CVE-2004-2xxx

There are 780 CVE in this subgroup.
Last updated: 
← Back to 2004
ID Summary Flags Max Score
CVE-2004-2000 SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attack...
E
CVE-2004-2001 ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being se...
S
CVE-2004-2002 Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of s...
S
CVE-2004-2003 Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and ea...
E S
CVE-2004-2004 The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allo...
S
CVE-2004-2005 Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbit...
E S
CVE-2004-2006 Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installat...
E S
CVE-2004-2007 Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote at...
E
CVE-2004-2008 SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to ex...
E
CVE-2004-2009 NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a dir...
CVE-2004-2010 PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote atta...
S
CVE-2004-2011 msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (cra...
CVE-2004-2012 The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004,...
E
CVE-2004-2013 Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2...
E S
CVE-2004-2014 Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name ...
E
CVE-2004-2015 Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject a...
CVE-2004-2016 Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to...
S
CVE-2004-2017 Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remo...
E
CVE-2004-2018 PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attac...
E
CVE-2004-2019 The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive informat...
E
CVE-2004-2020 Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attacke...
E
CVE-2004-2021 Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to v...
E
CVE-2004-2022 ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems...
E
CVE-2004-2023 SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly othe...
S
CVE-2004-2024 The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin passw...
S
CVE-2004-2025 SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remot...
S
CVE-2004-2026 Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote ...
E S
CVE-2004-2027 Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (c...
S
CVE-2004-2028 Cross-site scripting (XSS) vulnerability in stats.php in e107 allows remote attackers to inject arbi...
CVE-2004-2029 The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows re...
E S
CVE-2004-2030 Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for Liferay before 2.2.0 release 10...
S
CVE-2004-2031 Cross-site scripting (XSS) vulnerability in user.php in e107 allows remote attackers to inject arbit...
E
CVE-2004-2032 Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long...
E
CVE-2004-2033 Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET requ...
E S
CVE-2004-2034 Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows r...
E S
CVE-2004-2035 MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GE...
E S
CVE-2004-2036 SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPorta...
E
CVE-2004-2037 Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause ...
E S
CVE-2004-2038 Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) before LDU 700 allows remote attac...
S
CVE-2004-2039 e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_n...
E S
CVE-2004-2040 Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject a...
E S
CVE-2004-2041 PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attacke...
E
CVE-2004-2042 Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL ...
E S
CVE-2004-2043 Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly ot...
E S
CVE-2004-2044 PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuk...
E
CVE-2004-2045 The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows ...
E
CVE-2004-2046 Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers t...
S
CVE-2004-2047 Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attacke...
E
CVE-2004-2048 radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 250...
E
CVE-2004-2049 eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passw...
CVE-2004-2050 eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privilege...
E
CVE-2004-2051 The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local...
E
CVE-2004-2052 eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins wit...
CVE-2004-2053 PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attacker...
CVE-2004-2054 CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Respon...
E
CVE-2004-2055 Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attac...
E
CVE-2004-2056 SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arb...
S
CVE-2004-2057 SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statem...
E
CVE-2004-2058 ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2...
E
CVE-2004-2059 Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbi...
E
CVE-2004-2060 ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote att...
E
CVE-2004-2061 RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open...
E
CVE-2004-2062 SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers ...
E
CVE-2004-2063 Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remo...
E
CVE-2004-2064 Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inje...
CVE-2004-2065 DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a he...
S
CVE-2004-2066 SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitr...
E
CVE-2004-2067 SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 ...
E
CVE-2004-2068 fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (proce...
S
CVE-2004-2069 sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, ...
CVE-2004-2070 The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbi...
CVE-2004-2071 Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers t...
E
CVE-2004-2072 Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlie...
E
CVE-2004-2073 Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the...
E S
CVE-2004-2074 Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash...
E
CVE-2004-2075 Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MI...
S
CVE-2004-2076 Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote...
E
CVE-2004-2077 Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause ...
E
CVE-2004-2078 Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of servic...
E S
CVE-2004-2079 Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows ...
E S
CVE-2004-2080 Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifie...
E S
CVE-2004-2081 The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pm...
E S
CVE-2004-2082 The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial...
E S
CVE-2004-2083 Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious...
E
CVE-2004-2084 Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote atta...
E S
CVE-2004-2085 Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier all...
S
CVE-2004-2086 Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allow...
E S
CVE-2004-2087 Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-...
S
CVE-2004-2088 Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated D...
S
CVE-2004-2089 Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using f...
E
CVE-2004-2090 Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of ...
E
CVE-2004-2091 Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been p...
