Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1989 | 2 Coppermine, Francisco Burzi | 2 Coppermine Photo Gallery, Php-nuke | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. | |||||
| CVE-2004-1990 | 1 Aldo Vargas | 1 Aldos Web Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request. | |||||
| CVE-2004-1993 | 1 Omail | 1 Omail Webmail | 2017-07-10 | 10.0 HIGH | N/A |
| The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password. | |||||
| CVE-2004-1994 | 1 E-zone Media Inc. | 1 Fusetalk | 2017-07-10 | 5.0 MEDIUM | N/A |
| FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. | |||||
| CVE-2004-1995 | 1 E-zone Media Inc. | 1 Fusetalk | 2017-07-10 | 7.5 HIGH | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. | |||||
| CVE-2004-1996 | 1 Simple Machines | 1 Smf | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. | |||||
| CVE-2004-1997 | 2 Kolab, Openpkg | 2 Kolab Groupware Server, Openpkg | 2017-07-10 | 4.6 MEDIUM | N/A |
| Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. | |||||
| CVE-2004-1999 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. | |||||
| CVE-2004-2002 | 1 Sgi | 1 Irix | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet. | |||||
| CVE-2004-2003 | 1 Delegate | 1 Delegate | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field. | |||||
| CVE-2004-2004 | 1 Suse | 1 Suse Linux | 2017-07-10 | 10.0 HIGH | N/A |
| The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. | |||||
| CVE-2004-2005 | 1 Qualcomm | 1 Eudora | 2017-07-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name. | |||||
| CVE-2004-2006 | 1 Trend Micro | 1 Officescan | 2017-07-10 | 4.6 MEDIUM | N/A |
| Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. | |||||
| CVE-2004-2007 | 1 Adam Webb | 1 Nukejokes | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid parameter in a JokeView function. | |||||
| CVE-2004-2008 | 1 Adam Webb | 1 Nukejokes | 2017-07-10 | 4.6 MEDIUM | N/A |
| SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to execute arbitrary SQL via the jokeid parameter. | |||||
| CVE-2004-2009 | 1 Adam Webb | 1 Nukejokes | 2017-07-10 | 5.0 MEDIUM | N/A |
| NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message. | |||||
| CVE-2004-2010 | 1 Phpshop | 1 Phpshop | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a remote web server that contains phpshop.cfg. | |||||
| CVE-2004-2012 | 3 Netbsd, Niels, Vladimir Kotal | 3 Netbsd, Provos Systrace, Systrace Port For Freebsd | 2017-07-10 | 7.2 HIGH | N/A |
| The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges. | |||||
| CVE-2004-2013 | 1 Linux | 1 Linux Kernel | 2017-07-10 | 7.2 HIGH | N/A |
| Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of memory. | |||||
| CVE-2004-2015 | 1 Webct | 1 Webct | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags. | |||||