Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1388 | 1 Berlios | 1 Gps Daemon | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls. | |||||
| CVE-2004-1389 | 1 Veritas | 1 Netbackup | 2017-07-11 | 6.0 MEDIUM | N/A |
| Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature. | |||||
| CVE-2004-1390 | 1 Qnx | 2 Rtos, Rtp | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags. | |||||
| CVE-2004-1391 | 1 Qnx | 2 Rtos, Rtp | 2017-07-11 | 4.6 MEDIUM | N/A |
| Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious mount program. | |||||
| CVE-2004-1395 | 1 Monolith Productions | 3 Contract Jack, No One Lives Forever 2, Tron | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and possibly other games, allows remote attackers to cause a denial of service (connection refused) via a UDP packet that causes recvfrom to generate a return code that causes the listening loop to exit, as demonstrated using zero byte packets or packets between 8193 and 12280 bytes, which result in conditions that are not "Operation would block." | |||||
| CVE-2004-1396 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 2.6 LOW | N/A |
| Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file. | |||||
| CVE-2004-1397 | 1 Usemod | 1 Usemodwiki | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl. | |||||
| CVE-2004-1398 | 1 Roxio | 1 Toast | 2017-07-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument. | |||||
| CVE-2004-0577 | 1 Qbik | 1 Wingate | 2017-07-11 | 5.0 MEDIUM | N/A |
| WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory. | |||||
| CVE-2004-0578 | 1 Qbik | 1 Wingate | 2017-07-11 | 5.0 MEDIUM | N/A |
| WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory. | |||||
| CVE-2004-0579 | 2 Debian, William Deich | 2 Debian Linux, Super | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root. | |||||
| CVE-2004-0581 | 2 Gnu, Mandrakesoft | 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | |||||
| CVE-2004-0582 | 1 Webmin | 1 Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. | |||||
| CVE-2004-0583 | 3 Debian, Usermin, Webmin | 3 Debian Linux, Usermin, Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | |||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2017-07-11 | 6.8 MEDIUM | N/A |
| Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2004-0586 | 1 Ibm | 1 Acprunner | 2017-07-11 | 10.0 HIGH | N/A |
| acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods. | |||||
| CVE-2004-0588 | 1 Usermin | 1 Usermin | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages. | |||||
| CVE-2004-0590 | 3 Frees Wan, Openswan, Strongswan | 4 Frees Wan, Super Frees Wan, Openswan and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject. | |||||
| CVE-2004-0591 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. | |||||
| CVE-2004-0592 | 1 Suse | 1 Suse Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. | |||||
| CVE-2004-0593 | 1 Sygate Technologies | 2 Enforcer, Secure Enterprise | 2017-07-11 | 7.5 HIGH | N/A |
| Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules. | |||||
| CVE-2004-0596 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| The Equalizer Load-balancer for serial network interfaces (eql.c) in Linux kernel 2.6.x up to 2.6.7 allows local users to cause a denial of service via a non-existent device name that triggers a null dereference. | |||||
| CVE-2004-0601 | 1 Distcc | 1 Distcc | 2017-07-11 | 7.5 HIGH | N/A |
| distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions. | |||||
| CVE-2004-0602 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. | |||||
| CVE-2004-0603 | 1 Gnu | 1 Gzip | 2017-07-11 | 10.0 HIGH | N/A |
| gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | |||||
| CVE-2004-0604 | 2 Gentoo, Gift-fasttrack | 2 Linux, Gift-fasttrack | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. | |||||
| CVE-2004-0605 | 2 Ircd-hybrid, Ircd-ratbox | 2 Ircd-hybrid, Ircd-ratbox | 2017-07-11 | 5.0 MEDIUM | N/A |
| Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ircd-ratbox 1.5.1 and earlier, or (3) ircd-ratbox 2.0rc6 and earlier do not have a rate-limit imposed, which could allow remote attackers to cause a denial of service by repeatedly making requests, which are slowly dequeued. | |||||
| CVE-2004-0606 | 1 Infoblox | 1 Dns One Appliance | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request. | |||||
| CVE-2004-0608 | 10 Arush, Dreamforge, Epic Games and 7 more | 14 Devastation, Tnn Outdoors Pro Hunter, Unreal Engine and 11 more | 2017-07-11 | 10.0 HIGH | N/A |
| The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory. | |||||
| CVE-2004-0609 | 1 Rssh | 1 Rssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail. | |||||
| CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | |||||
| CVE-2004-0611 | 1 Netgear | 1 Fvs318 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. | |||||
| CVE-2004-0612 | 1 Zonelabs | 1 Zonealarm | 2017-07-11 | 5.1 MEDIUM | N/A |
| The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification. | |||||
| CVE-2004-0613 | 1 Osticket | 1 Osticket Sts | 2017-07-11 | 7.5 HIGH | N/A |
| osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory. | |||||
| CVE-2004-0614 | 1 Osticket | 1 Osticket Sts | 2017-07-11 | 6.4 MEDIUM | N/A |
| osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size. | |||||
| CVE-2004-0615 | 1 D-link | 3 Di-614\+, Di-624, Di-704p | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||||
| CVE-2004-0616 | 1 Bt | 1 Voyager 2000 Wireless Adsl Router | 2017-07-11 | 5.0 MEDIUM | N/A |
| The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext. | |||||
| CVE-2004-0617 | 1 Arbitroweb | 1 Arbitroweb | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter. | |||||
| CVE-2004-0618 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument. | |||||
| CVE-2004-0620 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. | |||||
| CVE-2004-0621 | 1 Zaireweb Solutions | 1 Newsletter Zws | 2017-07-11 | 10.0 HIGH | N/A |
| admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords. | |||||
| CVE-2004-0623 | 1 Gnu | 1 Gnats | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog. | |||||
| CVE-2004-0624 | 1 Artmedic Webdesign | 1 Artmedic Links | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-0625 | 1 Websoft | 1 Infinity Web | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page. | |||||
| CVE-2004-0626 | 4 Conectiva, Gentoo, Linux and 1 more | 4 Linux, Linux, Linux Kernel and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type. | |||||
| CVE-2004-0629 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string. | |||||
| CVE-2004-0630 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 10.0 HIGH | N/A |
| The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command. | |||||
| CVE-2004-0631 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command. | |||||
| CVE-2004-0632 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 7.5 HIGH | N/A |
| Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow. | |||||
| CVE-2004-0636 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message. | |||||