CVE-2004-2092 eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, inclu...
CVE-2004-2093 Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local...
CVE-2004-2094 Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbi...
E
CVE-2004-2095 Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attacke...
CVE-2004-2096 Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to...
E S
CVE-2004-2097 Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink atta...
CVE-2004-2098 Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to e...
CVE-2004-2099 Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows r...
E
CVE-2004-2100 GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authenticati...
CVE-2004-2101 The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via...
E
CVE-2004-2102 Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remot...
CVE-2004-2103 Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows ...
CVE-2004-2104 Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server ...
CVE-2004-2105 The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to re...
CVE-2004-2106 Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a d...
CVE-2004-2107 Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on T...
E S
CVE-2004-2108 Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrar...
E
CVE-2004-2109 Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-S...
S
CVE-2004-2110 SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execut...
CVE-2004-2111 Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote ...
E
CVE-2004-2112 Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary fil...
E
CVE-2004-2113 Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbi...
E
CVE-2004-2114 Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to ...
E
CVE-2004-2115 Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, a...
E
CVE-2004-2116 Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arb...
E
CVE-2004-2117 Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requ...
E
CVE-2004-2118 Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with ...
E
CVE-2004-2119 Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitr...
E
CVE-2004-2120 Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multip...
E
CVE-2004-2121 Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow rem...
E
CVE-2004-2122 Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers...
CVE-2004-2123 Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow rem...
CVE-2004-2124 The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to...
S
CVE-2004-2125 Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with...
CVE-2004-2126 The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such...
CVE-2004-2127 Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files vi...
E S
CVE-2004-2128 Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute ar...
E S
CVE-2004-2129 SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP G...
E
CVE-2004-2130 Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attac...
E S
CVE-2004-2131 Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier all...
E S
CVE-2004-2132 Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers t...
E
CVE-2004-2133 Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF...
E S
CVE-2004-2134 Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local ...
E
CVE-2004-2135 cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greate...
E
CVE-2004-2136 dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater,...
E
CVE-2004-2137 Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger t...
S
CVE-2004-2138 Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote a...
E
CVE-2004-2139 Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary...
S
CVE-2004-2140 CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file...
S
CVE-2004-2141 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1827. Reason: This candida...
R
CVE-2004-2142 Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd...
S
CVE-2004-2143 SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and ...
E S
CVE-2004-2144 Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system acces...
E S
CVE-2004-2145 SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arb...
E
CVE-2004-2146 CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP resp...
E
CVE-2004-2147 Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denia...
CVE-2004-2148 Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlie...
S
CVE-2004-2149 Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allo...
E S
CVE-2004-2150 Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and in...
S
CVE-2004-2151 Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumpti...
E
CVE-2004-2152 Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier a...
S
CVE-2004-2153 Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and atta...
S
CVE-2004-2154 CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows atta...
S
CVE-2004-2155 Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a d...
S
CVE-2004-2156 Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vec...
S
CVE-2004-2157 Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other...
E S
CVE-2004-2158 SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQ...
E S
CVE-2004-2159 Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attac...
S
CVE-2004-2160 Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow at...
S
CVE-2004-2161 SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arb...
E S
CVE-2004-2162 Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject ar...
E S
CVE-2004-2163 login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a...
S
CVE-2004-2164 shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a pre...
S
CVE-2004-2165 Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a...
E
CVE-2004-2166 The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not...
CVE-2004-2167 Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers t...
E
CVE-2004-2168 BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple co...
E
CVE-2004-2169 Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a de...
CVE-2004-2170 Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows rem...
E
CVE-2004-2171 Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject ...
E S
CVE-2004-2172 EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote atta...
E S
CVE-2004-2173 SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to...
E S
CVE-2004-2174 Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote atta...
E S
CVE-2004-2175 Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbit...
E S
CVE-2004-2176 The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust...
E
CVE-2004-2177 Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to injec...
CVE-2004-2178 SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary ...
CVE-2004-2179 asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to...
E
CVE-2004-2180 Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to in...
E
CVE-2004-2181 Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitra...
E
CVE-2004-2182 Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user session...
CVE-2004-2183 Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands v...
S
CVE-2004-2184 Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers...
E
CVE-2004-2185 Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to exe...
S
CVE-2004-2186 SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL comm...
S
CVE-2004-2187 Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknow...
S
CVE-2004-2188 Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to...
CVE-2004-2189 SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbi...
CVE-2004-2190 Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors....
CVE-2004-2191 Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows...
E S
CVE-2004-2192 SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote a...
E
CVE-2004-2193 Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers t...
E S
CVE-2004-2194 MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attacke...
