Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2184 | 1 Digicraft Software | 1 Yak | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put. | |||||
| CVE-2004-2195 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2017-07-11 | 5.0 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter. | |||||
| CVE-2004-2196 | 1 Zanfi Solutions | 1 Zanfi Cms Lite | 2017-07-11 | 5.0 MEDIUM | N/A |
| Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others. | |||||
| CVE-2004-2197 | 1 Kdocker | 1 Kdocker | 2017-07-11 | 7.2 HIGH | N/A |
| kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs. | |||||
| CVE-2004-2203 | 1 Ansel | 1 Ansel | 2017-07-11 | 7.5 HIGH | N/A |
| Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. | |||||
| CVE-2004-2198 | 1 Duware | 1 Duclassmate | 2017-07-11 | 6.4 MEDIUM | N/A |
| account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page. | |||||
| CVE-2004-2199 | 1 Duware | 1 Duclassified | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text. | |||||
| CVE-2004-2200 | 1 Duware | 1 Duforum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text. | |||||
| CVE-2004-2201 | 1 Duware | 1 Duforum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. | |||||
| CVE-2004-2202 | 1 Duware | 1 Duclassified | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. | |||||
| CVE-2004-2206 | 1 Natterchat | 1 Natterchat | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2212 | 1 Alivesites | 1 Alivesites Forum | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter. | |||||
| CVE-2004-2213 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request. | |||||
| CVE-2004-2214 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-11 | 7.5 HIGH | N/A |
| Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. | |||||
| CVE-2004-2215 | 1 Marc Lehmann | 1 Rxvt-unicode | 2017-07-11 | 4.6 MEDIUM | N/A |
| RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges. | |||||
| CVE-2004-2217 | 1 Ychat | 1 Ychat | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors. | |||||
| CVE-2004-2218 | 1 Phpmywebhosting | 1 Phpmywebhosting | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. | |||||
| CVE-2004-2220 | 1 F-secure | 1 F-secure Anti-virus | 2017-07-11 | 5.0 MEDIUM | N/A |
| F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection. | |||||
| CVE-2004-2222 | 1 Fsphpgallery | 1 Fsphpgallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter. | |||||
| CVE-2004-2223 | 1 Fsphpgallery | 1 Fsphpgallery | 2017-07-11 | 5.0 MEDIUM | N/A |
| FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image. | |||||
| CVE-2004-2224 | 1 Appfoundry | 1 Message Foundry | 2017-07-11 | 5.0 MEDIUM | N/A |
| Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. | |||||
| CVE-2004-2226 | 1 Mozilla | 1 Thunderbird | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server. | |||||
| CVE-2004-2227 | 1 Mozilla | 1 Firefox | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. | |||||
| CVE-2004-2228 | 1 Mozilla | 1 Firefox | 2017-07-11 | 7.2 HIGH | N/A |
| Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. | |||||
| CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | |||||
| CVE-2004-2230 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 2.1 LOW | N/A |
| Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. | |||||
| CVE-2004-2231 | 1 Zero G | 1 Installanywhere | 2017-07-11 | 1.2 LOW | N/A |
| Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. | |||||
| CVE-2004-2238 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2017-07-11 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability. | |||||
| CVE-2004-2239 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-2240 | 1 Phorum | 1 Phorum | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | |||||
| CVE-2004-2242 | 1 Phorum | 1 Phorum | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. | |||||
| CVE-2004-2243 | 1 Phorum | 1 Phorum | 2017-07-11 | 7.5 HIGH | N/A |
| Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous. | |||||
| CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2017-07-11 | 5.0 MEDIUM | N/A |
| The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | |||||
| CVE-2004-2245 | 1 Goollery | 1 Goollery | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php. | |||||
| CVE-2004-2248 | 1 Goosequill | 1 Remoteeditor | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." | |||||
| CVE-2004-2249 | 1 Goosequill | 1 Audienceconnect Secureeditor | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
| CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
| CVE-2004-2251 | 1 Astaro | 1 Security Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. | |||||
| CVE-2004-2252 | 1 Astaro | 1 Security Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||||
| CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. | |||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2017-07-11 | 7.5 HIGH | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | |||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | |||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
| CVE-2004-2257 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |||||
| CVE-2004-2258 | 1 Hummingbird | 1 Exceed | 2017-07-11 | 2.1 LOW | N/A |
| Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. | |||||
| CVE-2004-2261 | 1 E107 | 1 E107 | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. | |||||
| CVE-2004-2263 | 1 Playsms | 1 Playsms | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. | |||||
| CVE-2004-2264 | 1 Gnu | 1 Less | 2017-07-11 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed. | |||||
| CVE-2004-2266 | 1 Ansel | 1 Ansel | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. | |||||
| CVE-2004-2267 | 1 Ansel | 1 Ansel | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. | |||||