Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0332 | 1 Extremail | 1 Extremail | 2017-07-11 | 10.0 HIGH | N/A |
| Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | |||||
| CVE-2004-0333 | 4 Gentoo, Openpkg, Uudeview and 1 more | 4 Linux, Openpkg, Uudeview and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. | |||||
| CVE-2004-0334 | 1 Innomedia | 1 Innomedia Videophone | 2017-07-11 | 5.0 MEDIUM | N/A |
| InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error. | |||||
| CVE-2004-0335 | 1 Software602 | 1 602pro Lan Suite | 2017-07-11 | 5.0 MEDIUM | N/A |
| LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. | |||||
| CVE-2004-0337 | 1 Software602 | 1 602pro Lan Suite | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future. | |||||
| CVE-2004-0338 | 1 Invision Power Services | 1 Invision Board | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter. | |||||
| CVE-2004-0339 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. | |||||
| CVE-2004-0340 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. | |||||
| CVE-2004-0341 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-11 | 2.1 LOW | N/A |
| WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline. | |||||
| CVE-2004-0342 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-11 | 2.1 LOW | N/A |
| WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | |||||
| CVE-2004-0343 | 1 Yabb | 1 Yabb | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b allow remote attackers to execute arbitrary SQL via (1) the msg parameter in ModifyMessage.php or (2) the postid parameter in ModifyMessage.php. | |||||
| CVE-2004-0345 | 1 Volition | 1 Red Faction | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Red Faction client 1.20 and earlier allows remote servers to execute arbitrary code via a long server name. | |||||
| CVE-2004-0346 | 1 Proftpd Project | 1 Proftpd | 2017-07-11 | 7.2 HIGH | N/A |
| Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 through 1.2.9rc2p allows local users to gain privileges via a 1024 byte RETR command. | |||||
| CVE-2004-0348 | 1 Spidersales | 1 Spidersales | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in viewCart.asp in SpiderSales shopping cart software allows remote attackers to execute arbitrary SQL via the userId parameter. | |||||
| CVE-2004-0349 | 1 Gweb | 1 Gweb Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2004-0350 | 1 Spidersales | 1 Spidersales | 2017-07-11 | 2.1 LOW | N/A |
| SpiderSales shopping cart does not enforce a minimum length for the private key, which can make it easier for local users to obtain the private key by factoring. | |||||
| CVE-2004-0351 | 1 Spidersales | 1 Spidersales | 2017-07-11 | 2.1 LOW | N/A |
| Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data. | |||||
| CVE-2004-0352 | 1 Cisco | 4 Content Services Switch 11000, Content Services Switch 11050, Content Services Switch 11150 and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | |||||
| CVE-2004-0353 | 1 Gnu | 1 Anubis | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string. | |||||
| CVE-2004-0354 | 1 Gnu | 1 Anubis | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c. | |||||
| CVE-2004-0355 | 1 Invision Power Services | 1 Invision Board | 2017-07-11 | 5.0 MEDIUM | N/A |
| Invision Power Board 1.3 Final allows remote attackers to gain sensitive information by selecting a file for "Personal Photo" that is not an image file, which displays the installation path in an error message. | |||||
| CVE-2004-0357 | 1 Seattle Lab Software | 1 Slmail Pro | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attackers to execute arbitrary code via (1) user.dll, (2) loadpageadmin.dll or (3) loadpageuser.dll. | |||||
| CVE-2004-0358 | 1 Virtuasystems | 1 Virtuanews Pro | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php. | |||||
| CVE-2004-0359 | 1 Invision Power Services | 1 Invision Board | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php for Invision Power Board 1.3 final allows remote attackers to execute arbitrary script as other users via the (1) c, (2) f, (3) showtopic, (4) showuser, or (5) username parameters. | |||||
| CVE-2004-0361 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | |||||
| CVE-2004-0362 | 1 Iss | 11 Blackice Agent Server, Blackice Pc Protection, Blackice Server Protection and 8 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI response containing a SRV_USER_ONLINE response packet and a SRV_META_USER response packet with long (1) nickname, (2) firstname, (3) lastname, or (4) email address fields, as exploited by the Witty worm. | |||||
