Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1528 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message. | |||||
| CVE-2004-1529 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments. | |||||
| CVE-2004-1530 | 1 Rob Sutton | 1 Php-nuke Event Calendar | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters. | |||||
| CVE-2004-1531 | 1 Invision Power Services | 1 Invision Board | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter. | |||||
| CVE-2004-1532 | 1 Appserv Open Project | 1 Appserv | 2017-07-10 | 7.5 HIGH | N/A |
| AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access. | |||||
| CVE-2004-1533 | 1 Digital Mappings Systems | 1 Pop3 Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password. | |||||
| CVE-2004-1534 | 1 Zonelabs | 1 Zonealarm | 2017-07-10 | 5.0 MEDIUM | N/A |
| ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript. | |||||
| CVE-2004-1535 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1536 | 1 Ipbproarcade | 1 Ipbproarcade | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter. | |||||
| CVE-2004-1537 | 1 Phpkit | 1 Phpkit | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. | |||||
| CVE-2004-1538 | 1 Phpkit | 1 Phpkit | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
| CVE-2004-1539 | 1 Gearbox Software | 1 Halo Combat Evolved | 2017-07-10 | 5.0 MEDIUM | N/A |
| Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference. | |||||
| CVE-2004-1540 | 1 Zyxel | 2 Prestige, Zynos | 2017-07-10 | 5.0 MEDIUM | N/A |
| ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file. | |||||
| CVE-2004-1541 | 1 Van Dyke Technologies | 1 Securecrt | 2017-07-10 | 7.5 HIGH | N/A |
| SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. | |||||
| CVE-2004-1542 | 1 Raven Software | 1 Soldier Of Fortune | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply. | |||||
| CVE-2004-1543 | 1 Korweblog | 1 Korweblog | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. | |||||
| CVE-2004-1544 | 1 Jspwiki | 1 Jspwiki | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter. | |||||
| CVE-2004-1545 | 1 Moniwiki | 1 Moniwiki | 2017-07-10 | 5.0 MEDIUM | N/A |
| UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code. | |||||
| CVE-2004-1546 | 1 Alt-n | 1 Mdaemon | 2017-07-10 | 5.0 MEDIUM | N/A |
| Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server. | |||||
| CVE-2004-1547 | 1 Onnuri Infotek | 1 Activepost Standard | 2017-07-10 | 5.0 MEDIUM | N/A |
| The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow. | |||||