Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1514 | 1 Soft3304 | 1 04webserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| 04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2. | |||||
| CVE-2004-1516 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module. | |||||
| CVE-2004-1518 | 1 Phorum | 1 Phorum | 2017-07-11 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. | |||||
| CVE-2004-1519 | 1 Benjamin Curtis | 1 Phpbugtracker | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation. | |||||
| CVE-2004-2265 | 1 Uudeview | 1 Uudeview | 2017-07-11 | 7.2 HIGH | N/A |
| UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. | |||||
| CVE-2004-1520 | 1 Ipswitch | 1 Imail | 2017-07-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command. | |||||
| CVE-2004-1521 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers. | |||||
| CVE-2004-1522 | 1 3do | 1 Army Men Real Time Strategy Game | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings. | |||||
| CVE-2004-1523 | 1 New Media Generation | 1 Hired Team Trial | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message. | |||||
| CVE-2004-1557 | 1 Mywebserver | 1 Mywebserver | 2017-07-11 | 6.4 MEDIUM | N/A |
| MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html. | |||||
| CVE-2004-1524 | 1 New Media Generation | 1 Hired Team Trial | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200. | |||||
| CVE-2004-1525 | 1 New Media Generation | 1 Hired Team Trial | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command. | |||||
| CVE-2004-1528 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message. | |||||
| CVE-2004-1529 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments. | |||||
| CVE-2004-1558 | 1 Ypops | 1 Ypops | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request. | |||||
| CVE-2004-2271 | 1 Minishare | 1 Minimal Http Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-1530 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters. | |||||
| CVE-2004-1531 | 1 Invision Power Services | 1 Invision Board | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter. | |||||
| CVE-2004-1532 | 1 Appserv Open Project | 1 Appserv | 2017-07-11 | 7.5 HIGH | N/A |
| AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access. | |||||
| CVE-2004-1533 | 1 Digital Mappings Systems | 1 Pop3 Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password. | |||||
| CVE-2004-1534 | 1 Zonelabs | 1 Zonealarm | 2017-07-11 | 5.0 MEDIUM | N/A |
| ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript. | |||||
| CVE-2004-1535 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1536 | 1 Ipbproarcade | 1 Ipbproarcade | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2004-1559 | 1 Wordpress | 1 Wordpress | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php. | |||||
| CVE-2004-1537 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. | |||||
| CVE-2004-1538 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2004-1539 | 1 Gearbox Software | 1 Halo Combat Evolved | 2017-07-11 | 5.0 MEDIUM | N/A |
| Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference. | |||||
| CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2017-07-11 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | |||||
| CVE-2004-1541 | 1 Van Dyke Technologies | 1 Securecrt | 2017-07-11 | 7.5 HIGH | N/A |
| SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. | |||||
| CVE-2004-1560 | 1 Microsoft | 1 Sql Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow. | |||||
| CVE-2004-1561 | 1 Icecast | 1 Icecast | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers. | |||||
| CVE-2004-1542 | 1 Raven Software | 1 Soldier Of Fortune | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply. | |||||
| CVE-2004-1543 | 1 Korweblog | 1 Korweblog | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2004-1544 | 1 Jspwiki | 1 Jspwiki | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter. | |||||
| CVE-2004-1545 | 1 Moniwiki | 1 Moniwiki | 2017-07-11 | 5.0 MEDIUM | N/A |
| UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code. | |||||
| CVE-2004-1546 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server. | |||||
| CVE-2004-1547 | 1 Onnuri Infotek | 1 Activepost Standard | 2017-07-11 | 5.0 MEDIUM | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow. | |||||
| CVE-2004-1579 | 1 Devellion | 1 Cubecart | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1548 | 1 Onnuri Infotek | 1 Activepost Standard | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename. | |||||
| CVE-2004-1549 | 1 Onnuri Infotek | 1 Activepost Standard | 2017-07-11 | 5.0 MEDIUM | N/A |
| The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection. | |||||
| CVE-2004-1550 | 1 Motorola | 1 Wr850g | 2017-07-11 | 7.5 HIGH | N/A |
| Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on. | |||||
| CVE-2004-1551 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter. | |||||
| CVE-2004-1554 | 1 Alexphpteam | 1 Alex Guestbook | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1555 | 1 Broadboard Instant | 1 Asp Message Board | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp. | |||||
| CVE-2004-1556 | 1 Mywebserver | 1 Mywebserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time. | |||||
| CVE-2004-1592 | 1 Ocportal | 1 Ocportal | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script. | |||||
| CVE-2004-1562 | 1 W-agora | 1 W-agora | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter. | |||||
| CVE-2004-1563 | 1 W-agora | 1 W-agora | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to forgot_password.php. | |||||
| CVE-2004-1564 | 1 W-agora | 1 W-agora | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the thread parameter. | |||||
| CVE-2004-1566 | 1 Silent-storm | 1 Silent-storm Portal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter. | |||||