Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2142 | 1 Jorg Schilling | 1 Sdd | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors. | |||||
| CVE-2004-1733 | 1 Mydms | 1 Mydms | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL. | |||||
| CVE-2004-1734 | 1 Mantis | 1 Mantis | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1735 | 1 Sympa | 1 Sympa | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. | |||||
| CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | |||||
| CVE-2004-1737 | 2 Gentoo, The Cacti Group | 2 Linux, Cacti | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||||
| CVE-2004-2143 | 1 Mambo | 1 Mambo Portal | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option. | |||||
| CVE-2004-1738 | 1 Jshop E-commerce | 1 Jshop Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter. | |||||
| CVE-2004-1739 | 1 Bird Chat | 1 Internet Chat Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users. | |||||
| CVE-2004-1740 | 1 Music Daemon | 1 Music Daemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST. | |||||
| CVE-2004-1741 | 1 Music Daemon | 1 Music Daemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST. | |||||
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. | |||||
| CVE-2004-1743 | 1 Efs Software | 1 Efs Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. | |||||
| CVE-2004-1744 | 1 Efs Software | 1 Efs Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests. | |||||
| CVE-2004-1745 | 1 People Can Fly | 1 Painkiller | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. | |||||
| CVE-2004-1762 | 1 F-secure | 1 F-secure Anti-virus | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV. | |||||
| CVE-2004-1746 | 1 Php Code Snippet Library | 1 Php Code Snippet Library | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters. | |||||
| CVE-2004-1747 | 1 Network Everywhere | 1 Nr041 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option. | |||||
| CVE-2004-1748 | 1 Sysinternals | 1 Regmon | 2017-07-11 | 2.1 LOW | N/A |
| NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue. | |||||
| CVE-2004-1749 | 1 Toplayer | 1 Attack Mitigator | 2017-07-11 | 5.0 MEDIUM | N/A |
| Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests. | |||||
| CVE-2004-1750 | 1 Vnc | 1 Realvnc | 2017-07-11 | 5.0 MEDIUM | N/A |
| RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. | |||||
| CVE-2004-1752 | 1 Nakedsoft | 1 Gaucho | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header. | |||||
| CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-07-11 | 2.6 LOW | N/A |
| The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | |||||
| CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | |||||
| CVE-2004-1756 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | |||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2004-1763 | 1 Haht Commerce | 1 Hahtsite Scenario Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name. | |||||
| CVE-2004-1765 | 1 Mod Security | 1 Mod Security | 2017-07-11 | 7.5 HIGH | N/A |
| Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests. | |||||
| CVE-2004-1766 | 1 Juniper | 1 Netscreen-security Manager 2004 | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing. | |||||
| CVE-2004-1768 | 1 Symantec | 1 Brightmail Antispam | 2017-07-11 | 5.0 MEDIUM | N/A |
| The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters. | |||||
| CVE-2004-1769 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 10.0 HIGH | N/A |
| The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass. | |||||
| CVE-2004-1770 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 10.0 HIGH | N/A |
| The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter. | |||||
| CVE-2004-1771 | 1 Open Group | 1 Scalable Ogo | 2017-07-11 | 5.0 MEDIUM | N/A |
| Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users. | |||||
| CVE-2004-1789 | 1 Zyxel | 1 Zywall10 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. | |||||
| CVE-2004-1774 | 1 Oracle | 2 Application Server, Oracle10g | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter. | |||||
| CVE-2004-1775 | 1 Cisco | 2 Catos, Ios | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. | |||||
| CVE-2004-1776 | 1 Cisco | 1 Ios | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. | |||||
| CVE-2004-1816 | 2 Macromedia, Sun | 3 Coldfusion, Jrun, One Application Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2004-1779 | 1 Thwboard | 1 Thwboard Beta | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter. | |||||
| CVE-2004-1784 | 1 Webcam Corp | 1 Webcam Watchdog | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-1786 | 1 Iatek | 1 Portalapp | 2017-07-11 | 5.0 MEDIUM | N/A |
| PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb. | |||||
| CVE-2004-1787 | 1 Postnuke Software Foundation | 1 Postcalendar | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. | |||||
| CVE-2004-1790 | 1 Edimax | 1 Full Rate Adsl Router | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2004-1792 | 1 Yatsoft | 1 Switch Off | 2017-07-11 | 5.0 MEDIUM | N/A |
| swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000). | |||||
| CVE-2004-1793 | 1 Yatsoft | 1 Switch Off | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm. | |||||
| CVE-2004-1794 | 1 Vcard4j | 1 Vcard4j | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard. | |||||
| CVE-2004-1796 | 1 Hotnews | 1 Hotnews | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3. | |||||
| CVE-2004-1817 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. | |||||
| CVE-2004-1797 | 1 Freznoshop | 1 Freznoshop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||