Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0417 | 1 Ibm | 1 Db2 Universal Database | 2016-10-18 | 10.0 HIGH | N/A |
| Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in the future. In addition, this may be a duplicate of other issues as reported by the vendor. | |||||
| CVE-2005-0429 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 5.0 MEDIUM | N/A |
| Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter. | |||||
| CVE-2005-0430 | 1 Id Software | 1 Quake 3 Engine | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Quake 3 engine, as used in multiple game packages, allows remote attackers to cause a denial of service (shutdown game server) and possibly crash the server via a long infostring, possibly triggering a buffer overflow. | |||||
| CVE-2005-0452 | 1 Microsoft | 1 Asp.net | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted to normal ASCII characters, including ">" and "<". | |||||
| CVE-2005-0458 | 1 Oscommerce | 1 Oscommerce | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. | |||||
| CVE-2005-0318 | 1 Alt-n | 1 Webadmin | 2016-10-18 | 2.1 LOW | N/A |
| useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter. | |||||
| CVE-2005-0251 | 1 Biborb | 1 Biborb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter. | |||||
| CVE-2005-0252 | 1 Biborb | 1 Biborb | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password. | |||||
| CVE-2005-0253 | 1 Biborb | 1 Biborb | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter. | |||||
| CVE-2005-0254 | 1 Biborb | 1 Biborb | 2016-10-18 | 5.0 MEDIUM | N/A |
| BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files. | |||||
| CVE-2005-0297 | 1 Oracle | 1 Database Server | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. | |||||
| CVE-2005-0194 | 1 Squid | 1 Squid | 2016-10-18 | 10.0 HIGH | N/A |
| Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings. | |||||
| CVE-2005-0223 | 2 Compaq, Sun | 3 Tru64, Rte, Sdk | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization. | |||||
| CVE-2005-0224 | 1 Hp | 1 Virtualvault | 2016-10-18 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic. | |||||
| CVE-2005-0226 | 1 Ngircd | 1 Ngircd | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2016-10-18 | 4.0 MEDIUM | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. | |||||
| CVE-2004-2694 | 1 Microsoft | 1 Outlook Express | 2016-10-18 | 5.8 MEDIUM | N/A |
| Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". | |||||
| CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2016-10-18 | 6.4 MEDIUM | N/A |
| Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | |||||
| CVE-2005-0040 | 1 Dotnetnuke | 1 Dotnetnuke | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. | |||||
| CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2016-10-18 | 5.0 MEDIUM | N/A |
| The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | |||||
| CVE-2005-0110 | 1 Microsoft | 1 Ie | 2016-10-18 | 2.6 LOW | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. | |||||
| CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2016-10-18 | 5.0 MEDIUM | N/A |
| GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | |||||
| CVE-2004-2110 | 1 Phorum | 1 Phorum | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | |||||
| CVE-2004-2126 | 1 Iss | 1 Blackice Pc Protection | 2016-10-18 | 4.6 MEDIUM | N/A |
| The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. | |||||
| CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2016-10-18 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. | |||||
| CVE-2004-2135 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
| CVE-2004-2136 | 1 Linux | 1 Linux Kernel | 2016-10-18 | 2.1 LOW | N/A |
| dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
| CVE-2004-2052 | 1 Esesix | 1 Thintune | 2016-10-18 | 7.5 HIGH | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. | |||||
| CVE-2004-1998 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1926 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2016-10-18 | 7.5 HIGH | N/A |
| Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to inject arbitrary code via the (1) Theme, (2) Country, (3) Real Name, or (4) Displayed time zone fields in a User Profile, or the (5) Name, (6) Description, (7) URL, or (8) Country fields in a Directory/Add Site operation. | |||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-18 | 5.0 MEDIUM | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | |||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2016-10-18 | 5.0 MEDIUM | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | |||||
| CVE-2004-1799 | 1 Openbsd | 1 Openbsd | 2016-10-18 | 7.5 HIGH | N/A |
| PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. | |||||
| CVE-2004-1586 | 1 Jera Technology | 1 Flash Messaging Server | 2016-10-18 | 2.1 LOW | N/A |
| Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected. | |||||
| CVE-2004-1604 | 1 Cpanel | 1 Cpanel | 2016-10-18 | 5.0 MEDIUM | N/A |
| cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. | |||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2016-10-18 | 7.5 HIGH | N/A |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | |||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2016-10-18 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | |||||
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2016-10-18 | 5.0 MEDIUM | N/A |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | |||||
| CVE-2004-1496 | 1 Minihttpserver.net | 1 Web Forums Server | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash). | |||||
| CVE-2004-1497 | 1 Minihttpserver.net | 1 Web Forums Server | 2016-10-18 | 4.6 MEDIUM | N/A |
| Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges. | |||||
| CVE-2004-1498 | 1 Webhost Automation | 1 Helm Control Panel | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter. | |||||
| CVE-2004-1515 | 1 Jelsoft | 1 Vbulletin | 2016-10-18 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | |||||
| CVE-2004-1526 | 1 New Media Generation | 1 Hired Team Trial | 2016-10-18 | 7.5 HIGH | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator. | |||||
| CVE-2004-1405 | 1 Mediawiki | 1 Mediawiki | 2016-10-18 | 7.5 HIGH | N/A |
| MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | |||||
| CVE-2004-1409 | 1 Singapore | 1 Image Gallery Web Application | 2016-10-18 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2004-1410 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2016-10-18 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229. | |||||
| CVE-2004-1414 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2016-10-18 | 5.0 MEDIUM | N/A |
| Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images. | |||||
| CVE-2004-1426 | 1 Korweblog | 1 Korweblog | 2016-10-18 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter. | |||||
| CVE-2004-1321 | 1 Asante | 1 Fm2008 Managed Ethernet Switch | 2016-10-18 | 7.5 HIGH | N/A |
| The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2016-10-18 | 4.4 MEDIUM | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | |||||