Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1914 | 2 Francisco Burzi, Shiba-design | 2 Php-nuke, Nukecalendar | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. | |||||
| CVE-2004-1915 | 1 Lcdproc | 1 Lcdproc | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments. | |||||
| CVE-2004-1916 | 1 Lcdproc | 1 Lcdproc | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function. | |||||
| CVE-2004-1917 | 1 Lcdproc | 1 Lcdproc | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. | |||||
| CVE-2004-1918 | 1 Rsniff | 1 Rsniff | 2017-07-11 | 5.0 MEDIUM | N/A |
| RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from being closed properly. | |||||
| CVE-2004-1919 | 1 Crackalaka | 1 Crackalaka | 2017-07-11 | 5.0 MEDIUM | N/A |
| The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. | |||||
| CVE-2004-1975 | 1 Php Arena | 1 Pafiledb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. | |||||
| CVE-2004-1976 | 1 Smc Networks | 1 Smc7004vbr | 2017-07-11 | 7.5 HIGH | N/A |
| SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900. | |||||
| CVE-2004-1920 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2017-07-11 | 7.5 HIGH | N/A |
| X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. | |||||
| CVE-2004-1921 | 1 X-micro | 1 Wlan 11b Broadband Router Firmware | 2017-07-11 | 7.5 HIGH | N/A |
| X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. | |||||
| CVE-2004-1929 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the bblogin function in functions.php in PHP-Nuke 6.x through 7.2 allows remote attackers to bypass authentication and gain access by injecting base64-encoded SQL code into the user parameter. | |||||
| CVE-2004-1930 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. | |||||
| CVE-2004-1932 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. | |||||
| CVE-2004-1933 | 1 Citadel | 1 Ux | 2017-07-11 | 2.1 LOW | N/A |
| Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. | |||||
| CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | |||||
| CVE-2004-1981 | 1 Businessobjects | 2 Crystal Enterprise, Crystal Reports | 2017-07-11 | 5.0 MEDIUM | N/A |
| The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder. | |||||
| CVE-2004-1935 | 1 Sct Corporation | 1 Campus Pipeline | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. | |||||
| CVE-2004-1936 | 1 Zonelabs | 1 Zonealarm | 2017-07-11 | 7.5 HIGH | N/A |
| ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters. | |||||
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | |||||
| CVE-2004-1938 | 1 Phorum | 1 Phorum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | |||||
| CVE-2004-1939 | 1 Rhinosoft | 1 Zaep Antispam | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. | |||||
| CVE-2004-1940 | 1 Kphone | 1 Kphone | 2017-07-11 | 5.0 MEDIUM | N/A |
| sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read. | |||||
| CVE-2004-1941 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | |||||
| CVE-2004-1942 | 1 Sun | 1 Patch Manager | 2017-07-11 | 7.5 HIGH | N/A |
| The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | |||||
| CVE-2004-1943 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2004-1944 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. | |||||
| CVE-2004-1945 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field. | |||||
| CVE-2004-1946 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-11 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability. | |||||
| CVE-2004-1947 | 1 Softwin | 1 Bitdefender | 2017-07-11 | 5.0 MEDIUM | N/A |
| The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab. | |||||
| CVE-2004-1948 | 1 Ncftp Software | 1 Ncftp | 2017-07-11 | 4.6 MEDIUM | N/A |
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | |||||
| CVE-2004-1949 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. | |||||
| CVE-2004-1950 | 1 Phpbb Group | 1 Phpbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | |||||
| CVE-2004-1951 | 1 Xine | 3 Xine, Xine-lib, Xine-ui | 2017-07-11 | 5.0 MEDIUM | N/A |
| xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. | |||||
| CVE-2004-2026 | 1 Apsis | 1 Pound | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages. | |||||
| CVE-2004-2027 | 1 Icecast | 1 Icecast | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read. | |||||
| CVE-2004-1952 | 1 Advanced Guestbook | 1 Advanced Guestbook | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. | |||||
| CVE-2004-1953 | 1 Phprofession | 1 Phprofession | 2017-07-11 | 5.0 MEDIUM | N/A |
| phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. | |||||
| CVE-2004-1954 | 1 Phprofession | 1 Phprofession | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. | |||||
| CVE-2004-1955 | 1 Phprofession | 1 Phprofession | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. | |||||
| CVE-2004-1960 | 1 Protector System | 1 Protector System | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. | |||||
| CVE-2004-1962 | 1 Protector System | 1 Protector System | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. | |||||
| CVE-2004-1963 | 1 Freshmeat | 1 Network Query Tool | 2017-07-11 | 5.0 MEDIUM | N/A |
| nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. | |||||
| CVE-2004-1964 | 1 Freshmeat | 1 Network Query Tool | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. | |||||
| CVE-2004-1965 | 1 Openbb | 1 Openbb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. | |||||
| CVE-2004-1966 | 1 Openbb | 1 Openbb | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. | |||||
| CVE-2004-1967 | 1 Openbb | 1 Openbb | 2017-07-11 | 7.5 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. | |||||
| CVE-2004-1968 | 1 Openbb | 1 Openbb | 2017-07-11 | 5.0 MEDIUM | N/A |
| The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter. | |||||
| CVE-2004-1969 | 1 Openbb | 1 Openbb | 2017-07-11 | 7.5 HIGH | N/A |
| The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. | |||||
| CVE-2004-1970 | 1 Securecomputing | 1 Smartether Ss6215s Switch | 2017-07-11 | 7.5 HIGH | N/A |
| Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. | |||||
| CVE-2004-1977 | 1 3com | 1 Webbngss3nbxnts | 2017-07-11 | 5.0 MEDIUM | N/A |
| 3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode. | |||||