S
CVE-2004-2195 PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers t...
E S
CVE-2004-2196 Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requ...
E
CVE-2004-2197 kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could a...
S
CVE-2004-2198 account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords fo...
E
CVE-2004-2199 Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to injec...
E
CVE-2004-2200 Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers t...
E
CVE-2004-2201 SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arb...
E
CVE-2004-2202 Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attacker...
E
CVE-2004-2203 Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain acces...
S
CVE-2004-2204 Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function...
CVE-2004-2205 Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root ac...
S
CVE-2004-2206 SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL comm...
CVE-2004-2207 Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote ...
CVE-2004-2208 CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to...
CVE-2004-2209 SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to ...
CVE-2004-2210 Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) a...
E
CVE-2004-2211 Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject ...
E
CVE-2004-2212 SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute...
E
CVE-2004-2213 Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scrip...
S
CVE-2004-2214 Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a...
S
CVE-2004-2215 RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to acces...
S
CVE-2004-2216 Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and...
S
CVE-2004-2217 Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a den...
S
CVE-2004-2218 SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers...
E S
CVE-2004-2219 Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishin...
E
CVE-2004-2220 F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-p...
S
CVE-2004-2221 Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbit...
E S
CVE-2004-2222 Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to...
S
CVE-2004-2223 FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a lar...
S
CVE-2004-2224 Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) v...
E
CVE-2004-2225 Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download dire...
S
CVE-2004-2226 Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote ...
S
CVE-2004-2227 Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it ...
S
CVE-2004-2228 Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows lo...
S
CVE-2004-2229 Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow r...
S
CVE-2004-2230 Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denia...
S
CVE-2004-2231 Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary ...
CVE-2004-2232 SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows rem...
S
CVE-2004-2233 Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact an...
S
CVE-2004-2234 Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators....
S
CVE-2004-2235 Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to imprope...
S
CVE-2004-2236 Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to langu...
S
CVE-2004-2237 Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "stri...
S
CVE-2004-2238 Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack...
S
CVE-2004-2239 Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial o...
S
CVE-2004-2240 Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify...
E S
CVE-2004-2241 Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inj...
E
CVE-2004-2242 Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, a...
E
CVE-2004-2243 Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the sessi...
CVE-2004-2244 The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, a...
S
CVE-2004-2245 Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrar...
E S
CVE-2004-2246 Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject ...
E S
CVE-2004-2247 Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21...
S
CVE-2004-2248 Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to...
S
CVE-2004-2249 Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attac...
S
CVE-2004-2250 Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attac...
S
CVE-2004-2251 The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which ...
S
CVE-2004-2252 The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes i...
S
CVE-2004-2253 Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers ...
E
CVE-2004-2254 SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypas...
E S
CVE-2004-2255 Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files...
S
CVE-2004-2256 Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary ...
S
CVE-2004-2257 phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images withou...
S
CVE-2004-2258 Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allo...
S
CVE-2004-2259 vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) vi...
S
CVE-2004-2260 Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clic...
S
CVE-2004-2261 Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script ...
S
CVE-2004-2262 ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows ...
E S
CVE-2004-2263 SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows r...
E S
CVE-2004-2264 Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might al...
CVE-2004-2265 UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack ...
S
CVE-2004-2266 SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statement...
S
CVE-2004-2267 Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject ...
S
CVE-2004-2268 PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug informatio...
S
CVE-2004-2269 Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local use...
E
CVE-2004-2270 Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbit...
S
CVE-2004-2271 Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via...
E S
CVE-2004-2272 Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers t...
S
CVE-2004-2273 efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet wi...
CVE-2004-2274 Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related...
S
CVE-2004-2275 i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metach...
E
CVE-2004-2276 F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers,...
S
CVE-2004-2277 Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of servic...
E
CVE-2004-2278 Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown i...
S
CVE-2004-2279 Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers t...
E
CVE-2004-2280 Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers...
S
CVE-2004-2281 Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have u...
S
CVE-2004-2282 DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request....
S
CVE-2004-2283 Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters ...
S
CVE-2004-2284 The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote a...
S
CVE-2004-2285 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2022. Reason: This candida...
R
CVE-2004-2286 Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial...
E
CVE-2004-2287 Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote at...
E
CVE-2004-2288 Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers t...
E
CVE-2004-2289 Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with ...
E
CVE-2004-2290 Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a ...
E
CVE-2004-2291 Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code vi...
E
CVE-2004-2292 Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (applica...
E
CVE-2004-2293 Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to...
E
CVE-2004-2294 Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 ...
E
CVE-2004-2295 SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...
