Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1626 | 1 Code-crafters | 1 Ability Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command. | |||||
| CVE-2004-1627 | 1 Code-crafters | 1 Ability Server | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command. | |||||
| CVE-2004-1629 | 1 Distinct Web Creations | 1 Dwc Articles | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-1661 | 1 Sitecubed | 1 Mailworks Professional | 2017-07-11 | 7.5 HIGH | N/A |
| MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." | |||||
| CVE-2004-1630 | 1 Openwfe | 1 Work Flow Engine | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter. | |||||
| CVE-2004-1631 | 1 Openwfe | 1 Work Flow Engine | 2017-07-11 | 5.0 MEDIUM | N/A |
| Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results. | |||||
| CVE-2004-1632 | 1 Moniwiki | 1 Moniwiki | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php. | |||||
| CVE-2004-1633 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter. | |||||
| CVE-2004-1634 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information. | |||||
| CVE-2004-1635 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails. | |||||
| CVE-2004-1662 | 1 Yabb | 1 Yabb | 2017-07-11 | 5.0 MEDIUM | N/A |
| YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1636 | 1 Net Integration Technologies Inc. | 1 Wvtftp | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet. | |||||
| CVE-2004-1637 | 1 Hawking Technology | 1 Har11a Dsl Router | 2017-07-11 | 7.5 HIGH | N/A |
| The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections. | |||||
| CVE-2004-1638 | 1 Tabs Laboratories | 1 Mailcarrier | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command. | |||||
| CVE-2004-1639 | 1 Mozilla | 3 Firefox, Gecko, Mozilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension. | |||||
| CVE-2004-1640 | 1 Xoops | 1 Xoops Dictionary | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the (1) terme parameter to search.php or (2) letter parameter to letter.php. | |||||
| CVE-2004-1641 | 1 South River Technologies | 1 Titan Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST. | |||||
| CVE-2004-1642 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands. | |||||
| CVE-2004-1644 | 1 Jerod Moemeka | 1 Xedus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address. | |||||
| CVE-2004-1645 | 1 Jerod Moemeka | 1 Xedus | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote attackers to execute arbitrary web script or HTML via the (1) username parameter to test.x, (2) username parameter to TestServer.x, or (3) param parameter to testgetrequest.x. | |||||
| CVE-2004-1646 | 1 Jerod Moemeka | 1 Xedus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2004-1647 | 1 Web Animations | 1 Password Protect | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp. | |||||
| CVE-2004-1648 | 1 Web Animations | 1 Password Protect | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter. | |||||
| CVE-2004-1649 | 1 Microsoft | 1 Windows 2000 | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future. | |||||
| CVE-2004-1650 | 1 D-link | 1 Dcs-900 Internet Camera | 2017-07-11 | 7.5 HIGH | N/A |
| D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | |||||
| CVE-2004-1651 | 1 Brickhost | 1 Phpscheduleit | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field. | |||||
| CVE-2004-1653 | 1 Openbsd | 1 Openssh | 2017-07-11 | 6.4 MEDIUM | N/A |
| The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | |||||
| CVE-2004-1654 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. | |||||
| CVE-2004-1655 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module. | |||||
| CVE-2004-1656 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter. | |||||
| CVE-2004-1657 | 1 Newtelligence | 1 Dasblog | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. | |||||
| CVE-2004-1658 | 1 Kerio | 1 Personal Firewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. | |||||
| CVE-2004-1659 | 1 Cutephp | 1 Cutenews | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter. | |||||
| CVE-2004-1660 | 1 Cutephp | 1 Cutenews | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php. | |||||
| CVE-2004-1664 | 1 Activision | 2 Call Of Duty, Call Of Duty United Offensive | 2017-07-11 | 5.0 MEDIUM | N/A |
| Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430. | |||||
| CVE-2004-1665 | 1 Psnews | 1 Psnews | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter. | |||||
| CVE-2004-1666 | 1 Cerulean Studios | 1 Trillian | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | |||||
| CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2017-07-11 | 5.0 MEDIUM | N/A |
| Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. | |||||
| CVE-2004-1668 | 1 Easyweb | 1 Factory Subjects Module | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters. | |||||
| CVE-2004-1669 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html. | |||||
| CVE-2004-1670 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. | |||||
| CVE-2004-1719 | 1 Merak | 1 Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. | |||||
| CVE-2004-1671 | 1 Icewarp | 1 Web Mail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html. | |||||
| CVE-2004-1672 | 1 Icewarp | 1 Web Mail | 2017-07-11 | 7.5 HIGH | N/A |
| attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request. | |||||
| CVE-2004-1673 | 1 Icewarp | 1 Web Mail | 2017-07-11 | 7.5 HIGH | N/A |
| accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter. | |||||
| CVE-2004-1674 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-11 | 7.5 HIGH | N/A |
| viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter. | |||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | |||||
| CVE-2004-1676 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message. | |||||
| CVE-2004-1677 | 1 Logicnow | 1 Perldesk | 2017-07-11 | 5.0 MEDIUM | N/A |
| pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message. | |||||
| CVE-2004-1678 | 1 Logicnow | 1 Perldesk | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs. | |||||