Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2087 | 1 Sandsurfer | 1 Sandsurfer | 2017-07-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user. | |||||
| CVE-2004-2088 | 1 Sophos | 1 Sophos Anti-virus | 2017-07-10 | 5.0 MEDIUM | N/A |
| Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message. | |||||
| CVE-2004-2089 | 1 Matrix | 1 Matrix Ftp Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. | |||||
| CVE-2004-2093 | 1 Gnu | 1 Rsync | 2017-07-10 | 4.6 MEDIUM | N/A |
| Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. | |||||
| CVE-2004-2094 | 1 Darkwet | 1 Webcam Xp | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script. | |||||
| CVE-2004-2095 | 1 Niels Provos | 1 Honeyd | 2017-07-10 | 5.0 MEDIUM | N/A |
| Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd. | |||||
| CVE-2004-2096 | 1 Mephistoles Internet Suite | 1 Mephistoles Httpd | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL. | |||||
| CVE-2004-2097 | 1 Suse | 1 Suse Linux | 2017-07-10 | 2.1 LOW | N/A |
| Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd. | |||||
| CVE-2004-2098 | 1 Native Solutions | 1 Tbe Banner Engine | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability. | |||||
| CVE-2004-2099 | 1 Electronic Arts | 1 Need For Speed Hot Pursuit 2 | 2017-07-10 | 5.1 MEDIUM | N/A |
| Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostname, (4) gametype, (5) mapname or (6) gamemode commands. | |||||
| CVE-2004-2101 | 1 Geovision | 1 Geohttpserver | 2017-07-10 | 5.0 MEDIUM | N/A |
| The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow. | |||||
| CVE-2004-2102 | 1 Freesco | 1 Freesco | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter. | |||||
| CVE-2004-2107 | 1 Finjan Software | 1 Surfingate | 2017-07-10 | 7.5 HIGH | N/A |
| Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart the service, (2) use the getlastmsg command to view log information, or (3) use the online command to force a policy update from the database server. | |||||
| CVE-2004-2108 | 1 Quadcomm | 1 Q-shop | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showcat.asp, (5) users.asp, (6) addtomylist.asp, (7) modline.asp, (8) cart.asp, or (9) newuser.asp. | |||||
| CVE-2004-2109 | 1 Quadcomm | 1 Q-shop | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript in a URL. | |||||
| CVE-2004-2112 | 1 Herberlin | 1 Bremsserver | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL. | |||||
| CVE-2004-2113 | 1 Herberlin | 1 Bremsserver | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL. | |||||
| CVE-2004-2114 | 1 Internetnow | 1 Proxynow | 2017-07-10 | 10.0 HIGH | N/A |
| Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL. | |||||
| CVE-2004-2115 | 1 Oracle | 1 Http Server | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username, or (3) password parameters in an isqlplus request. | |||||
| CVE-2004-2120 | 1 Reptile Web Server | 1 Reptile Web Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. | |||||