E
CVE-2004-2296 The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows sy...
E
CVE-2004-2297 The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU ...
E
CVE-2004-2298 Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a de...
S
CVE-2004-2299 Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary ...
E
CVE-2004-2300 Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local use...
E
CVE-2004-2301 Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with ...
S
CVE-2004-2302 Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 a...
S
CVE-2004-2303 MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world...
S
CVE-2004-2304 Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote atta...
S
CVE-2004-2305 Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scan...
S
CVE-2004-2306 Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has be...
S
CVE-2004-2307 Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of serv...
E
CVE-2004-2308 Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attacker...
E
CVE-2004-2309 Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the ...
E
CVE-2004-2310 Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote atta...
E
CVE-2004-2311 Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to cre...
E
CVE-2004-2312 Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain pri...
E S
CVE-2004-2313 Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords vers...
CVE-2004-2314 The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a passw...
S
CVE-2004-2315 Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash...
E S
CVE-2004-2316 Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash...
E S
CVE-2004-2317 Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain ...
S
CVE-2004-2318 The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote ...
E S
CVE-2004-2319 IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite file...
E S
CVE-2004-2320 The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlie...
S
CVE-2004-2321 BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtai...
S
CVE-2004-2322 SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 a...
E
CVE-2004-2323 DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensi...
S
CVE-2004-2324 SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows r...
S
CVE-2004-2325 Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Worksho...
S
CVE-2004-2326 SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows rem...
E S
CVE-2004-2327 Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple mal...
E
CVE-2004-2328 Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (...
S
CVE-2004-2329 Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privile...
E
CVE-2004-2330 ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP requ...
S
CVE-2004-2331 ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain...
S
CVE-2004-2332 Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attac...
S
CVE-2004-2333 Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers ...
S
CVE-2004-2334 Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to i...
E
CVE-2004-2335 The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, D...
S
CVE-2004-2336 Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with...
S
CVE-2004-2337 The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, ...
S
CVE-2004-2338 OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-...
S
CVE-2004-2339 Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege...
CVE-2004-2340 ** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 al...
E
CVE-2004-2341 PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to e...
E
CVE-2004-2342 ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed r...
E
CVE-2004-2343 Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as s...
CVE-2004-2344 Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote att...
E
CVE-2004-2345 Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 ...
S
CVE-2004-2346 Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Server 1.6 and earlier allow remote...
CVE-2004-2347 blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary comma...
E S
CVE-2004-2348 Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (ha...
S
CVE-2004-2349 Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute a...
S
CVE-2004-2350 SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to exe...
E S
CVE-2004-2351 Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject...
E
CVE-2004-2352 Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject...
E
CVE-2004-2353 BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root wi...
S
CVE-2004-2354 SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers...
E
CVE-2004-2355 Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remot...
E S
CVE-2004-2356 Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial o...
E S
CVE-2004-2357 The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the r...
CVE-2004-2358 Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers...
E S
CVE-2004-2359 Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM priv...
CVE-2004-2360 Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a U...
E
CVE-2004-2361 Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korp...
E
CVE-2004-2362 PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or inv...
E S
CVE-2004-2363 Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0...
E S
CVE-2004-2364 Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to...
E S
CVE-2004-2365 Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of ...
E
CVE-2004-2366 Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause ...
E S
CVE-2004-2367 The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to ...
E S
CVE-2004-2368 PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to exec...
E S
CVE-2004-2369 Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to crea...
E
CVE-2004-2370 Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows ...
S
CVE-2004-2371 Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum...
E
CVE-2004-2372 Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary ...
E S
CVE-2004-2373 The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable loca...
E
CVE-2004-2374 BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a req...
E
CVE-2004-2375 Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a d...
E
CVE-2004-2376 Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to...
E
CVE-2004-2377 Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via c...
CVE-2004-2378 @Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via ...
E
CVE-2004-2379 Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers...
E
CVE-2004-2380 Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows r...
E
CVE-2004-2381 HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of servi...
S
CVE-2004-2382 The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of s...
CVE-2004-2383 Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting ...
E
CVE-2004-2384 NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file...
E S
CVE-2004-2385 EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via ...
E
CVE-2004-2386 Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earli...
S
CVE-2004-2387 Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier...
S
CVE-2004-2388 rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, ...
E S
CVE-2004-2389 Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 ...
S
CVE-2004-2390 The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x bef...
S
CVE-2004-2391 Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers t...
S
CVE-2004-2392 libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown...
S
CVE-2004-2393 Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate...
S
CVE-2004-2394 Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the...
S
CVE-2004-2395 Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via ...
