Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0242 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command. | |||||
| CVE-2004-0241 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 10.0 HIGH | N/A |
| X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php. | |||||
| CVE-2004-0240 | 1 Qualiteam | 1 X-cart | 2017-07-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php. | |||||
| CVE-2004-0239 | 1 Photopost | 1 Photopost Php Pro | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable. | |||||
| CVE-2004-1330 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username. | |||||
| CVE-2004-1327 | 1 Crystal Art Software | 1 Crystal Ftp | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension. | |||||
| CVE-2004-1326 | 1 Ultrix | 1 Dxterm | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute arbitrary code via a long -setup parameter. | |||||
| CVE-2004-1325 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 5.0 MEDIUM | N/A |
| The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system. | |||||
| CVE-2004-1209 | 1 Verisign | 1 Payflow Link | 2017-07-11 | 5.0 MEDIUM | N/A |
| Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase. | |||||
| CVE-2004-1208 | 1 21-6 Productions | 1 Orbz | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request. | |||||
| CVE-2004-1324 | 1 Microsoft | 1 Windows Media Player | 2017-07-11 | 2.6 LOW | N/A |
| The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer. | |||||
| CVE-2004-1203 | 1 Phpcms | 1 Phpcms | 2017-07-11 | 5.0 MEDIUM | N/A |
| parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. | |||||
| CVE-2004-1202 | 1 Phpcms | 1 Phpcms | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | |||||
| CVE-2004-1200 | 1 Mozilla | 1 Firefox | 2017-07-11 | 5.0 MEDIUM | N/A |
| Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2004-1199 | 1 Apple | 1 Safari | 2017-07-11 | 5.0 MEDIUM | N/A |
| Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | |||||
| CVE-2004-1197 | 1 Insite | 2 Inmail, Inshop | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter. | |||||
| CVE-2004-1196 | 1 Insite | 2 Inmail, Inshop | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter. | |||||
| CVE-2004-1195 | 1 Lucasarts | 1 Star Wars Battlefront | 2017-07-11 | 5.0 MEDIUM | N/A |
| Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory. | |||||
| CVE-2004-1194 | 1 Lucasarts | 1 Star Wars Battlefront | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname. | |||||
| CVE-2004-1192 | 1 Citadel | 1 Ux | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server. | |||||
| CVE-2004-1191 | 1 Suse | 1 Suse Linux | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." | |||||
| CVE-2004-1323 | 1 Netbsd | 1 Netbsd | 2017-07-11 | 2.1 LOW | N/A |
| Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions. | |||||
| CVE-2004-1322 | 1 Cisco | 1 Unity Server | 2017-07-11 | 7.5 HIGH | N/A |
| Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages. | |||||
| CVE-2004-1181 | 1 Toshiaki Kanosue | 1 Htmlheadline | 2017-07-11 | 4.6 MEDIUM | N/A |
| htmlheadline before 21.8 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2004-1176 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2004-1174 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles." | |||||
| CVE-2004-1172 | 1 Symantec Veritas | 1 Backup Exec | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname. | |||||
| CVE-2004-1171 | 3 Kde, Mandrakesoft, Redhat | 3 Kde, Mandrake Linux, Fedora Core | 2017-07-11 | 2.1 LOW | N/A |
| KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | |||||
| CVE-2004-1169 | 1 Mysql | 1 Maxdb | 2017-07-11 | 5.0 MEDIUM | N/A |
| MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference. | |||||
| CVE-2004-1168 | 1 Mysql | 1 Maxdb | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header. | |||||
| CVE-2004-1167 | 1 Gentoo | 1 Mirrorselect | 2017-07-11 | 5.0 MEDIUM | N/A |
| mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-1164 | 1 Cisco | 1 Cns Network Registrar | 2017-07-11 | 5.0 MEDIUM | N/A |
| The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence." | |||||
| CVE-2004-1163 | 1 Cisco | 1 Cns Network Registrar | 2017-07-11 | 5.0 MEDIUM | N/A |
| Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. | |||||
| CVE-2004-1162 | 2 Gentoo, Scponly | 2 Linux, Scponly | 2017-07-11 | 7.5 HIGH | N/A |
| The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | |||||
| CVE-2004-1320 | 1 Asante | 1 Fm2008 Managed Ethernet Switch | 2017-07-11 | 7.5 HIGH | N/A |
| Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2004-1318 | 1 Namazu | 1 Namazu | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized. | |||||
| CVE-2004-1150 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file. | |||||
| CVE-2004-1148 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | |||||
| CVE-2004-1147 | 1 Phpmyadmin | 1 Phpmyadmin | 2017-07-11 | 10.0 HIGH | N/A |
| phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | |||||
| CVE-2004-1146 | 1 Cvstrac | 1 Cvstrac | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. | |||||
| CVE-2004-1136 | 1 Globalscape | 1 Cuteftp | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | |||||
| CVE-2004-1135 | 1 Ipswitch | 1 Ws Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | |||||
| CVE-2004-1134 | 1 Microsoft | 1 W3who.dll | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. | |||||
| CVE-2004-1133 | 1 Microsoft | 1 W3who.dll | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. | |||||
| CVE-2004-1131 | 1 Sco | 1 Openserver | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments. | |||||
| CVE-2004-1317 | 1 Netcat | 1 Netcat | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. | |||||
| CVE-2004-1130 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. | |||||
| CVE-2004-1129 | 1 Youngzsoft | 1 Cmailserver | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | |||||
| CVE-2004-1095 | 2 Debian, Zgv | 3 Debian Linux, Xzgv Image Viewer, Zgv Image Viewer | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct. | |||||
| CVE-2004-1204 | 1 Fluxbox-team | 1 Fluxbot | 2017-07-11 | 2.1 LOW | N/A |
| FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow. | |||||