Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1653 | 1 Openbsd | 1 Openssh | 2017-07-10 | 6.4 MEDIUM | N/A |
| The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS. | |||||
| CVE-2004-1654 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template. | |||||
| CVE-2004-1655 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) CM_pid parameter in the comments module or (2) the subject or message fields in the notes module. | |||||
| CVE-2004-1656 | 1 Comersus Open Technologies | 1 Comersus Cart | 2017-07-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter. | |||||
| CVE-2004-1657 | 1 Newtelligence | 1 Dasblog | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Activity and Events Viewer for Newtelligence DasBlog allows remote attackers to inject arbitrary web script or HTML via the (1) User Agent or (2) Referrer HTTP headers. | |||||
| CVE-2004-1658 | 1 Kerio | 1 Personal Firewall | 2017-07-10 | 4.6 MEDIUM | N/A |
| Kerio Personal Firewall 4.0 (KPF4) allows local users with administrative privileges to bypass the Application Security feature and execute arbitrary processes by directly writing to \device\physicalmemory to restore the running kernel's SDT ServiceTable. | |||||
| CVE-2004-1659 | 1 Cutephp | 1 Cutenews | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3.6 and earlier allows remote attackers with Administrator, Editor, Journalist or Commenter privileges to inject arbitrary web script or HTML via the mod parameter. | |||||
| CVE-2004-1660 | 1 Cutephp | 1 Cutenews | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php. | |||||
| CVE-2004-1661 | 1 Sitecubed | 1 Mailworks Professional | 2017-07-10 | 7.5 HIGH | N/A |
| MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1." | |||||
| CVE-2004-1662 | 1 Yabb | 1 Yabb | 2017-07-10 | 5.0 MEDIUM | N/A |
| YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message. | |||||
| CVE-2004-1664 | 1 Activision | 2 Call Of Duty, Call Of Duty United Offensive | 2017-07-10 | 5.0 MEDIUM | N/A |
| Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430. | |||||
| CVE-2004-1665 | 1 Psnews | 1 Psnews | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 allows remote attackers to inject arbitrary web script or HTML via the no parameter. | |||||
| CVE-2004-1666 | 1 Cerulean Studios | 1 Trillian | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character. | |||||
| CVE-2004-1667 | 1 Gearbox Software | 1 Halo Combat Evolved | 2017-07-10 | 5.0 MEDIUM | N/A |
| Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response. | |||||
| CVE-2004-1668 | 1 Easyweb | 1 Factory Subjects Module | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters. | |||||
| CVE-2004-1669 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to execute arbitrary web script or HTML via the (1) User name parameter to accountsettings.html or (2) Search string parameter to search.html. | |||||
| CVE-2004-1670 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html. | |||||
| CVE-2004-1671 | 1 Icewarp | 1 Web Mail | 2017-07-10 | 5.0 MEDIUM | N/A |
| Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html. | |||||
| CVE-2004-1672 | 1 Icewarp | 1 Web Mail | 2017-07-10 | 7.5 HIGH | N/A |
| attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request. | |||||
| CVE-2004-1673 | 1 Icewarp | 1 Web Mail | 2017-07-10 | 7.5 HIGH | N/A |
| accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter. | |||||