S
CVE-2004-2396 passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and ...
S
CVE-2004-2397 The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, wh...
S
CVE-2004-2398 Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, whi...
CVE-2004-2399 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of ser...
S
CVE-2004-2400 WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, w...
CVE-2004-2401 Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote a...
S
CVE-2004-2402 Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers ...
E
CVE-2004-2403 Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to p...
E
CVE-2004-2404 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2347. Reason: This candida...
R
CVE-2004-2405 Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and ear...
S
CVE-2004-2406 Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack v...
S
CVE-2004-2407 Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, relat...
S
CVE-2004-2408 Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions ac...
S
CVE-2004-2409 Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in up...
S
CVE-2004-2410 Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to c...
S
CVE-2004-2411 The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not suffici...
E S
CVE-2004-2412 Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attacker...
S
CVE-2004-2413 SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execu...
E S
CVE-2004-2414 Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custo...
S
CVE-2004-2415 Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1)...
S
CVE-2004-2416 Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary cod...
E S
CVE-2004-2417 Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to ex...
S
CVE-2004-2418 Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long...
E S
CVE-2004-2419 Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the...
CVE-2004-2420 Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attacker...
S
CVE-2004-2421 Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and...
S
CVE-2004-2422 Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of s...
S
CVE-2004-2423 Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows r...
S
CVE-2004-2424 BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denia...
S
CVE-2004-2425 Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to ...
E S
CVE-2004-2426 Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and...
E S
CVE-2004-2427 Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to ...
E S
CVE-2004-2428 Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access...
E
CVE-2004-2429 Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow re...
S
CVE-2004-2430 Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a ...
S
CVE-2004-2431 Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking s...
S
CVE-2004-2432 WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request...
E
CVE-2004-2433 Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4...
E S
CVE-2004-2434 Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser cr...
E
CVE-2004-2435 Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0,...
CVE-2004-2436 Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in c...
S
CVE-2004-2437 SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL comm...
CVE-2004-2438 Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitr...
S
CVE-2004-2439 The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, whi...
CVE-2004-2440 Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain...
S
CVE-2004-2441 Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote att...
S
CVE-2004-2442 Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 an...
S
CVE-2004-2443 Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with ...
E
CVE-2004-2444 Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject ...
E S
CVE-2004-2445 Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbi...
E S
CVE-2004-2446 Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbi...
CVE-2004-2447 Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to in...
E
CVE-2004-2448 S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficie...
CVE-2004-2449 Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attacker...
E
CVE-2004-2450 The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earl...
E
CVE-2004-2451 Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attacke...
E
CVE-2004-2452 Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-0...
CVE-2004-2453 Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is ena...
S
CVE-2004-2454 aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed pa...
E
CVE-2004-2455 Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sen...
CVE-2004-2456 SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execu...
E S
CVE-2004-2457 Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows remote attackers to cause a d...
S
CVE-2004-2458 Open WebMail 2.30 and earlier, when use_syshomedir is disabled or create_syshomedir is enabled, crea...
S
CVE-2004-2459 Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related t...
S
CVE-2004-2460 Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote attackers to cause a denial of s...
S
CVE-2004-2461 Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to cause a denial of service (cra...
S
CVE-2004-2462 cplay 1.49 on Linux allows local users to overwrite arbitrary files via a symlink attack on the cpla...
CVE-2004-2463 Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attackers to cause a denial of servic...
E
CVE-2004-2464 Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 allows remote attackers to read a...
E
CVE-2004-2465 Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Server 1.2 allows remote attackers...
E
CVE-2004-2466 chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash)...
E
CVE-2004-2467 chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a large number of fake users, then e...
E
CVE-2004-2468 Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to i...
E S
CVE-2004-2469 Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1.01 and earlier allows attacke...
S
CVE-2004-2470 Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to l...
S
CVE-2004-2471 SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attacke...
S
CVE-2004-2472 Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a denial of service (CPU consumpti...
S
CVE-2004-2473 wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows local users to overwrite arbitra...
CVE-2004-2474 SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers to execute arbitrary SQL comman...
S
CVE-2004-2475 Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 allows remote attackers to inje...
E
CVE-2004-2476 Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (infinite loop ...
E
CVE-2004-2477 DiamondCS Process Guard Free 2.000 allows local users to disable the process guard protection system...
E
CVE-2004-2478 Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Trading Partner Interchange befor...
CVE-2004-2479 Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs cont...
S
CVE-2004-2480 Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arb...
E
CVE-2004-2481 MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from t...
E
CVE-2004-2482 Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word 2000 or 2003 as the e-mail ed...
