Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0344 | 1 Yabb | 1 Yabb | 2016-10-17 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter. | |||||
| CVE-2004-0060 | 1 Lionmax Software | 1 Www File Share Pro | 2016-10-17 | 5.0 MEDIUM | N/A |
| WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. | |||||
| CVE-2004-0065 | 1 Phpgedview | 1 Phpgedview | 2016-10-17 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. | |||||
| CVE-2004-0062 | 1 Fishnet | 1 Fishcart | 2016-10-17 | 7.5 HIGH | N/A |
| Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. | |||||
| CVE-2004-0061 | 1 Lionmax Software | 1 Www File Share Pro | 2016-10-17 | 7.5 HIGH | N/A |
| WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. | |||||
| CVE-2004-0069 | 1 Hd Soft | 1 Windows Ftp Server | 2016-10-17 | 7.5 HIGH | N/A |
| Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. | |||||
| CVE-2004-0064 | 1 Suse | 1 Suse Linux | 2016-10-17 | 2.1 LOW | N/A |
| The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. | |||||
| CVE-2004-0091 | 1 Jelsoft | 1 Vbulletin | 2016-10-17 | 4.3 MEDIUM | N/A |
| ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft." | |||||
| CVE-2004-0059 | 1 Lionmax Software | 1 Www File Share Pro | 2016-10-17 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header. | |||||
| CVE-2003-1086 | 1 Pmachine | 2 Pmachine Free, Pmachine Pro | 2016-10-17 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2003-1318 | 1 Twilight Utilities | 1 Twilight Webserver | 2016-10-17 | 7.8 HIGH | N/A |
| Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376. | |||||
| CVE-2003-1262 | 1 Http Fetcher | 1 Http Fetcher Library | 2016-10-17 | 6.4 MEDIUM | N/A |
| Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a long (1) host, (2) referer, or (3) userAgent value. | |||||
| CVE-2003-0934 | 1 Symbol Technologies | 1 Pdt | 2016-10-17 | 4.6 MEDIUM | N/A |
| Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network. | |||||
| CVE-2003-0865 | 1 Mpg123 | 1 Mpg123 | 2016-10-17 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request. | |||||
| CVE-2003-0980 | 1 Freescripts | 1 Visitorbook | 2016-10-17 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters. | |||||
| CVE-2003-0961 | 1 Linux | 1 Linux Kernel | 2016-10-17 | 7.2 HIGH | N/A |
| Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges. | |||||
| CVE-2003-1000 | 1 Xchat | 1 Xchat | 2016-10-17 | 5.0 MEDIUM | N/A |
| xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | |||||
| CVE-2003-0968 | 1 Freeradius | 1 Freeradius | 2016-10-17 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribute. | |||||
| CVE-2003-0981 | 1 Freescripts | 1 Visitorbook | 2016-10-17 | 4.3 MEDIUM | N/A |
| FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks. | |||||
| CVE-2003-0886 | 1 Hylafax | 1 Hylafax | 2016-10-17 | 10.0 HIGH | N/A |
| Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code. | |||||