Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2650 | 1 Apache | 1 James | 2008-09-05 | 4.9 MEDIUM | N/A |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | |||||
| CVE-2004-2598 | 1 Id Software | 1 Quake Ii Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being notified of changes in the client state. NOTE: the impact of this issue will vary depending on which mod is being used. | |||||
| CVE-2004-2427 | 1 Axis | 14 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 11 more | 2008-09-05 | 10.0 HIGH | N/A |
| Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi. | |||||
| CVE-2004-2682 | 1 Peersec Networks | 1 Matrixssl | 2008-09-05 | 5.8 MEDIUM | N/A |
| PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147. | |||||
| CVE-2004-2407 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality. | |||||
| CVE-2004-2613 | 1 Vserver | 1 Linux-vserver | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408. | |||||
| CVE-2004-2718 | 1 Php Heaven | 1 Phpmychat | 2008-09-05 | 4.3 MEDIUM | N/A |
| PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request. | |||||
| CVE-2004-2620 | 1 Paul L Daniels | 1 Ripmime | 2008-09-05 | 5.0 MEDIUM | N/A |
| The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow. | |||||
| CVE-2004-2399 | 1 Securecomputing | 1 Sidewinder G2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. | |||||
| CVE-2004-2629 | 1 First Virtual Communications | 4 Click To Meet Express, Click To Meet Premier, Conference Server and 1 more | 2008-09-05 | 7.8 HIGH | N/A |
| Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | |||||
| CVE-2004-2672 | 1 Argosoft | 1 Ftp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors. | |||||
| CVE-2004-2406 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact. | |||||
| CVE-2004-2708 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 5.0 MEDIUM | N/A |
| Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. | |||||
| CVE-2004-2709 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 7.5 HIGH | N/A |
| Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags. | |||||
| CVE-2004-2712 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 5.0 MEDIUM | N/A |
| Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data." | |||||
| CVE-2004-2711 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval." | |||||
| CVE-2004-2710 | 1 Phrozensmoke | 1 Gyach Enhanced | 2008-09-05 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name. | |||||
| CVE-2004-2459 | 1 Gnu | 1 Gnubiff | 2008-09-05 | 2.1 LOW | N/A |
| Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table. | |||||
| CVE-2004-2179 | 1 Microsoft | 2 Frontpage, Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. | |||||
| CVE-2004-2025 | 1 Zen Cart | 1 Zen Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2004-2298 | 1 Novell | 2 Internet Messaging System, Netmail | 2008-09-05 | 6.4 MEDIUM | N/A |
| Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. | |||||
| CVE-2004-2160 | 1 Xmlstarlet | 1 Command Line Xml Toolkit | 2008-09-05 | 6.4 MEDIUM | N/A |
| Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 4.3 MEDIUM | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2004-2207 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2208 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors. | |||||
| CVE-2004-2209 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2210 | 1 Express-web | 1 Express-web Content Management System | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp. | |||||
| CVE-2004-2234 | 1 Moodle | 1 Moodle | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | |||||
| CVE-2004-2177 | 1 Devoybb | 1 Devoybb Web Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2190 | 1 Unzoo | 1 Unzoo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors. | |||||
| CVE-2004-2288 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. | |||||
| CVE-2004-2091 | 1 Microsoft | 1 Baseline Security Analyzer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. | |||||
| CVE-2004-2147 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. | |||||
| CVE-2004-2235 | 1 Moodle | 1 Moodle | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. | |||||
| CVE-2004-2287 | 1 Dsm | 1 Light Web File Browser | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter. | |||||
| CVE-2004-2247 | 1 Goosequill | 1 Audienceconnect | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. | |||||
| CVE-2004-2225 | 1 Mozilla | 1 Firefox | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button. | |||||
| CVE-2004-2364 | 1 Phpx | 1 Phpx | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php. | |||||
| CVE-2004-2338 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. | |||||
| CVE-2004-2246 | 1 Goollery | 1 Goollery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. | |||||
| CVE-2004-2070 | 1 Altiris | 1 Client Service | 2008-09-05 | 7.2 HIGH | N/A |
| The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. | |||||
| CVE-2004-2283 | 1 Daniel Barron | 1 Dansguardian | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. | |||||
| CVE-2004-2282 | 1 Daniel Barron | 1 Dansguardian | 2008-09-05 | 5.0 MEDIUM | N/A |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. | |||||
| CVE-2004-2178 | 1 Devoybb | 1 Devoybb Web Forum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2281 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. | |||||
| CVE-2004-2273 | 1 Evan Sims | 1 Effingerd | 2008-09-05 | 5.0 MEDIUM | N/A |
| efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. | |||||
| CVE-2004-2185 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage. | |||||
| CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | |||||
| CVE-2004-2187 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors. | |||||
| CVE-2004-2183 | 1 Wehelpbus | 1 Wehelpbus | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. | |||||