Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1674 | 2 Icewarp, Merak | 2 Web Mail, Mail Server | 2017-07-10 | 7.5 HIGH | N/A |
| viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter. | |||||
| CVE-2004-1676 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-10 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message. | |||||
| CVE-2004-1677 | 1 Logicnow | 1 Perldesk | 2017-07-10 | 5.0 MEDIUM | N/A |
| pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message. | |||||
| CVE-2004-1678 | 1 Logicnow | 1 Perldesk | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs. | |||||
| CVE-2004-1680 | 1 Pingtel | 1 Xpressa | 2017-07-10 | 5.0 MEDIUM | N/A |
| application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow. | |||||
| CVE-2004-1681 | 1 Qnx | 2 Photon Microgui, Rtp | 2017-07-10 | 7.2 HIGH | N/A |
| Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter. | |||||
| CVE-2004-1682 | 1 Qnx | 1 Rtp | 2017-07-10 | 10.0 HIGH | N/A |
| Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command. | |||||
| CVE-2004-1683 | 1 Qnx | 1 Rtos | 2017-07-10 | 3.7 LOW | N/A |
| A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap. | |||||
| CVE-2004-1684 | 1 Zyxel | 2 Prestige, Zynos | 2017-07-10 | 5.0 MEDIUM | N/A |
| Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network. | |||||
| CVE-2004-1685 | 1 Smc Networks | 2 Smc7004vwbr, Smc7008abr | 2017-07-10 | 7.5 HIGH | N/A |
| SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages. | |||||
| CVE-2004-1686 | 1 Microsoft | 1 Ie | 2017-07-10 | 5.0 MEDIUM | N/A |
| Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin. | |||||
| CVE-2004-1687 | 1 Snitz Communications | 1 Snitz Forums 2000 | 2017-07-10 | 5.0 MEDIUM | N/A |
| CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter. | |||||
| CVE-2004-1688 | 1 Tech-noel | 1 Pigeon Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103. | |||||
| CVE-2004-1689 | 1 Todd Miller | 1 Sudo | 2017-07-10 | 2.1 LOW | N/A |
| sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root privileges, which allows local users to read arbitrary files via a symlink attack on the temporary file before quitting sudoedit. | |||||
| CVE-2004-1690 | 1 Rhinosoft | 1 Dns4me | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL. | |||||
| CVE-2004-1691 | 1 Rhinosoft | 1 Dns4me | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data. | |||||
| CVE-2004-1692 | 1 Mambo | 1 Mambo Open Source | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters. | |||||
| CVE-2004-1693 | 1 Mambo | 1 Mambo | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1694 | 1 Symantec | 2 On Command Ccm, On Icommand | 2017-07-10 | 7.5 HIGH | N/A |
| Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access. | |||||
| CVE-2004-1695 | 1 Emulive | 1 Server4 | 2017-07-10 | 10.0 HIGH | N/A |
| EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash). | |||||