CVE-2004-2483 Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries in response to A queries, whi...
S
CVE-2004-2484 Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 and earlier allows remote attack...
S
CVE-2004-2485 Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major security problem," allows remot...
CVE-2004-2486 The DSS verification code in Dropbear SSH Server before 0.43 frees uninitialized variables, which mi...
CVE-2004-2487 Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated u...
E S
CVE-2004-2488 Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 allows remote authenticated u...
E S
CVE-2004-2489 Format string vulnerability in IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...
S
CVE-2004-2490 Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40.xC2 allows local users to exe...
CVE-2004-2491 A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before...
E S
CVE-2004-2492 Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (GmaxWWW) Desktop 5, 6, and Desk...
S
CVE-2004-2493 Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) 2 and 3, and Desktop 5, 6, an...
S
CVE-2004-2494 Cross-site scripting (XSS) vulnerability in _error in Ability Mail Server 1.18 allows remote attacke...
E
CVE-2004-2495 The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers...
CVE-2004-2496 The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of serv...
E
CVE-2004-2497 Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web ...
CVE-2004-2498 Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator ...
CVE-2004-2499 Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and e...
CVE-2004-2500 Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors....
S
CVE-2004-2501 Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1...
E S
CVE-2004-2502 im-switch before 11.4-46.1 in Fedora Core 2 allows local users to overwrite arbitrary files via a sy...
E S
CVE-2004-2503 INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large numb...
E
CVE-2004-2504 The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such ...
E
CVE-2004-2505 Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remot...
E S
CVE-2004-2506 Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obta...
S
CVE-2004-2507 Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera...
E
CVE-2004-2508 Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Cam...
E
CVE-2004-2509 Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in...
E S
CVE-2004-2510 Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows re...
E S
CVE-2004-2511 Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote att...
E
CVE-2004-2512 CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers...
E
CVE-2004-2513 Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execut...
E S
CVE-2004-2514 Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x al...
E
CVE-2004-2515 Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privile...
E
CVE-2004-2516 Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary director...
E S
CVE-2004-2517 myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST req...
E
CVE-2004-2518 Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trail...
E S
CVE-2004-2519 Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) ...
E
CVE-2004-2520 POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of...
E
CVE-2004-2521 Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (...
CVE-2004-2522 Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote a...
E
CVE-2004-2523 Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 an...
E S
CVE-2004-2524 clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain p...
E S
CVE-2004-2525 Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote att...
S
CVE-2004-2526 Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allow...
E S
CVE-2004-2527 The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote ...
E S
CVE-2004-2528 Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote atta...
E
CVE-2004-2529 Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image fi...
CVE-2004-2530 Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on ...
E
CVE-2004-2531 X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 all...
S
CVE-2004-2532 Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which ...
E
CVE-2004-2533 Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (applicati...
E S
CVE-2004-2534 Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not c...
S
CVE-2004-2535 The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers...
S
CVE-2004-2536 The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-T...
E S
CVE-2004-2537 Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related ...
S
CVE-2004-2538 Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie ...
S
CVE-2004-2539 Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers t...
CVE-2004-2540 readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 throug...
CVE-2004-2541 Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute ...
CVE-2004-2542 Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote att...
CVE-2004-2543 Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial o...
S
CVE-2004-2544 Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when expor...
S
CVE-2004-2545 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of ser...
S
CVE-2004-2546 Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory con...
CVE-2004-2547 NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive informat...
E S
CVE-2004-2548 Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebM...
E S
CVE-2004-2549 Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a ...
E
CVE-2004-2550 Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before...
S
CVE-2004-2551 Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arb...
E S
CVE-2004-2552 Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a ...
E
CVE-2004-2553 The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with lo...
S
CVE-2004-2554 Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to ex...
CVE-2004-2555 Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic a...
E
CVE-2004-2556 NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account...
E
CVE-2004-2557 NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superm...
E S
CVE-2004-2558 Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business...
S
CVE-2004-2559 DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including ...
S
CVE-2004-2560 DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension...
S
CVE-2004-2561 Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote a...
E
CVE-2004-2562 SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4...
E S
CVE-2004-2563 Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, v...
E
CVE-2004-2564 Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and poss...
E
CVE-2004-2565 Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly ot...
E
CVE-2004-2566 Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) Li...
E
CVE-2004-2567 Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrar...
S
CVE-2004-2568 Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inj...
S
CVE-2004-2569 ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files ...
E S
CVE-2004-2570 Opera before 7.54 allows remote attackers to modify properties and methods of the location object an...
E S
CVE-2004-2571 Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary cod...
S
CVE-2004-2572 AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1...
