2032 | 1 Netgear | 1 Rp114 | 2017-07-11 | 7.5 HIGH | N/A |
| Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences. | |||||
| CVE-2004-2033 | 1 Orenosv | 1 Orenosv Http Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. | |||||
| CVE-2004-2034 | 1 Wildtangent | 1 Webdriver | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename. | |||||
| CVE-2004-2035 | 1 Minishare | 1 Minimal Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences. | |||||
| CVE-2004-2036 | 1 Jportal | 1 Jportal Web Portal | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter. | |||||
| CVE-2004-2037 | 1 Mollensoft Software | 1 Lightweight Ftp Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client. | |||||
| CVE-2004-2038 | 1 Neocrome | 1 Land Down Under | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attackers to inject arbitrary web script or HTML via a BBcode img tag in (1) functions.php, (2) header.php or (3) auth.inc.php. | |||||
| CVE-2004-2039 | 1 E107 | 1 E107 | 2017-07-11 | 5.0 MEDIUM | N/A |
| e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message. | |||||
| CVE-2004-2040 | 1 E107 | 1 E107 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | |||||
| CVE-2004-2041 | 1 E107 | 1 E107 | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | |||||