| CVE-2004-0363 | 1 Symantec | 1 Norton Antispam | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method. | |||||
| CVE-2004-0364 | 1 Symantec | 1 Norton Internet Security | 2017-07-11 | 7.5 HIGH | N/A |
| The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. | |||||
| CVE-2004-0366 | 1 Leon J Breedt | 1 Pam-pgsql | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-0369 | 2 Entrust, Symantec | 5 Entrust Libkmp Isakmp Library, Enterprise Firewall, Gateway Security 5300 and 2 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote attackers to execute arbitrary code via a crafted ISAKMP payload. | |||||
| CVE-2004-0370 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| The setsockopt call in the KAME Project IPv6 implementation, as used in FreeBSD 5.2, does not properly handle certain IPv6 socket options, which could allow attackers to read kernel memory and cause a system panic. | |||||
| CVE-2004-0371 | 1 Kth | 1 Heimdal | 2017-07-11 | 5.0 MEDIUM | N/A |
| Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly perform certain consistency checks for cross-realm requests, which allows remote attackers with control of a realm to impersonate others in the cross-realm trust path. | |||||
| CVE-2004-0372 | 1 Xine | 1 Xine | 2017-07-11 | 2.1 LOW | N/A |
| xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. | |||||
| CVE-2004-0374 | 1 Interchange Development Group | 1 Interchange | 2017-07-11 | 6.4 MEDIUM | N/A |
| Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string. | |||||
| CVE-2004-0375 | 1 Symantec | 4 Client Firewall, Client Security, Norton Internet Security and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton Personal Firewall 2003 and 2004, Client Firewall 5.01 and 5.1.1, and Client Security 1.0 and 1.1 allow remote attackers to cause a denial of service (infinite loop) via a TCP packet with (1) SACK option or (2) Alternate Checksum Data option followed by a length of zero. | |||||
| CVE-2004-0376 | 1 Oftpd | 1 Oftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| oftpd 0.3.6 and earlier allows remote attackers to cause a denial of service (crash) via a PORT command with a large value. | |||||
| CVE-2004-0377 | 2 Activestate, Larry Wall | 2 Activeperl, Perl | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. | |||||
| CVE-2004-0379 | 1 Microsoft | 1 Sharepoint Portal Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts. | |||||
| CVE-2004-0382 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting. | |||||
| CVE-2004-0383 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email." | |||||
| CVE-2004-0385 | 1 Oracle | 2 Application Server Web Cache, E-business Suite | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9.0.4.0.0, 9.0.3.1.0, 9.0.2.3.0, and 9.0.0.4.0 allows remote attackers to execute arbitrary code via a long HTTP request method header to the Web Cache listener. NOTE: due to the vagueness of the Oracle advisory, it is not clear whether there are additional issues besides this overflow, although the advisory alludes to multiple "vulnerabilities." | |||||
| CVE-2004-0386 | 3 Gentoo, Mandrakesoft, Mplayer | 3 Linux, Mandrake Linux, Mplayer | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header. | |||||
| CVE-2004-0387 | 1 Realnetworks | 2 Realone Player, Realplayer | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file. | |||||
| CVE-2004-0389 | 1 Realnetworks | 1 Helix Universal Server | 2017-07-11 | 7.8 HIGH | N/A |
| RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote attackers to cause a denial of service (crash) via malformed requests that trigger a null dereference, as demonstrated using (1) GET_PARAMETER or (2) DESCRIBE requests. | |||||
| CVE-2004-0390 | 1 Sco | 1 Openserver | 2017-07-11 | 7.5 HIGH | N/A |
| SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other X login methods. | |||||
| CVE-2004-0391 | 1 Cisco | 2 Hosting Solution Engine, Wireless Lan Solution Engine | 2017-07-11 | 10.0 HIGH | N/A |
| Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting Solution Engine (HSE) 1.7 through 1.7.3 have a hardcoded username and password, which allows remote attackers to add new users, modify existing users, and change configuration. | |||||
| CVE-2004-0392 | 1 Kame | 1 Racoon | 2017-07-11 | 5.0 MEDIUM | N/A |
| racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields. | |||||
| CVE-2004-0393 | 1 Rlpr | 1 Rlpr | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function. | |||||
| CVE-2004-0394 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic. | |||||
| CVE-2004-0395 | 1 Gatos | 1 Gatos | 2017-07-11 | 7.2 HIGH | N/A |
| The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call. | |||||