Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2390 | 1 Jabberstudio | 1 Jabber Gadu-gadu Transport | 2017-07-11 | 5.0 MEDIUM | N/A |
| The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors. | |||||
| CVE-2004-2428 | 1 Abczone.it | 1 Wwwguestbook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password. | |||||
| CVE-2004-2429 | 1 Enderunix Software | 1 Spamguard | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c. | |||||
| CVE-2004-2391 | 1 Jabberstudio | 1 Jabber Gadu-gadu Transport | 2017-07-11 | 5.0 MEDIUM | N/A |
| Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty <priority/> tag. | |||||
| CVE-2004-2392 | 1 Mandrakesoft | 2 Mandrake Linux, Mandrake Linux Corporate Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. | |||||
| CVE-2004-2393 | 1 Sun | 1 Jsse | 2017-07-11 | 7.5 HIGH | N/A |
| Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS. | |||||
| CVE-2004-2394 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. | |||||
| CVE-2004-2395 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. | |||||
| CVE-2004-2396 | 1 Mandrakesoft | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall | 2017-07-11 | 7.2 HIGH | N/A |
| passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM. | |||||
| CVE-2004-2397 | 1 Bluecoat | 1 Security Gateway Os | 2017-07-11 | 5.0 MEDIUM | N/A |
| The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates. | |||||
| CVE-2004-2398 | 1 Netenberg | 1 Fantastico De Luxe | 2017-07-11 | 2.1 LOW | N/A |
| Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5. | |||||
| CVE-2004-2400 | 1 Winftp Server | 1 Winftp Server | 2017-07-11 | 2.1 LOW | N/A |
| WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials. | |||||
| CVE-2004-2430 | 1 Trend Micro | 1 Officescan | 2017-07-11 | 7.2 HIGH | N/A |
| Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges. | |||||
| CVE-2004-2401 | 1 Ipswitch | 1 Imail Express | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." | |||||
| CVE-2004-2402 | 1 Yabb | 1 Yabb | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. | |||||
| CVE-2004-2403 | 1 Yabb | 1 Yabb | 2017-07-11 | 10.0 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. | |||||
| CVE-2004-2405 | 1 F-secure | 4 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 1 more | 2017-07-11 | 6.4 MEDIUM | N/A |
| Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. | |||||
| CVE-2004-2409 | 1 Samhain Labs | 1 Samhain | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code. | |||||
| CVE-2004-2411 | 1 Virtual Programming | 1 Vp-asp | 2017-07-11 | 4.3 MEDIUM | N/A |
| The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors. | |||||
| CVE-2004-2412 | 1 Virtual Programming | 1 Vp-asp | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. | |||||
| CVE-2004-2438 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field. | |||||
| CVE-2004-2413 | 1 Virtual Programming | 1 Vp-asp | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp. | |||||
| CVE-2004-2414 | 1 Novell | 1 Netware | 2017-07-11 | 2.1 LOW | N/A |
| Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | |||||
| CVE-2004-2415 | 1 Davenport | 1 Davenport | 2017-07-11 | 5.0 MEDIUM | N/A |
| Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks. | |||||
| CVE-2004-2416 | 1 Youngzsoft | 1 Ccproxy | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-2417 | 1 Smtp.proxy | 1 Smtp.proxy | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message. | |||||
| CVE-2004-2418 | 1 Whitsoft Development | 1 Slimftpd | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT. | |||||
| CVE-2004-2419 | 1 Keene | 1 Digital Media Server | 2017-07-11 | 2.1 LOW | N/A |
| Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system. | |||||
| CVE-2004-2420 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets. | |||||
| CVE-2004-2421 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights. | |||||
| CVE-2004-2431 | 1 The Ignition Project | 1 Ignitionserver | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication. | |||||
| CVE-2004-2432 | 1 Winagents | 1 Tftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow. | |||||
| CVE-2004-2433 | 3 Altnet, Grokster, Kazaa | 3 Altnet Download Manager, Grokster, Kazaa Media Desktop | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter. | |||||
| CVE-2004-2434 | 1 Microsoft | 1 Ie | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string. | |||||
| CVE-2004-2435 | 1 Peoplesoft | 1 Hrms | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts. | |||||
| CVE-2004-2437 | 1 Php Fusion | 1 Php Fusion | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php. | |||||
| CVE-2004-2440 | 1 Proxytunnel | 1 Proxytunnel | 2017-07-11 | 2.1 LOW | N/A |
| Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users. | |||||
| CVE-2004-2441 | 1 Kerio | 1 Kerio Mailserver | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue." | |||||
| CVE-2004-2442 | 1 F-secure | 5 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 2 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system. | |||||
| CVE-2004-2443 | 1 Jaws | 1 Jaws | 2017-07-11 | 7.5 HIGH | N/A |
| Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php. | |||||
| CVE-2004-2444 | 1 Jaws | 1 Jaws | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2004-2445 | 1 Jaws | 1 Jaws | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter. | |||||
| CVE-2004-2446 | 1 1st Class Internet Solutions | 1 1st Class Mail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot dot) sequences in unknown vectors. | |||||
| CVE-2004-2447 | 1 1st Class Internet Solutions | 1 1st Class Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index script under /user/, (3) members.tagz, (4) general.tagz, (5) advanced.tagz, or (6) list.tagz. | |||||
| CVE-2004-2448 | 2 Cassiopeia, Itransact | 2 S-mart Shopping Cart, Redicart | 2017-07-11 | 5.0 MEDIUM | N/A |
| S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name. | |||||
| CVE-2004-2449 | 1 Gamespy | 2 Roger Wilco Dedicated Server, Roger Wilco Graphical Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram. | |||||
| CVE-2004-2450 | 1 Gamespy | 4 Roger Wilco, Roger Wilco Dedicated Server, Roger Wilco Graphical Server and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information. | |||||
| CVE-2004-2451 | 1 Gamespy | 3 Roger Wilco Dedicated Server, Roger Wilco Graphical Server, Rw Base Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug. | |||||
| CVE-2004-2453 | 1 Tutti Nova | 1 Tutti Nova | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors. | |||||
| CVE-2004-2454 | 1 Amsn | 1 Amsn | 2017-07-11 | 2.1 LOW | N/A |
| aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml. | |||||