Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2177 | 1 Devoybb | 1 Devoybb Web Forum | 2008-09-05 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2190 | 1 Unzoo | 1 Unzoo | 2008-09-05 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors. | |||||
| CVE-2004-2179 | 1 Microsoft | 2 Frontpage, Ie | 2008-09-05 | 5.0 MEDIUM | N/A |
| asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. | |||||
| CVE-2004-2208 | 1 Ideal Science | 1 Idealbb | 2008-09-05 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors. | |||||
| CVE-2004-2194 | 1 Mailenable | 2 Mailenable Enterprise, Mailenable Professional | 2008-09-05 | 5.0 MEDIUM | N/A |
| MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands. | |||||
| CVE-2004-2091 | 1 Microsoft | 1 Baseline Security Analyzer | 2008-09-05 | 5.0 MEDIUM | N/A |
| Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. | |||||
| CVE-2004-2187 | 1 Mediawiki | 1 Mediawiki | 2008-09-05 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors. | |||||
| CVE-2004-1781 | 1 Info Touch | 1 Surfnet | 2008-09-05 | 4.6 MEDIUM | N/A |
| Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. | |||||
| CVE-2004-1785 | 1 Invision Power Services | 1 Invision Board | 2008-09-05 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. | |||||
| CVE-2004-1791 | 1 Edimax | 1 Full Rate Adsl Router | 2008-09-05 | 7.5 HIGH | N/A |
| The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access. | |||||
| CVE-2004-1795 | 1 Info Touch | 1 Surfnet | 2008-09-05 | 2.1 LOW | N/A |
| Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI. | |||||
| CVE-2004-1780 | 1 Info Touch | 1 Surfnet | 2008-09-05 | 4.6 MEDIUM | N/A |
| Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts. | |||||
| CVE-2004-1891 | 1 Sgi | 1 Irix | 2008-09-05 | 5.0 MEDIUM | N/A |
| The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. | |||||
| CVE-2004-2024 | 1 Zen Cart | 1 Zen Cart | 2008-09-05 | 7.5 HIGH | N/A |
| The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php. | |||||
| CVE-2004-1783 | 1 Net2soft | 1 Flash Ftp Server | 2008-09-05 | 7.5 HIGH | N/A |
| Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot). | |||||
| CVE-2004-1754 | 1 Symantec | 2 Enterprise Firewall, Gateway Security | 2008-09-05 | 5.0 MEDIUM | N/A |
| The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records. | |||||
| CVE-2004-2001 | 1 Sgi | 1 Irix | 2008-09-05 | 4.6 MEDIUM | N/A |
| ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received. | |||||
| CVE-2004-1788 | 1 Asp-nuke | 1 Asp-nuke | 2008-09-05 | 5.0 MEDIUM | N/A |
| ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. | |||||
| CVE-2004-1374 | 1 Netbsd | 1 Netbsd | 2008-09-05 | 7.2 HIGH | N/A |
| Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges. | |||||
| CVE-2004-1343 | 1 Cvs | 1 Cvs | 2008-09-05 | 5.0 MEDIUM | N/A |
| CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash). | |||||