Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2616 | 1 Onnuri Infotek | 1 Activepost Standard | 2016-10-17 | 4.0 MEDIUM | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message. | |||||
| CVE-2005-0110 | 1 Microsoft | 1 Ie | 2016-10-17 | 2.6 LOW | N/A |
| Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. | |||||
| CVE-2005-0080 | 2 Gnu, Ubuntu | 2 Mailman, Ubuntu Linux | 2016-10-17 | 5.0 MEDIUM | N/A |
| The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. | |||||
| CVE-2005-0040 | 1 Dotnetnuke | 1 Dotnetnuke | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log. | |||||
| CVE-2005-0039 | 1 Nissc | 1 Ipsec | 2016-10-17 | 6.4 MEDIUM | N/A |
| Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | |||||
| CVE-2004-2135 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 2.1 LOW | N/A |
| cryptoloop on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
| CVE-2004-2130 | 1 Phpbb Group | 1 Phpbb | 2016-10-17 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in phpBB 2.0.6 allow remote attackers to execute arbitrary script or HTML via the (1) folder or (2) mode variables. | |||||
| CVE-2004-2126 | 1 Iss | 1 Blackice Pc Protection | 2016-10-17 | 4.6 MEDIUM | N/A |
| The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration or possibly execute arbitrary code by exploiting vulnerabilities in the .INI parsers. | |||||
| CVE-2004-2100 | 1 Geovision | 1 Geohttpserver | 2016-10-17 | 5.0 MEDIUM | N/A |
| GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines). | |||||
| CVE-2004-2136 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 2.1 LOW | N/A |
| dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. | |||||
| CVE-2004-2110 | 1 Phorum | 1 Phorum | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | |||||
| CVE-2004-2052 | 1 Esesix | 1 Thintune | 2016-10-17 | 7.5 HIGH | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. | |||||
| CVE-2004-1998 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-17 | 5.0 MEDIUM | N/A |
| The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1858 | 1 Hp | 1 Web Jetadmin | 2016-10-17 | 5.0 MEDIUM | N/A |
| HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. | |||||
| CVE-2004-1839 | 1 Francisco Burzi | 1 Php-nuke | 2016-10-17 | 5.0 MEDIUM | N/A |
| MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | |||||
| CVE-2004-1799 | 1 Openbsd | 1 Openbsd | 2016-10-17 | 7.5 HIGH | N/A |
| PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces. | |||||
| CVE-2004-1610 | 2 Best Software, Saleslogix Corporation | 2 Saleslogix, Saleslogix | 2016-10-17 | 7.5 HIGH | N/A |
| SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables. | |||||
| CVE-2004-1586 | 1 Jera Technology | 1 Flash Messaging Server | 2016-10-17 | 2.1 LOW | N/A |
| Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected. | |||||
| CVE-2004-1604 | 1 Cpanel | 1 Cpanel | 2016-10-17 | 5.0 MEDIUM | N/A |
| cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. | |||||
| CVE-2004-1614 | 1 Mozilla | 1 Mozilla | 2016-10-17 | 5.0 MEDIUM | N/A |
| Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme. | |||||