E
CVE-2004-2573 PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earl...
E
CVE-2004-2574 Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows ...
E S
CVE-2004-2575 phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a dir...
E
CVE-2004-2576 class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authoriza...
E
CVE-2004-2577 The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behav...
S
CVE-2004-2578 phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext v...
CVE-2004-2579 ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecifi...
S
CVE-2004-2580 Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain logi...
S
CVE-2004-2581 Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."...
S
CVE-2004-2582 Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, whic...
S
CVE-2004-2583 SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a de...
CVE-2004-2584 frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated user...
CVE-2004-2585 Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and...
E
CVE-2004-2586 Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and ...
E
CVE-2004-2587 login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a deni...
E
CVE-2004-2588 Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus b...
CVE-2004-2589 Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long H...
S
CVE-2004-2590 Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and a...
S
CVE-2004-2591 The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data i...
CVE-2004-2592 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial...
E
CVE-2004-2593 Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple pro...
CVE-2004-2594 Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple...
E
CVE-2004-2595 Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple p...
CVE-2004-2596 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial...
CVE-2004-2597 Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-base...
CVE-2004-2598 Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the se...
CVE-2004-2599 Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local ...
CVE-2004-2600 The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and ...
S
CVE-2004-2601 PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to...
CVE-2004-2602 PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote...
E S
CVE-2004-2603 Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allo...
E
CVE-2004-2604 Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject a...
E
CVE-2004-2605 aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-...
CVE-2004-2606 The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows...
S
CVE-2004-2607 A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc...
E
CVE-2004-2608 SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web docume...
E
CVE-2004-2609 The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to ...
CVE-2004-2610 mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacter...
E S
CVE-2004-2611 The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possi...
S
CVE-2004-2612 BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers t...
S
CVE-2004-2613 Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.2...
E S
CVE-2004-2614 Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possib...
E S
CVE-2004-2615 The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews...
CVE-2004-2616 The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain s...
E
CVE-2004-2617 Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read f...
E S
CVE-2004-2618 Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to...
E S
CVE-2004-2619 ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME en...
S
CVE-2004-2620 The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" c...
S
CVE-2004-2621 Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not c...
CVE-2004-2622 AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the firs...
CVE-2004-2623 Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unk...
S
CVE-2004-2624 Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to...
S
CVE-2004-2625 Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitra...
E S
CVE-2004-2626 GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to ...
E
CVE-2004-2627 Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to es...
CVE-2004-2628 Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow...
E
CVE-2004-2629 Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click...
CVE-2004-2630 The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up...
S
CVE-2004-2631 Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FAL...
E S
CVE-2004-2632 phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unaut...
E S
CVE-2004-2633 Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to reposit...
S
CVE-2004-2634 The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to...
S
CVE-2004-2635 An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to ...
E S
CVE-2004-2636 TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL....
E
CVE-2004-2637 The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addr...
CVE-2004-2638 The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in t...
S
CVE-2004-2639 Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modi...
S
CVE-2004-2640 Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to ...
E S
CVE-2004-2641 Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows rem...
S
CVE-2004-2642 Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to sp...
S
CVE-2004-2643 Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via...
E
CVE-2004-2644 Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vecto...
S
CVE-2004-2645 Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vecto...
S
CVE-2004-2646 The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a den...
E S
CVE-2004-2647 Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multipl...
E S
CVE-2004-2648 FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service ...
E S
CVE-2004-2649 Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a ...
E S
CVE-2004-2650 Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory con...
CVE-2004-2651 Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to in...
E S
CVE-2004-2652 The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using ...
E S
CVE-2004-2653 Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges vi...
S
CVE-2004-2654 The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows rem...
S
CVE-2004-2655 rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possi...
S
CVE-2004-2656 Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage...
E S
CVE-2004-2657 Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even a...
CVE-2004-2658 resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof t...
S
CVE-2004-2659 Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows ...
E
CVE-2004-2660 Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial ...
S
CVE-2004-2661 Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers t...
CVE-2004-2662 Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource cons...
CVE-2004-2663 The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2....
E S
CVE-2004-2664 John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information v...
S
CVE-2004-2665 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-...
S
CVE-2004-2666 Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardle...
S
CVE-2004-2667 Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 a...
S
CVE-2004-2668 SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary...
CVE-2004-2669 Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execu...
CVE-2004-2670 Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attacke...
E
CVE-2004-2671 mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct ...
E
CVE-2004-2672 Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk file...
CVE-2004-2673 Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to ...
E S
CVE-2004-2674 Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated ...
E S
CVE-2004-2675 ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (c...
