Vulnerabilities (CVE)

CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2189 1 Dmxready 1 Dmxready Site Chassis Manager 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2194 1 Mailenable 2 Mailenable Enterprise, Mailenable Professional 2008-09-05 5.0 MEDIUM N/A
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
CVE-2004-2338 1 Openbsd 1 Openbsd 2008-09-05 7.5 HIGH N/A
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
CVE-2004-2179 1 Microsoft 2 Frontpage, Ie 2008-09-05 5.0 MEDIUM N/A
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
CVE-2004-2178 1 Devoybb 1 Devoybb Web Forum 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2176 1 Microsoft 1 Windows Xp 2008-09-05 4.6 MEDIUM N/A
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
CVE-2004-1754 1 Symantec 2 Enterprise Firewall, Gateway Security 2008-09-05 5.0 MEDIUM N/A
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
CVE-2004-1785 1 Invision Power Services 1 Invision Board 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
CVE-2004-1788 1 Asp-nuke 1 Asp-nuke 2008-09-05 5.0 MEDIUM N/A
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.
CVE-2004-1783 1 Net2soft 1 Flash Ftp Server 2008-09-05 7.5 HIGH N/A
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
CVE-2004-1891 1 Sgi 1 Irix 2008-09-05 5.0 MEDIUM N/A
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.
CVE-2004-2001 1 Sgi 1 Irix 2008-09-05 4.6 MEDIUM N/A
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
CVE-2004-1791 1 Edimax 1 Full Rate Adsl Router 2008-09-05 7.5 HIGH N/A
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.
CVE-2004-1795 1 Info Touch 1 Surfnet 2008-09-05 2.1 LOW N/A
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
CVE-2004-1777 1 Skype Technologies 1 Skype 2008-09-05 5.0 MEDIUM N/A
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
CVE-2004-1780 1 Info Touch 1 Surfnet 2008-09-05 4.6 MEDIUM N/A
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
CVE-2004-2024 1 Zen Cart 1 Zen Cart 2008-09-05 7.5 HIGH N/A
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVE-2004-1781 1 Info Touch 1 Surfnet 2008-09-05 4.6 MEDIUM N/A
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
CVE-2004-1342 1 Cvs 1 Cvs 2008-09-05 7.5 HIGH N/A
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
CVE-2004-1343 1 Cvs 1 Cvs 2008-09-05 5.0 MEDIUM N/A
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
CVE-2004-1374 1 Netbsd 1 Netbsd 2008-09-05 7.2 HIGH N/A
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
CVE-2004-1450 1 Mozilla 1 Mozilla 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
CVE-2004-1451 1 Mozilla 1 Mozilla 2008-09-05 2.6 LOW N/A
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2008-09-05 2.6 LOW N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2004-1160 1 Netscape 1 Navigator 2008-09-05 7.5 HIGH N/A
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVE-2004-1039 1 Sco 2 Openserver, Unixware 2008-09-05 5.0 MEDIUM N/A
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.
CVE-2004-1077 1 Citrix 2 Metaframe Client, Program Neighborhood Agent 2008-09-05 5.0 MEDIUM N/A
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
CVE-2004-1312 1 Gfi 2 Mailessentials, Mailsecurity 2008-09-05 10.0 HIGH N/A
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
CVE-2004-0997 1 Linux 1 Linux Kernel 2008-09-05 4.6 MEDIUM N/A
Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.
CVE-2004-1078 1 Citrix 2 Metaframe Client, Program Neighborhood Agent 2008-09-05 7.5 HIGH N/A
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.
CVE-2004-0944 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2008-09-05 5.0 MEDIUM N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
CVE-2004-0945 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2008-09-05 5.0 MEDIUM N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.
CVE-2004-0924 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2008-09-05 5.0 MEDIUM N/A
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
CVE-2004-0921 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2008-09-05 7.5 HIGH N/A
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
CVE-2004-0922 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2008-09-05 5.0 MEDIUM N/A
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
CVE-2004-0927 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2008-09-05 5.0 MEDIUM N/A
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
CVE-2004-0926 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2008-09-05 10.0 HIGH N/A
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
CVE-2004-0540 1 Microsoft 1 Windows 2000 2008-09-05 10.0 HIGH N/A
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
CVE-2004-0561 1 University Of Minnesota 1 Gopherd 2008-09-05 7.5 HIGH N/A
Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVE-2004-0560 1 University Of Minnesota 1 Gopherd 2008-09-05 7.5 HIGH N/A
Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.
CVE-2004-0498 1 Stonesoft 1 Firewall Engine 2008-09-05 5.0 MEDIUM N/A
The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.
CVE-2003-1539 1 Onedotoh 1 Simple File Manager 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.
CVE-2003-1542 1 Ondrej Jombik 1 Phpwebfilemanager 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in plugins/file.php in phpWebFileManager before 0.4.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the fm_path parameter.
CVE-2003-1485 1 Clearswift 1 Mailsweeper 2008-09-05 5.0 MEDIUM N/A
Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to bypass filtering via a file attachment that contains "multiple extensions combined with large blocks of white space."
CVE-2004-0096 1 Apache 1 Mod Python 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
CVE-2003-1466 1 Phorum 1 Phorum 2008-09-05 7.5 HIGH N/A
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
CVE-2004-0090 1 Apple 2 Mac Os X, Mac Os X Server 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
CVE-2004-0049 1 Realnetworks 2 Helix Universal Mobile Server, Helix Universal Server 2008-09-05 6.8 MEDIUM N/A
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
CVE-2003-1508 1 Mirc 1 Mirc 2008-09-05 4.3 MEDIUM N/A
Buffer overflow in mIRC 6.12, when the DCC get dialog window has been minimized and the user opens the minimized window, allows remote attackers to cause a denial of service (crash) via a long filename.
CVE-2004-0041 1 Mod Auth Shadow 1 Mod Auth Shadow 2008-09-05 7.5 HIGH N/A
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.