Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2268 | 1 Pimentech | 1 Pimengest2 | 2017-07-11 | 5.0 MEDIUM | N/A |
| PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php. | |||||
| CVE-2004-2269 | 1 Matt Shelton | 1 Pads | 2017-07-11 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability. | |||||
| CVE-2004-2270 | 1 Ibm | 1 Parallel Environment | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. | |||||
| CVE-2004-2272 | 1 Evan Sims | 1 Effingerd | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. | |||||
| CVE-2004-2274 | 1 W3c | 1 Jigsaw | 2017-07-11 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI. | |||||
| CVE-2004-2275 | 1 I-mall Commerce | 1 I-mall.cgi | 2017-07-11 | 10.0 HIGH | N/A |
| i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. | |||||
| CVE-2004-2276 | 1 F-secure | 1 F-secure Anti-virus | 2017-07-11 | 2.1 LOW | N/A |
| F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. | |||||
| CVE-2004-2277 | 1 Agsm | 1 Agsm | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response. | |||||
| CVE-2004-2278 | 1 Chaogic Systems | 1 Vhost | 2017-07-11 | 4.3 MEDIUM | N/A |
| Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors. | |||||
| CVE-2004-2279 | 1 Invision Power Services | 1 Invision Power Board | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php. | |||||
| CVE-2004-2311 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 3.6 LOW | N/A |
| Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog. | |||||
| CVE-2004-2284 | 1 Open Webmail | 1 Open Webmail | 2017-07-11 | 10.0 HIGH | N/A |
| The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. | |||||
| CVE-2004-2286 | 2 Activestate, Larry Wall | 2 Activeperl, Perl | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. | |||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2017-07-11 | 5.0 MEDIUM | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | |||||
| CVE-2004-2290 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 7.5 HIGH | N/A |
| Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. | |||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-11 | 3.6 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. | |||||
| CVE-2004-2292 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server. | |||||
| CVE-2004-2293 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023. | |||||
| CVE-2004-2295 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. | |||||
| CVE-2004-2296 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message. | |||||
| CVE-2004-2297 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter. | |||||
| CVE-2004-2299 | 1 Omnicron | 1 Omnihttpd | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. | |||||
| CVE-2004-2300 | 1 Ucd-snmp | 1 Ucd-snmp | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE. | |||||
| CVE-2004-2371 | 1 Redstorm | 3 Desert Siege, Ghost Recon, The Sum Of All Fears | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, which allows remote attackers to cause a denial of service (hang) via packets that contain text strings with incorrect size values. | |||||
| CVE-2004-2301 | 1 Qualcomm | 1 Eudora | 2017-07-11 | 5.0 MEDIUM | N/A |
| Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. | |||||
| CVE-2004-2303 | 1 Mtools | 1 Mformat | 2017-07-11 | 3.6 LOW | N/A |
| MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files. | |||||
| CVE-2004-2304 | 1 Cerulean Studios | 2 Trillian, Trillian Pro | 2017-07-11 | 7.5 HIGH | N/A |
| Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. | |||||
| CVE-2004-2373 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 7.5 HIGH | N/A |
| The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that involve predictable locations. | |||||
| CVE-2004-2308 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html. | |||||
| CVE-2004-2309 | 1 Crob | 1 Crob Ftp Server | 2017-07-11 | 2.1 LOW | N/A |
| Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command. | |||||
| CVE-2004-2310 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console. | |||||
| CVE-2004-2312 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||||
| CVE-2004-2313 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | |||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2017-07-11 | 7.5 HIGH | N/A |
| The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | |||||
| CVE-2004-2315 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | |||||
| CVE-2004-2316 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. | |||||
| CVE-2004-2321 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 2.1 LOW | N/A |
| BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. | |||||
| CVE-2004-2322 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. | |||||
| CVE-2004-2323 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-11 | 5.0 MEDIUM | N/A |
| DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | |||||
| CVE-2004-2324 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | |||||
| CVE-2004-2325 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2004-2408 | 1 Vserver | 1 Linux-vserver | 2017-07-11 | 3.6 LOW | N/A |
| Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server. | |||||
| CVE-2004-2327 | 1 Vizer Web Server | 1 Vizer Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests. | |||||
| CVE-2004-2328 | 1 Clearswift | 1 Mailsweeper | 2017-07-11 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached. | |||||
| CVE-2004-2329 | 1 Kerio | 1 Personal Firewall | 2017-07-11 | 7.2 HIGH | N/A |
| Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | |||||
| CVE-2004-2330 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 5.0 MEDIUM | N/A |
| ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | |||||
| CVE-2004-2331 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 2.1 LOW | N/A |
| ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | |||||
| CVE-2004-2332 | 1 Cpan | 1 Www Form | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2333 | 1 Bodington | 1 Bodington | 2017-07-11 | 5.0 MEDIUM | N/A |
| Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files. | |||||
| CVE-2004-2334 | 1 Emumail | 1 Emu Webmail | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail.fcgi, (2) the folder parameter in emumail.fcgi, or Javascript in the (3) username or (4) password field in the login page. | |||||