Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1023 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. | |||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | |||||
| CVE-2004-0713 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 6.4 MEDIUM | N/A |
| The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. | |||||
| CVE-2004-0712 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. | |||||
| CVE-2004-0711 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. | |||||
| CVE-2004-1292 | 1 Michael Kohn | 1 Ringtonetools | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file. | |||||
| CVE-2004-0709 | 1 Hp | 1 Openview Select Access | 2017-07-11 | 7.5 HIGH | N/A |
| HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions. | |||||
| CVE-2004-1022 | 1 Kerio | 3 Kerio Mailserver, Serverfirewall, Winroute Firewall | 2017-07-11 | 2.1 LOW | N/A |
| Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | |||||
| CVE-2004-0708 | 1 Moinmoin | 1 Moinmoin | 2017-07-11 | 7.5 HIGH | N/A |
| MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges. | |||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | |||||
| CVE-2004-1291 | 1 Amir Malik | 1 Qwik Smtpd | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. | |||||
| CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 2.1 LOW | N/A |
| Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | |||||
| CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. | |||||
| CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | |||||
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | |||||
| CVE-2004-0699 | 1 Checkpoint | 2 Firewall-1, Vpn-1 | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data. | |||||
| CVE-2004-0698 | 1 4d | 1 Webstar | 2017-07-11 | 3.6 LOW | N/A |
| 4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack. | |||||
| CVE-2004-0697 | 1 4d | 1 Webstar | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information. | |||||
| CVE-2004-0696 | 1 4d | 1 Webstar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character. | |||||
| CVE-2004-1290 | 1 William Hoggarth | 1 Pgn2web | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file. | |||||
| CVE-2004-0695 | 1 4d | 1 Webstar | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command. | |||||
| CVE-2004-0684 | 1 Ibm | 2 Websphere Caching Proxy Server, Websphere Edge Server Caching Proxy | 2017-07-11 | 5.0 MEDIUM | N/A |
| WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters. | |||||
| CVE-2004-0683 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories. | |||||
| CVE-2004-0682 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 7.5 HIGH | N/A |
| comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL. | |||||
| CVE-2004-0681 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter. | |||||
| CVE-2004-0680 | 1 Zoom | 1 Model 5560 X3 Ethernet Adsl Modem | 2017-07-11 | 10.0 HIGH | N/A |
| Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2004-0679 | 1 Unreal | 1 Unrealircd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses. | |||||
| CVE-2004-0677 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A"). | |||||
| CVE-2004-1289 | 1 Pcal | 1 Pcal | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file. | |||||
| CVE-2004-0676 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-11 | 10.0 HIGH | N/A |
| Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter. | |||||
| CVE-2004-0675 | 1 Mcmurtrey Whitaker And Associates | 1 Cart32 | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command. | |||||
| CVE-2004-0674 | 1 Enterasys | 3 Xsr-1805, Xsr-1850, Xsr-3000 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set. | |||||
| CVE-2004-0673 | 1 Simm-comm | 1 Sci Photo Chat | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message. | |||||
| CVE-2004-0672 | 1 Netegrity | 2 Identityminder, Policy Server | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter. | |||||
| CVE-2004-0671 | 1 Symantec | 1 Brightmail Antispam | 2017-07-11 | 5.0 MEDIUM | N/A |
| Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request. | |||||
| CVE-2004-0670 | 1 Zyxel | 1 Prestige | 2017-07-11 | 5.0 MEDIUM | N/A |
| Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password. | |||||
| CVE-2004-0669 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 7.5 HIGH | N/A |
| Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command. | |||||
| CVE-2004-1288 | 1 Siag | 1 O3read | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file. | |||||
| CVE-2004-0668 | 1 Ibm | 1 Lotus Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment. | |||||
| CVE-2004-0667 | 2 Gentoo, Rsbac | 2 Linux, Rsbac | 2017-07-11 | 7.2 HIGH | N/A |
| Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges. | |||||
| CVE-2004-1286 | 1 Napshare | 1 Napshare | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response. | |||||
| CVE-2004-0666 | 1 Popclient | 1 Popclient | 2017-07-11 | 7.5 HIGH | N/A |
| Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow. | |||||
| CVE-2004-0665 | 1 Cgiscript.net | 1 Csfaq | 2017-07-11 | 5.0 MEDIUM | N/A |
| csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message. | |||||
| CVE-2004-1021 | 1 Apple | 1 Ical | 2017-07-11 | 7.5 HIGH | N/A |
| iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. | |||||
| CVE-2004-1020 | 1 Php | 1 Php | 2017-07-11 | 5.0 MEDIUM | N/A |
| The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. | |||||
| CVE-2004-0664 | 1 Powerportal | 1 Powerportal | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter. | |||||
| CVE-2004-0663 | 1 Powerportal | 1 Powerportal | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module. | |||||
| CVE-2004-0662 | 1 Powerportal | 1 Powerportal | 2017-07-11 | 5.0 MEDIUM | N/A |
| PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message. | |||||
| CVE-2004-0661 | 1 D-link | 3 Di-604, Di-614\+, Di-624 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | |||||
| CVE-2004-0660 | 1 Cutephp | 1 Cutenews | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter. | |||||