Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2040 | 1 E107 | 1 E107 | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary web script or HTML via the (1) LAN_407 parameter to clock_menu.php, (2) "email article to a friend" field, (3) "submit news" field, or (4) avmsg parameter to usersettings.php. | |||||
| CVE-2004-2041 | 1 E107 | 1 E107 | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-2042 | 1 E107 | 1 E107 | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php. | |||||
| CVE-2004-2043 | 2 Borland Software, Firebirdsql | 3 Interbase, Interbase Superserver, Firebird | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command. | |||||
| CVE-2004-2044 | 4 Francisco Burzi, Oscommerce, Paul Laudanski and 1 more | 4 Php-nuke, Osc2nuke, Betanc Php-nuke and 1 more | 2017-07-10 | 7.5 HIGH | N/A |
| PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string. | |||||
| CVE-2004-2045 | 1 Conceptronic | 1 Cadslr1 Adsl Router | 2017-07-10 | 5.0 MEDIUM | N/A |
| The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long username. | |||||
| CVE-2004-2046 | 1 Apc | 1 Powerchute | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors. | |||||
| CVE-2004-2047 | 1 Easyweb | 1 Easyweb Filemanager | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter. | |||||
| CVE-2004-2048 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-10 | 10.0 HIGH | N/A |
| radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access. | |||||
| CVE-2004-2049 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-10 | 4.6 MEDIUM | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain access. | |||||
| CVE-2004-2050 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-10 | 4.6 MEDIUM | N/A |
| eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell. | |||||
| CVE-2004-2051 | 1 Esesix | 7 Thintune Extreme, Thintune L, Thintune M and 4 more | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL. | |||||
| CVE-2004-2053 | 1 Easyins | 1 Easyins | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter. | |||||
| CVE-2004-2054 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2) the redirect parameter to login.php. | |||||
| CVE-2004-2055 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. | |||||
| CVE-2004-2057 | 1 Xlinesoft | 1 Asprunner | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. | |||||
| CVE-2004-2058 | 1 Xlinesoft | 1 Asprunner | 2017-07-10 | 5.0 MEDIUM | N/A |
| ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. | |||||
| CVE-2004-2060 | 1 Xlinesoft | 1 Asprunner | 2017-07-10 | 5.0 MEDIUM | N/A |
| ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names. | |||||
| CVE-2004-2061 | 1 Risearch Software | 2 Risearch, Risearch Pro | 2017-07-10 | 7.5 HIGH | N/A |
| RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL. | |||||
| CVE-2004-2062 | 1 Antiboard | 1 Antiboard | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters. | |||||