Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1419 | 1 Zeroboard | 1 Zeroboard | 2017-07-10 | 6.8 MEDIUM | N/A |
| PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlier allows remote attackers to execute arbitrary PHP code by modifying the (1) _zb_path parameter to outlogin.php or (2) dir parameter to write.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1420 | 1 Whm | 1 Autopilot | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter. | |||||
| CVE-2004-1421 | 1 Whm | 1 Whm Autopilot | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the server_inc parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1422 | 1 Whm | 1 Whm Autopilot | 2017-07-10 | 5.0 MEDIUM | N/A |
| WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings. | |||||
| CVE-2004-1427 | 1 Korweblog | 1 Korweblog | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrated in index.php when using .. (dot dot) sequences in the lng parameter to cause main.inc to be loaded. | |||||
| CVE-2004-1428 | 1 Argosoft | 1 Ftp Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| ArGoSoft FTP before 1.4.2.1 generates an error message if the user name does not exist instead of prompting for a password, which allows remote attackers to determine valid usernames. | |||||
| CVE-2004-1429 | 1 Argosoft | 1 Ftp Server | 2017-07-10 | 7.5 HIGH | N/A |
| ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack. | |||||
| CVE-2004-1430 | 1 Ipbproarcade | 1 Ipbproarcade | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter. | |||||
| CVE-2004-1431 | 1 Joe Lumbroso | 1 Jacks Formmail.php | 2017-07-10 | 5.0 MEDIUM | N/A |
| FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter. | |||||
| CVE-2004-1437 | 1 Pavuk | 1 Pavuk | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-1438 | 1 Subversion | 1 Subversion | 2017-07-10 | 2.1 LOW | N/A |
| The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn copy command. | |||||
| CVE-2004-1439 | 1 Sapporoworks | 1 Black Jumbodog | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD. | |||||
| CVE-2004-1440 | 1 Putty | 1 Putty | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. | |||||
| CVE-2004-1441 | 1 Board Power | 1 Board Power | 2017-07-10 | 9.3 HIGH | N/A |
| Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter. | |||||
| CVE-2004-1443 | 1 Horde | 1 Imp | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arbitrary web script or HTML via an e-mail message. | |||||
| CVE-2004-1444 | 1 Roundup-tracker | 1 Roundup | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in Roundup 0.6.4 and earlier allows remote attackers to view arbitrary files via .. (dot dot) sequences in an @@ command in an HTTP GET request. | |||||
| CVE-2004-1445 | 1 Nessus | 1 Nessus | 2017-07-10 | 3.7 LOW | N/A |
| A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges. | |||||
| CVE-2004-1446 | 1 Juniper | 1 Netscreen Screenos | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. | |||||
| CVE-2004-1447 | 1 Jetbox | 1 Jetbox One Cms | 2017-07-10 | 5.0 MEDIUM | N/A |
| Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information. | |||||
| CVE-2004-1448 | 1 Jetbox | 1 Jetbox One Cms | 2017-07-10 | 4.6 MEDIUM | N/A |
| Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code. | |||||