Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1602 | 1 Proftpd Project | 1 Proftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. | |||||
| CVE-2004-1603 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 5.0 MEDIUM | N/A |
| cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | |||||
| CVE-2004-1567 | 1 Silent-storm | 1 Silent-storm Portal | 2017-07-11 | 7.5 HIGH | N/A |
| profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator. | |||||
| CVE-2004-1568 | 1 Parachat | 1 Parachat Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL. | |||||
| CVE-2004-1569 | 1 Illustrate | 2 Dbpoweramp Audio Player, Dbpoweramp Music Converter | 2017-07-11 | 4.0 MEDIUM | N/A |
| Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or execute arbitrary code via a .pls or .m3u playlist that contains long File1 (filename) fields. | |||||
| CVE-2004-1570 | 1 Eaden Mckee | 1 Bblog | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter. | |||||
| CVE-2004-1571 | 1 Aj-fork | 1 Aj-fork | 2017-07-11 | 5.0 MEDIUM | N/A |
| AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.php, (6) disable-all-comments.php, (7) easy-date-format.php, (8) enable-disable-comments.php, (9) filter-by-author.php, (10) format-switcher.php, (11) long-to-short.php, (12) prospective-posting.php, or (13) sort-by-xfield.php, which displays the full path in an error message. | |||||
| CVE-2004-1572 | 1 Aj-fork | 1 Aj-fork | 2017-07-11 | 5.0 MEDIUM | N/A |
| AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP request. | |||||
| CVE-2004-1573 | 2 Aj-fork, Cutephp | 2 Aj-fork, Cutenews | 2017-07-11 | 7.2 HIGH | N/A |
| The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator. | |||||
| CVE-2004-1652 | 1 Brickhost | 1 Phpscheduleit | 2017-07-11 | 7.5 HIGH | N/A |
| phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges. | |||||
| CVE-2004-1574 | 1 Vypress | 1 Vypres Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field. | |||||
| CVE-2004-1575 | 1 Apache | 1 Xerces-c\+\+ | 2017-07-11 | 5.0 MEDIUM | N/A |
| The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document. | |||||
| CVE-2004-1576 | 1 Megalo | 1 Judge Dredd Dredd Vs. Death | 2017-07-11 | 5.0 MEDIUM | N/A |
| Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a chat message. | |||||
| CVE-2004-1577 | 1 Greg Donald | 1 Phplinks | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1578 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header. | |||||
| CVE-2004-1580 | 1 Devellion | 1 Cubecart | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. | |||||
| CVE-2004-1581 | 1 Blackboard | 1 Blackboard | 2017-07-11 | 5.0 MEDIUM | N/A |
| BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-1582 | 1 Blackboard Internet Newsboard System | 1 Blackboard Internet Newsboard System | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php. | |||||
| CVE-2004-1584 | 1 Wordpress | 1 Wordpress | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter. | |||||
| CVE-2004-1585 | 1 Jera Technology | 1 Flash Messaging | 2017-07-11 | 5.0 MEDIUM | N/A |
| Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters. | |||||
| CVE-2004-1587 | 1 Monolith Productions | 4 Alien Versus Predator, Blood, No One Lives Forever and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query. | |||||
| CVE-2004-1588 | 1 Gosmart | 1 Gosmart Message Board | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp. | |||||
| CVE-2004-1589 | 1 Gosmart | 1 Gosmart Message Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp. | |||||
| CVE-2004-1590 | 1 Clientexec | 1 Clientexec | 2017-07-11 | 5.0 MEDIUM | N/A |
| Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function. | |||||
| CVE-2004-1591 | 1 Micronet | 1 Sp916bm | 2017-07-11 | 7.5 HIGH | N/A |
| The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access. | |||||
| CVE-2004-1593 | 1 Sct Corporation | 1 Campus Pipeline | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. | |||||
| CVE-2004-1594 | 1 E-zone Media Inc. | 1 Fusetalk | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag. | |||||
| CVE-2004-1595 | 1 Shixxnote | 1 Shixxnote | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field. | |||||
| CVE-2004-1596 | 1 3com | 1 3cradsl72 | 2017-07-11 | 7.5 HIGH | N/A |
| The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. | |||||
| CVE-2004-1597 | 1 Rim | 1 Blackberry | 2017-07-11 | 5.0 MEDIUM | N/A |
| RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored. | |||||
| CVE-2004-1598 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 5.0 MEDIUM | N/A |
| Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory. | |||||
| CVE-2004-1599 | 1 Coolphp | 1 Coolphpweb Portal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters. | |||||
| CVE-2004-1600 | 1 Coolphp | 1 Coolphp | 2017-07-11 | 5.0 MEDIUM | N/A |
| index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message. | |||||
| CVE-2004-1601 | 1 Coolphp | 1 Coolphp Web Portal | 2017-07-11 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter. | |||||
| CVE-2004-1605 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 7.5 HIGH | N/A |
| SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator. | |||||
| CVE-2004-1606 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 6.4 MEDIUM | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie. | |||||
| CVE-2004-1607 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 5.0 MEDIUM | N/A |
| slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message. | |||||
| CVE-2004-1608 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation. | |||||
| CVE-2004-1609 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 5.0 MEDIUM | N/A |
| SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access. | |||||
| CVE-2004-1611 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2017-07-11 | 5.1 MEDIUM | N/A |
| SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707. | |||||
| CVE-2004-1612 | 1 Saleslogix Corporation | 1 Saleslogix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request. | |||||
| CVE-2004-1616 | 1 Links | 1 Links | 2017-07-11 | 5.0 MEDIUM | N/A |
| Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme. | |||||
| CVE-2004-1618 | 1 Vypress | 1 Tonecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream. | |||||
| CVE-2004-1619 | 1 Akella | 1 Privateers Bounty Age Of Sail Ii | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname. | |||||
| CVE-2004-1620 | 1 S9y | 1 Serendipity | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php. | |||||
| CVE-2004-1621 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature. | |||||
| CVE-2004-1622 | 1 Ubbcentral | 1 Ubb.threads | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter. | |||||
| CVE-2004-1623 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 5.0 MEDIUM | N/A |
| The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF. | |||||
| CVE-2004-1624 | 1 Altiris | 1 Carbon Copy | 2017-07-11 | 7.2 HIGH | N/A |
| Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe). | |||||
| CVE-2004-1625 | 1 Pgina | 1 Pgina | 2017-07-11 | 5.0 MEDIUM | N/A |
| pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown. | |||||