Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2042 | 1 E107 | 1 E107 | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. | |||||
| CVE-2004-2043 | 2 Borland Software, Firebirdsql | 3 Interbase, Interbase Superserver, Firebird | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command. | |||||
| CVE-2004-2044 | 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more | 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. | |||||
| CVE-2004-2045 | 1 Conceptronic | 1 Cadslr1 Adsl Router | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. | |||||
| CVE-2004-2046 | 1 Apc | 1 Powerchute | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2004-2047 | 1 Easyweb | 1 Easyweb Filemanager | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter. | |||||
| CVE-2004-2048 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-11 | 10.0 HIGH | N/A |
| radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access. | |||||
| CVE-2004-2049 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-11 | 4.6 MEDIUM | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. | |||||
| CVE-2004-2050 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-11 | 4.6 MEDIUM | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell. | |||||
| CVE-2004-2051 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL. | |||||
| CVE-2004-2053 | 1 Easyins | 1 Easyins | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter. | |||||
| CVE-2004-2054 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. | |||||
| CVE-2004-2055 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. | |||||
| CVE-2004-2057 | 1 Xlinesoft | 1 Asprunner | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-2058 | 1 Xlinesoft | 1 Asprunner | 2017-07-11 | 5.0 MEDIUM | N/A |
| ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | |||||
| CVE-2004-2060 | 1 Xlinesoft | 1 Asprunner | 2017-07-11 | 5.0 MEDIUM | N/A |
| ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | |||||
| CVE-2004-2061 | 1 Risearch Software | 2 Risearch, Risearch Pro | 2017-07-11 | 7.5 HIGH | N/A |
| RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL. | |||||
| CVE-2004-2062 | 1 Antiboard | 1 Antiboard | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters. | |||||
| CVE-2004-2063 | 1 Antiboard | 1 Antiboard | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter. | |||||
| CVE-2004-2064 | 1 Verylost | 1 Lostbook | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. | |||||
| CVE-2004-2065 | 1 Daniel Barron | 1 Dansguardian | 2017-07-11 | 7.5 HIGH | N/A |
| DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename. | |||||
| CVE-2004-2066 | 1 Linpha | 1 Linpha | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies. | |||||
| CVE-2004-2067 | 1 Jaws | 1 Jaws | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. | |||||
| CVE-2004-2071 | 1 Macallan | 1 Mail Solution | 2017-07-11 | 7.5 HIGH | N/A |
| Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name. | |||||
| CVE-2004-2072 | 1 Mambo | 1 Mambo Open Source | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter. | |||||
| CVE-2004-2073 | 1 Vserver | 1 Linux-vserver | 2017-07-11 | 7.2 HIGH | N/A |
| Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command. | |||||
| CVE-2004-2074 | 1 Bolintech | 1 Dream Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands. | |||||
| CVE-2004-2075 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated. | |||||
| CVE-2004-2076 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter. | |||||
| CVE-2004-2077 | 1 Nadeo | 3 Game Engine, Trackmania, Virtual Skipper | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. | |||||
| CVE-2004-2078 | 1 Red-m | 1 Red-alert | 2017-07-11 | 5.0 MEDIUM | N/A |
| Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow. | |||||
| CVE-2004-2079 | 1 Red-m | 1 Red-alert | 2017-07-11 | 7.5 HIGH | N/A |
| Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user. | |||||
| CVE-2004-2080 | 1 Red-m | 1 Red-alert | 2017-07-11 | 5.0 MEDIUM | N/A |
| Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID. | |||||
| CVE-2004-2081 | 1 Karjasoft | 1 Sami Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a GET command for an unavailable file. | |||||
| CVE-2004-2082 | 1 Karjasoft | 1 Sami Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. | |||||
| CVE-2004-2084 | 1 Jshop E-commerce | 2 Jshop Professional, Jshop Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter. | |||||
| CVE-2004-2085 | 1 Brad Fears | 1 Phpcodecabinet | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. | |||||
| CVE-2004-2086 | 1 Sambar | 1 Sambar Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. | |||||
| CVE-2004-2087 | 1 Sandsurfer | 1 Sandsurfer | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user. | |||||
| CVE-2004-2088 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message. | |||||
| CVE-2004-2089 | 1 Matrix | 1 Matrix Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. | |||||
| CVE-2004-2093 | 1 Gnu | 1 Rsync | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. | |||||
| CVE-2004-2094 | 1 Darkwet | 1 Webcam Xp | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script. | |||||
| CVE-2004-2095 | 1 Niels Provos | 1 Honeyd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd. | |||||
| CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. | |||||
| CVE-2004-2097 | 1 Suse | 1 Suse Linux | 2017-07-11 | 2.1 LOW | N/A |
| Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd. | |||||
| CVE-2004-2450 | 1 Gamespy | 4 Roger Wilco, Roger Wilco Dedicated Server, Roger Wilco Graphical Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-2451 | 1 Gamespy | 3 Roger Wilco Dedicated Server, Roger Wilco Graphical Server, Rw Base Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug. | |||||
| CVE-2004-2452 | 1 Hitachi | 1 Cosminexus Portal Framework | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library. | |||||
| CVE-2004-2453 | 1 Tutti Nova | 1 Tutti Nova | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors. | |||||