E S
CVE-2004-2676 The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not dr...
S
CVE-2004-2677 Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows rem...
E S
CVE-2004-2678 Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when us...
CVE-2004-2679 Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive i...
CVE-2004-2680 mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters pr...
S
CVE-2004-2681 PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it ...
CVE-2004-2682 PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attacke...
CVE-2004-2683 Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows att...
CVE-2004-2684 Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to ac...
CVE-2004-2685 Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary c...
E
CVE-2004-2686 Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows lo...
E S
CVE-2004-2687 distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server po...
E
CVE-2004-2688 Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject a...
CVE-2004-2689 NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to th...
CVE-2004-2690 Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authent...
CVE-2004-2691 Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allow...
S
CVE-2004-2692 The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote atta...
E S
CVE-2004-2693 HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory perm...
CVE-2004-2694 Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load c...
CVE-2004-2695 SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jels...
S
CVE-2004-2696 BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI...
CVE-2004-2697 The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to...
E
CVE-2004-2698 Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local user...
CVE-2004-2699 deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product image...
E
CVE-2004-2700 Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated admini...
CVE-2004-2701 Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote at...
CVE-2004-2702 Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remot...
E
CVE-2004-2703 Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAI...
CVE-2004-2704 Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment...
S
CVE-2004-2705 Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote att...
CVE-2004-2706 Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause ...
S
CVE-2004-2707 Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact an...
S
CVE-2004-2708 Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtai...
S
CVE-2004-2709 Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remot...
S
CVE-2004-2710 Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a...
S
CVE-2004-2711 Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a...
S
CVE-2004-2712 Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to caus...
S
CVE-2004-2713 Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, ...
CVE-2004-2714 Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown act...
S
CVE-2004-2715 edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administr...
E
CVE-2004-2716 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to ...
E
CVE-2004-2717 Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attacker...
E
CVE-2004-2718 PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to...
CVE-2004-2719 Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers...
E S
CVE-2004-2720 Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier all...
E S
CVE-2004-2721 The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" vari...
S
CVE-2004-2722 Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to...
CVE-2004-2723 NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to ...
CVE-2004-2724 LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server cr...
E
CVE-2004-2725 Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inj...
E
CVE-2004-2726 HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authoriza...
S
CVE-2004-2727 Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attac...
E S
CVE-2004-2728 Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticat...
S
CVE-2004-2729 Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute ar...
S
CVE-2004-2730 Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) Ps...
S
CVE-2004-2731 Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2...
E
CVE-2004-2732 nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=t...
E
CVE-2004-2733 Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers t...
CVE-2004-2734 webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an...
CVE-2004-2735 Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject ...
S
CVE-2004-2736 Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserTy...
E
CVE-2004-2737 SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers ...
E
CVE-2004-2738 Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows...
CVE-2004-2739 The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify syste...
S
CVE-2004-2740 PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows re...
S
CVE-2004-2741 Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framew...
S
CVE-2004-2742 Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 a...
S
CVE-2004-2743 upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbi...
S
CVE-2004-2744 Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vect...
S
CVE-2004-2745 Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows rem...
E
CVE-2004-2746 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attacker...
S
CVE-2004-2747 Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and pos...
S
CVE-2004-2748 viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to...
CVE-2004-2749 Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomeP...
E
CVE-2004-2750 Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers...
E S
CVE-2004-2751 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allo...
E S
CVE-2004-2752 Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possib...
S
CVE-2004-2753 Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to ac...
S
CVE-2004-2754 SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1...
E S
CVE-2004-2755 Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build...
CVE-2004-2756 Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, al...
CVE-2004-2757 Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build ...
CVE-2004-2758 Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3...
CVE-2004-2759 Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and P...
CVE-2004-2760 sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after...
CVE-2004-2761 The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-depen...
S
CVE-2004-2762 The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5....
CVE-2004-2763 The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5...
E
CVE-2004-2764 Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0...
CVE-2004-2765 Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Mess...
S
CVE-2004-2766 Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows rem...
S
CVE-2004-2767 NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, w...
CVE-2004-2768 dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a packa...
E
CVE-2004-2769 Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when...
CVE-2004-2770 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-3389. Reason: This candida...
R
CVE-2004-2771 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allo...
E
CVE-2004-2772 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2004-2773 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2004-2774 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2004-2775 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was with...
R
CVE-2004-2776 go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacter...
E
CVE-2004-2777 GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account,...
CVE-2004-2778 Ebuild in Gentoo may change directory and file permissions depending on the order of installed packa...
CVE-2004-2779 id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-...
S
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.