Search
Total
86024 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2399 | 1 Securecomputing | 1 Sidewinder G2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries. | |||||
| CVE-2004-2718 | 1 Php Heaven | 1 Phpmychat | 2008-09-05 | 4.3 MEDIUM | N/A |
| PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request. | |||||
| CVE-2004-2653 | 1 Pd9 Software | 1 Megabbs | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp. | |||||
| CVE-2004-2654 | 1 Squid | 1 Squid | 2008-09-05 | 5.0 MEDIUM | N/A |
| The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5. | |||||
| CVE-2004-2545 | 1 Securecomputing | 1 Sidewinder G2 | 2008-09-05 | 5.0 MEDIUM | N/A |
| Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure. | |||||
| CVE-2004-2573 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter. | |||||
| CVE-2004-2613 | 1 Vserver | 1 Linux-vserver | 2008-09-05 | 10.0 HIGH | N/A |
| Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408. | |||||
| CVE-2004-2650 | 1 Apache | 1 James | 2008-09-05 | 4.9 MEDIUM | N/A |
| Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. | |||||
| CVE-2004-2662 | 1 Soft3304 | 1 04webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources. | |||||
| CVE-2004-2407 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality. | |||||
| CVE-2004-2406 | 1 Phpgroupware | 1 Phpgroupware | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact. | |||||
| CVE-2004-2658 | 1 Suse | 1 Suse Linux | 2008-09-05 | 2.1 LOW | N/A |
| resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types. | |||||
| CVE-2004-2661 | 1 Soft3304 | 1 04webserver | 2008-09-05 | 5.0 MEDIUM | N/A |
| Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code). | |||||
| CVE-2004-2664 | 1 John Lim | 1 Adodb | 2008-09-05 | 5.0 MEDIUM | N/A |
| John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. | |||||
| CVE-2004-2666 | 1 Mantis | 1 Mantis | 2008-09-05 | 5.0 MEDIUM | N/A |
| Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page. | |||||
| CVE-2004-2667 | 1 Ibm | 1 Lotus Domino | 2008-09-05 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2004-2668 | 1 Interchange Development Group | 1 Interchange | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2672 | 1 Argosoft | 1 Ftp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors. | |||||
| CVE-2004-2147 | 1 Symantec | 1 Norton Antivirus | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body. | |||||
| CVE-2004-2317 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2008-09-05 | 5.0 MEDIUM | N/A |
| Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access. | |||||
| CVE-2004-2283 | 1 Daniel Barron | 1 Dansguardian | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache. | |||||
| CVE-2004-2282 | 1 Daniel Barron | 1 Dansguardian | 2008-09-05 | 5.0 MEDIUM | N/A |
| DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request. | |||||
| CVE-2004-2281 | 1 Ibm | 1 Lotus Notes | 2008-09-05 | 10.0 HIGH | N/A |
| Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3. | |||||
| CVE-2004-2273 | 1 Evan Sims | 1 Effingerd | 2008-09-05 | 5.0 MEDIUM | N/A |
| efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error. | |||||
| CVE-2004-2070 | 1 Altiris | 1 Client Service | 2008-09-05 | 7.2 HIGH | N/A |
| The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590. | |||||
| CVE-2004-2235 | 1 Moodle | 1 Moodle | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text. | |||||
| CVE-2004-2025 | 1 Zen Cart | 1 Zen Cart | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter. | |||||
| CVE-2004-2178 | 1 Devoybb | 1 Devoybb Web Forum | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2091 | 1 Microsoft | 1 Baseline Security Analyzer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. | |||||
| CVE-2004-2177 | 1 Devoybb | 1 Devoybb Web Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2190 | 1 Unzoo | 1 Unzoo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors. | |||||
| CVE-2004-2288 | 1 Jelsoft | 1 Vbulletin | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter. | |||||
| CVE-2004-2160 | 1 Xmlstarlet | 1 Command Line Xml Toolkit | 2008-09-05 | 6.4 MEDIUM | N/A |
| Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-2209 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2194 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands. | |||||
| CVE-2004-2298 | 1 Novell | 2 Internet Messaging System, Netmail | 2008-09-05 | 6.4 MEDIUM | N/A |
| Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator. | |||||
| CVE-2004-2247 | 1 Goosequill | 1 Audienceconnect | 2008-09-05 | 10.0 HIGH | N/A |
| Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors. | |||||
| CVE-2004-2246 | 1 Goollery | 1 Goollery | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php. | |||||
| CVE-2004-2180 | 1 Wowbb | 1 Wowbb Web Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php. | |||||
| CVE-2004-2179 | 1 Microsoft | 2 Frontpage, Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. | |||||
| CVE-2004-2294 | 1 Francisco Burzi | 1 Php-nuke | 2008-09-05 | 4.3 MEDIUM | N/A |
| Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2004-2176 | 1 Microsoft | 1 Windows Xp | 2008-09-05 | 4.6 MEDIUM | N/A |
| The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls. | |||||
| CVE-2004-2183 | 1 Wehelpbus | 1 Wehelpbus | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. | |||||
| CVE-2004-2207 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2234 | 1 Moodle | 1 Moodle | 2008-09-05 | 7.5 HIGH | N/A |
| Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. | |||||
| CVE-2004-2338 | 1 Openbsd | 1 Openbsd | 2008-09-05 | 7.5 HIGH | N/A |
| OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions. | |||||
| CVE-2004-2185 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage. | |||||
| CVE-2004-2186 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. | |||||
| CVE-2004-2364 | 1 Phpx | 1 Phpx | 2008-09-05 | 5.0 MEDIUM | N/A |
| Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php. | |||||
| CVE-2004-2208 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors. | |||||