Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. | |||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | |||||
| CVE-2004-2516 | 1 Myserver | 1 Myserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences. | |||||
| CVE-2004-2517 | 1 Myserver | 1 Myserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html. | |||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. | |||||
| CVE-2004-2519 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en". | |||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 4.0 MEDIUM | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | |||||
| CVE-2004-2521 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP). | |||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. | |||||
| CVE-2004-2523 | 1 Openftpd | 1 Openftpd Ftp Server | 2017-07-11 | 6.5 MEDIUM | N/A |
| Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument. | |||||
| CVE-2004-2524 | 1 Whm Autopilot | 1 Whm Autopilot | 2017-07-11 | 5.0 MEDIUM | N/A |
| clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form. | |||||
| CVE-2004-2525 | 1 S9y | 1 Serendipity | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. | |||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | |||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-11 | 5.4 MEDIUM | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | |||||
| CVE-2004-2528 | 1 Webcam Corp | 1 Webcam Watchdog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter. | |||||
| CVE-2004-2529 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities. | |||||
| CVE-2004-2530 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 2.6 LOW | N/A |
| Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which is not displayed in the dialog box. | |||||
| CVE-2004-2531 | 1 Gnu | 1 Gnutls | 2017-07-11 | 7.8 HIGH | N/A |
| X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys. | |||||
| CVE-2004-2534 | 1 Fastream | 1 Netfile Server | 2017-07-11 | 7.8 HIGH | N/A |
| Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests. | |||||
| CVE-2004-2535 | 1 Matthew Phillips | 1 Sticker | 2017-07-11 | 5.0 MEDIUM | N/A |
| The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key. | |||||
| CVE-2004-2536 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.5 HIGH | N/A |
| The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges. | |||||
| CVE-2004-2537 | 1 Netwin | 1 Surgemail | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug." | |||||
| CVE-2004-2538 | 1 Nilesh Dosooye | 1 Phpcodegenie | 2017-07-11 | 6.5 MEDIUM | N/A |
| Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer. | |||||
| CVE-2004-2539 | 1 Network Appliance | 2 Data Ontap, Netcache | 2017-07-11 | 7.8 HIGH | N/A |
| Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vectors, possibly related to unspecified worms, as identified by bug ID | |||||
| CVE-2004-2540 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 5.0 MEDIUM | N/A |
| readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data. | |||||
| CVE-2004-2542 | 1 Dynix | 1 Webpac | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases. | |||||
| CVE-2004-2543 | 1 Securecomputing | 1 Sidewinder G2 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | |||||
| CVE-2004-2544 | 1 Securecomputing | 1 Sidewinder G2 | 2017-07-11 | 2.1 LOW | N/A |
| Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information. | |||||
| CVE-2004-2547 | 1 Netwin | 2 Surgemail, Webmail | 2017-07-11 | 2.6 LOW | N/A |
| NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a non-existent file, which reveal the path in an error message. | |||||
| CVE-2004-0239 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | |||||
| CVE-2004-0240 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php. | |||||
| CVE-2004-0241 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 10.0 HIGH | N/A |
| X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | |||||
| CVE-2004-0242 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | |||||
| CVE-2004-0243 | 1 Ibm | 1 Aix | 2017-07-11 | 5.0 MEDIUM | N/A |
| AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods. | |||||
| CVE-2004-0245 | 1 Web Crossing Inc | 1 Web Crossing | 2017-07-11 | 5.0 MEDIUM | N/A |
| Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero. | |||||
| CVE-2004-0246 | 1 Laurent Adda | 1 Les Commentaires | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter. | |||||
| CVE-2004-0247 | 1 Cauldron | 2 Chaser Client, Chaser Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory. | |||||
| CVE-2004-0248 | 1 Phpx | 1 Phpx | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. | |||||
| CVE-2004-0249 | 1 Phpx | 1 Phpx | 2017-07-11 | 10.0 HIGH | N/A |
| PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID. | |||||
| CVE-2004-0250 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php. | |||||
| CVE-2004-0251 | 1 Rxgoogle.cgi | 1 Rxgoogle.cgi | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter. | |||||
| CVE-2004-0252 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name. | |||||
| CVE-2004-0253 | 1 Ibm | 1 Cloudscape | 2017-07-11 | 10.0 HIGH | N/A |
| IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. | |||||
| CVE-2004-0254 | 1 Crosscom Olicom | 1 Discuz | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. | |||||
| CVE-2004-0255 | 1 Xlight Ftp Server | 1 Xlight Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow. | |||||
| CVE-2004-0258 | 1 Realnetworks | 4 Realone Desktop Manager, Realone Enterprise Desktop, Realone Player and 1 more | 2017-07-11 | 7.6 HIGH | N/A |
| Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files. | |||||
| CVE-2004-0259 | 1 Joe Lumbroso Acks | 1 Formmail.php | 2017-07-11 | 9.3 HIGH | N/A |
| The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue. | |||||
| CVE-2004-0260 | 1 Cactusoft | 1 Cactushop Lite | 2017-07-11 | 5.0 MEDIUM | N/A |
| The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||. | |||||
| CVE-2004-0262 | 1 The Palace | 1 The Palace Client | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string. | |||||
| CVE-2004-0264 | 2 Jim Rees, Shaun2k2 | 2 Jim Rees Httpd, Palmhttpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue. | |||||