Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2455 | 1 Sweex | 1 Wireless Broadband Router Accesspoint 802.11g | 2017-07-11 | 7.5 HIGH | N/A |
| Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file. | |||||
| CVE-2004-2456 | 1 Minibb | 1 Minibb | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action. | |||||
| CVE-2004-2457 | 1 3com | 1 3crwe754g72-a | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a denial of service (crash) via a large amount of UDP traffic. | |||||
| CVE-2004-2458 | 1 Open Webmail | 1 Open Webmail | 2017-07-11 | 5.0 MEDIUM | N/A |
| Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, creates new directories before authenticating, which allows remote attackers to create arbitrary directories. | |||||
| CVE-2004-2460 | 1 Gnu | 1 Gnubiff | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of service (application crash) via an "infinite" Unique IDentification Listing (UIDL) list. | |||||
| CVE-2004-2461 | 1 Gnu | 1 Gnubiff | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code. | |||||
| CVE-2004-2462 | 1 Cplay | 1 Cplay | 2017-07-11 | 4.6 MEDIUM | N/A |
| cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cplay_control temporary file. | |||||
| CVE-2004-2465 | 1 Efs Software | 1 Easy Chat Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2004-2467 | 1 Efs Software | 1 Easy Chat Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then eventually cause a denial of service (server crash). | |||||
| CVE-2004-2468 | 1 Scripts For Educators | 1 Sillysearch | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. | |||||
| CVE-2004-2469 | 1 Brickhost | 1 Phpscheduleit | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attackers to modify or delete reservations. | |||||
| CVE-2004-2470 | 1 Madbms | 1 Madbms | 2017-07-11 | 10.0 HIGH | N/A |
| Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins. | |||||
| CVE-2004-2471 | 1 Jamesoff | 1 Quoteengine | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. | |||||
| CVE-2004-2472 | 1 Agnitum | 1 Outpost Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumption) via a flood of small, invalid packets, which can not be processed quickly enough by Outpost Pro. | |||||
| CVE-2004-2474 | 1 Phpnews | 1 Phpnews | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL commands via the mid parameter to sendtofriend.php. | |||||
| CVE-2004-2475 | 1 Google | 1 Toolbar | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inject arbitrary web script via about.html in the About section. NOTE: some followup posts suggest that the demonstration code's use of the res:// protocol does not cross privilege boundaries, since it is not allowed in the Internet Zone. Thus this might not be a vulnerability. | |||||
| CVE-2004-2477 | 1 Diamondcs | 1 Process Guard Free | 2017-07-11 | 2.1 LOW | N/A |
| DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system by overwriting the current Service Descriptor Table (SDT) in \device\physicalmemory with the original SDT found in ntoskrnl.exe. | |||||
| CVE-2004-2481 | 1 Myproxy | 1 Myproxy | 2017-07-11 | 4.6 MEDIUM | N/A |
| MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command. | |||||
| CVE-2004-2482 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail editor and when forwarding e-mail, does not properly handle an opening OBJECT tag that does not have a closing OBJECT tag, which causes Outlook to automatically download the URI in the data property of the OBJECT tag and might allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-2483 | 1 Kerio | 1 Winroute Firewall | 2017-07-11 | 6.4 MEDIUM | N/A |
| Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, which allows remote attackers to poison the DNS cache or cause a denial of service (connection loss). | |||||
| CVE-2004-2484 | 1 Php Gift Registry | 1 Phpgiftreg | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter to (1) event.php or (2) index.php. | |||||
| CVE-2004-2485 | 1 Php Live | 1 Php Live | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remote attackers to include arbitrary files and directories via unspecified attack vectors. | |||||
| CVE-2004-2487 | 1 Nexgen | 1 Nexgen Ftp Server | 2017-07-11 | 4.0 MEDIUM | N/A |
| Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated users to read or list arbitrary files via (1) "..", (2) "\..\" (backslash dot dot), or (3) "/../" sequences in (a) RETR (get), (b) NLST (ls), (c) LIST (ls), (d) RNFR, or (e) RNTO FTP commands. | |||||
| CVE-2004-2494 | 1 Code-crafters | 1 Ability Mail Server | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attackers to inject arbitrary web script or HTML via the erromsg parameter. | |||||
| CVE-2004-2495 | 1 Code-crafters | 1 Ability Mail Server | 2017-07-11 | 7.8 HIGH | N/A |
| The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service. | |||||
| CVE-2004-2496 | 1 Opentext | 1 Opentext Firstclass | 2017-07-11 | 7.8 HIGH | N/A |
| The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search. | |||||
| CVE-2004-2497 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | |||||
| CVE-2004-2498 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors. | |||||
| CVE-2004-2499 | 1 Hitachi | 2 Web Page Generator, Web Page Generator Enterprise | 2017-07-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed." | |||||
| CVE-2004-2500 | 1 Ilohamail | 1 Ilohamail | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors. | |||||
| CVE-2004-2501 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection. | |||||
| CVE-2004-2502 | 1 Im-switch | 1 Im-switch | 2017-07-11 | 2.1 LOW | N/A |
| im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a symlink attack on the imswitcher[PID] temporary file. | |||||
| CVE-2004-2503 | 1 Inweb | 1 Mail Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services. | |||||
| CVE-2004-2504 | 1 Alt-n | 1 Mdaemon | 2017-07-11 | 7.2 HIGH | N/A |
| The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges. | |||||
| CVE-2004-2505 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 5.0 MEDIUM | N/A |
| Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | |||||
| CVE-2004-2506 | 1 Wikindx | 1 Wikindx | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file. | |||||
| CVE-2004-2507 | 1 Linksys | 1 Wvc11b | 2017-07-11 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | |||||
| CVE-2004-2508 | 1 Linksys | 1 Wvc11b | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. | |||||
| CVE-2004-2509 | 1 Ubbcentral | 1 Ubb.threads | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. | |||||
| CVE-2004-2510 | 1 Ubbcentral | 1 Ubb.threads | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. | |||||
| CVE-2004-2511 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php. | |||||
| CVE-2004-2512 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-11 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. | |||||
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. | |||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | |||||
| CVE-2004-2516 | 1 Myserver | 1 Myserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences. | |||||
| CVE-2004-2517 | 1 Myserver | 1 Myserver | 2017-07-11 | 5.0 MEDIUM | N/A |
| myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html. | |||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. | |||||
| CVE-2004-2519 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en". | |||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 4.0 MEDIUM | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | |||||
| CVE-2004-2521 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP). | |||||