Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1856 | 1 Hp | 1 Web Jetadmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. | |||||
| CVE-2004-1857 | 1 Hp | 1 Web Jetadmin | 2017-07-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. | |||||
| CVE-2004-1859 | 1 Trend Micro | 1 Interscan Viruswall For Windows Nt | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. | |||||
| CVE-2004-1860 | 1 Xmb Forum | 1 Xmb | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. | |||||
| CVE-2004-1912 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. | |||||
| CVE-2004-1861 | 1 Netsupport | 1 Netsupport School | 2017-07-11 | 4.6 MEDIUM | N/A |
| Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. | |||||
| CVE-2004-1866 | 1 Nstx | 1 Ip Over Dns Utility | 2017-07-11 | 5.0 MEDIUM | N/A |
| nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a denial of service (crash) via a large packet, which triggers a null dereference. | |||||
| CVE-2004-1867 | 1 Web Fresh | 1 Fresh Guest Book | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field. | |||||
| CVE-2004-1868 | 1 Esignal | 1 Esignal | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag. | |||||
| CVE-2004-1869 | 1 Nival Interactive | 2 Etherlords, Etherlords Ii | 2017-07-11 | 5.0 MEDIUM | N/A |
| Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory. | |||||
| CVE-2004-1870 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php. | |||||
| CVE-2004-1871 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (4) perpage, (5) sort, (6) page, (7) si, or (8) cat parameters to showmembers.php, or the (9) photo name, (10) photo description, (11) album name, or (12) album description fields. | |||||
| CVE-2004-1872 | 1 Webct | 1 Webct | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. | |||||
| CVE-2004-1874 | 1 Alan Ward | 1 A-cart | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user information forms. | |||||
| CVE-2004-1878 | 1 Linbit Technologies | 1 Linbox Officeserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). | |||||
| CVE-2004-1879 | 1 Phpkit | 1 Phpkit | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. | |||||
| CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | |||||
| CVE-2004-1882 | 1 Cactusoft | 1 Cactushop | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. | |||||
| CVE-2004-1956 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. | |||||
| CVE-2004-1887 | 1 Ada | 1 Imgsvr | 2017-07-11 | 5.0 MEDIUM | N/A |
| Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null). | |||||
| CVE-2004-1889 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. | |||||
| CVE-2004-1890 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. | |||||
| CVE-2004-1957 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 2.6 LOW | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the Web_links module, or (3) hlpfile parameter to openwindow.php. | |||||
| CVE-2004-1892 | 1 Emule | 1 Emule | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. | |||||
| CVE-2004-1893 | 1 Macromedia | 2 Dreamweaver, Dreamweaver Ultradev | 2017-07-11 | 5.0 MEDIUM | N/A |
| Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. | |||||
| CVE-2004-1894 | 1 Pragma Ade | 1 Context | 2017-07-11 | 2.1 LOW | N/A |
| TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log. | |||||
| CVE-2004-1958 | 1 Epic Games | 3 Unreal Engine, Unreal Tournament, Unreal Tournament 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file. | |||||
| CVE-2004-1959 | 1 Protector System | 1 Protector System | 2017-07-11 | 5.0 MEDIUM | N/A |
| blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1895 | 1 Suse | 1 Suse Linux | 2017-07-11 | 2.1 LOW | N/A |
| YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. | |||||
| CVE-2004-1896 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 7.6 HIGH | N/A |
| Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. | |||||
| CVE-2004-1897 | 1 Tildeslash | 1 Monit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. | |||||
| CVE-2004-1898 | 1 Tildeslash | 1 Monit | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. | |||||
| CVE-2004-1899 | 1 Tildeslash | 1 Monit | 2017-07-11 | 5.0 MEDIUM | N/A |
| The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. | |||||
| CVE-2004-1900 | 1 Pan Vision | 1 I.g.i-2 Covert Strike | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. | |||||
| CVE-2004-1901 | 1 Gentoo | 1 Linux | 2017-07-11 | 4.6 MEDIUM | N/A |
| Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. | |||||
| CVE-2004-1902 | 1 Citrix | 1 Metaframe Password Manager | 2017-07-11 | 2.1 LOW | N/A |
| The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. | |||||
| CVE-2004-1903 | 1 Blaxxun | 1 Contact 3d | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag. | |||||
| CVE-2004-1971 | 1 Oscar Fafian | 1 Video Gallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1972 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. | |||||
| CVE-2004-1973 | 1 Digi | 1 Www Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters. | |||||
| CVE-2004-1974 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 5.0 MEDIUM | N/A |
| paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message. | |||||
| CVE-2004-1904 | 1 Panda | 1 Activescan | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string. | |||||
| CVE-2004-1905 | 1 Panda | 1 Activescan | 2017-07-11 | 5.0 MEDIUM | N/A |
| ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function. | |||||
| CVE-2004-1906 | 1 Mcafee | 1 Freescan | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. | |||||
| CVE-2004-1907 | 1 Kerio | 1 Personal Firewall | 2017-07-11 | 2.6 LOW | N/A |
| The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". | |||||
| CVE-2004-1908 | 1 Mcafee | 1 Freescan | 2017-07-11 | 5.0 MEDIUM | N/A |
| McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters. | |||||
| CVE-2004-1909 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 2.6 LOW | N/A |
| Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm. | |||||
| CVE-2004-1910 | 1 Symantec | 1 Security Check Virus Detection | 2017-07-11 | 5.0 MEDIUM | N/A |
| rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged. | |||||
| CVE-2004-1911 | 1 Azerbaijan Development Group | 1 Azdgdating | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. | |||||
| CVE-2004-1913 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. | |||||