Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0607 | 1 Devellion | 1 Cubecart | 2017-07-11 | 5.0 MEDIUM | N/A |
| CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message. | |||||
| CVE-2005-0571 | 1 Punbb | 1 Punbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter. | |||||
| CVE-2004-2590 | 1 Meindlsoft | 1 Cute Php Library | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions. | |||||
| CVE-2004-2589 | 1 Rob Flynn | 1 Gaim | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory. | |||||
| CVE-2005-0358 | 2 Emc, Sun | 3 Legato Networker, Solstice Backup, Storedge Enterprise Backup Software | 2017-07-11 | 7.5 HIGH | N/A |
| EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token. | |||||
| CVE-2005-0434 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 allow remote attackers to inject arbitrary HTML or web script via (1) the newdownloadshowdays parameter in a NewDownloads operation or (2) the newlinkshowdays parameter in a NewLinks operation. | |||||
| CVE-2005-0471 | 1 Sun | 2 Jdk, Jre | 2017-07-11 | 5.0 MEDIUM | N/A |
| Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names. | |||||
| CVE-2005-2455 | 1 Greasemonkey | 1 Greasemonkey | 2017-07-11 | 5.0 MEDIUM | N/A |
| Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue. | |||||
| CVE-2004-2493 | 1 Hitachi | 2 Groupmax World Wide Web, Groupmax World Wide Web Desktop | 2017-07-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, and Desktop for Jichitai allows remote authenticated users to read arbitrary .html files via the template name parameter. | |||||
| CVE-2004-2489 | 1 Ibm | 1 Informix Dynamic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename. | |||||
| CVE-2004-2492 | 1 Hitachi | 1 Groupmax World Wide Web Desktop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desktop for Jichitai 6, allows remote attackers to inject arbitrary web script or HTML via the QUERY parameter. | |||||
| CVE-2004-2490 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to execute arbitrary code via a long GL_PATH environment variable. | |||||
| CVE-2004-2131 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. | |||||
| CVE-2004-2204 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 7.2 HIGH | N/A |
| Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. | |||||
| CVE-2004-2439 | 1 Hp | 17 Color Laserjet, Color Laserjet 4600, Laserjet 2500 and 14 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware. | |||||
| CVE-2004-2241 | 1 Phorum | 1 Phorum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. | |||||
| CVE-2004-2216 | 1 Sun | 2 Java System Application Server, Java System Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate. | |||||
| CVE-2004-2452 | 1 Hitachi | 1 Cosminexus Portal Framework | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag library. | |||||
| CVE-2004-2480 | 1 National Science Foundation | 1 Squid Web Proxy Cache | 2017-07-11 | 5.0 MEDIUM | N/A |
| Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer. | |||||
| CVE-2004-2527 | 1 Microsoft | 2 Windows 2003 Server, Windows Xp | 2017-07-11 | 5.4 MEDIUM | N/A |
| The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running. | |||||
| CVE-2004-2205 | 1 Symantec Veritas | 1 Cluster Server | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors. | |||||
| CVE-2004-2211 | 1 Alivesites | 1 Alivesites Forum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp. | |||||
| CVE-2004-2525 | 1 S9y | 1 Serendipity | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable. | |||||
| CVE-2004-2526 | 1 Ibm | 1 Tivoli Directory Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter. | |||||
| CVE-2004-2488 | 1 Nexgen | 1 Nexgen Ftp Server | 2017-07-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via "C:" sequences in the (1) RETR (get), (2) NLST (ls), (3) LIST (ls), (4) RNFR, or (5) RNTO FTP commands. | |||||
| CVE-2004-2221 | 1 Mercantec | 1 Softcart | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. | |||||
| CVE-2004-1437 | 1 Pavuk | 1 Pavuk | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-1438 | 1 Subversion | 1 Subversion | 2017-07-11 | 2.1 LOW | N/A |
| The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command. | |||||
| CVE-2004-1439 | 1 Sapporoworks | 1 Black Jumbodog | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD. | |||||
| CVE-2004-1440 | 1 Putty | 1 Putty | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. | |||||
| CVE-2004-1457 | 1 Novell | 1 Bordermanager | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISAKMP Protocol Test Suite. | |||||
| CVE-2004-1459 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. | |||||
| CVE-2004-1460 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. | |||||
| CVE-2004-1461 | 1 Cisco | 2 Secure Access Control Server, Secure Acs Solution Engine | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. | |||||
| CVE-2004-1407 | 1 Singapore | 1 Image Gallery Web Application | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php. | |||||
| CVE-2004-1408 | 1 Singapore | 1 Image Gallery Web Application | 2017-07-11 | 7.5 HIGH | N/A |
| The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. | |||||
| CVE-2004-1411 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 2.6 LOW | N/A |
| Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters. | |||||
| CVE-2004-1412 | 1 Kayako | 1 Esupport | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter. | |||||
| CVE-2004-1413 | 1 Kayako | 1 Esupport | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22 parameters to index.php, or (6) the e-mail field of the Forgot Key feature. | |||||
| CVE-2004-1415 | 1 Ben3w | 1 2bgal | 2017-07-11 | 5.0 MEDIUM | N/A |
| SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter. | |||||
| CVE-2004-1418 | 1 Wirtualna Polska | 1 Wpkontakt | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error is generated. | |||||
| CVE-2004-1420 | 1 Whm | 1 Autopilot | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter. | |||||
| CVE-2004-1421 | 1 Whm | 1 Whm Autopilot | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1422 | 1 Whm | 1 Whm Autopilot | 2017-07-11 | 5.0 MEDIUM | N/A |
| WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings. | |||||
| CVE-2004-1427 | 1 Korweblog | 1 Korweblog | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded. | |||||
| CVE-2004-1428 | 1 Argosoft | 1 Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. | |||||
| CVE-2004-1500 | 2 Freeform Interactive, Monolith Productions | 11 Purge Jihad, Alien Versus Predator, Blood and 8 more | 2017-07-11 | 2.1 LOW | N/A |
| Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message. | |||||
| CVE-2004-1501 | 1 Software602 | 1 602lan Suite | 2017-07-11 | 5.0 MEDIUM | N/A |
| The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length value, then disconnecting without sending that amount of data. | |||||
| CVE-2004-1502 | 1 Software602 | 1 602lan Suite | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network interface, which causes a loop. | |||||
| CVE-2004-1429 | 1 Argosoft | 1 Ftp Server | 2017-07-11 | 7.5 HIGH | N/A |
| ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||