Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1565 | 1 W-agora | 1 W-agora | 2016-10-17 | 5.0 MEDIUM | N/A |
| list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter. | |||||
| CVE-2004-1515 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php. | |||||
| CVE-2004-1498 | 1 Webhost Automation | 1 Helm Control Panel | 2016-10-17 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter. | |||||
| CVE-2004-1497 | 1 Minihttpserver.net | 1 Web Forums Server | 2016-10-17 | 4.6 MEDIUM | N/A |
| Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges. | |||||
| CVE-2004-1526 | 1 New Media Generation | 1 Hired Team Trial | 2016-10-17 | 7.5 HIGH | N/A |
| Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator. | |||||
| CVE-2004-1496 | 1 Minihttpserver.net | 1 Web Forums Server | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot slash), (3) "/%2E%2E%5C" (encoded dot dot backslash), or (4) "%2E%2E%2F" (encoded dot dot slash). | |||||
| CVE-2004-1426 | 1 Korweblog | 1 Korweblog | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng parameter. | |||||
| CVE-2004-1409 | 1 Singapore | 1 Image Gallery Web Application | 2016-10-17 | 5.0 MEDIUM | N/A |
| Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2004-1405 | 1 Mediawiki | 1 Mediawiki | 2016-10-17 | 7.5 HIGH | N/A |
| MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. | |||||
| CVE-2004-1410 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message, a different vulnerability than CVE-2004-1229. | |||||
| CVE-2004-1414 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2016-10-17 | 5.0 MEDIUM | N/A |
| Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images. | |||||
| CVE-2004-1382 | 1 Gnu | 1 Glibc | 2016-10-17 | 2.1 LOW | N/A |
| The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968. | |||||
| CVE-2004-1321 | 1 Asante | 1 Fm2008 Managed Ethernet Switch | 2016-10-17 | 7.5 HIGH | N/A |
| The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access. | |||||
| CVE-2004-1182 | 1 Hylafax | 1 Hylafax | 2016-10-17 | 7.5 HIGH | N/A |
| hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password. | |||||
| CVE-2004-1229 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2016-10-17 | 7.5 HIGH | N/A |
| Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410. | |||||
| CVE-2004-1151 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2016-10-17 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges. | |||||
| CVE-2004-1161 | 2 Gentoo, Rssh | 2 Linux, Rssh | 2016-10-17 | 7.5 HIGH | N/A |
| rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. | |||||
| CVE-2004-1076 | 2 Atari800, Debian | 2 Atari800, Debian Linux | 2016-10-17 | 7.2 HIGH | N/A |
| Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file. | |||||
| CVE-2004-0423 | 1 Ssmtp | 1 Ssmtp | 2016-10-17 | 2.1 LOW | N/A |
| The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file. | |||||
| CVE-2004-0479 | 1 Microsoft | 1 Ie | 2016-10-17 | 5.0 MEDIUM | N/A |
| Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference. | |||||