Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1718 | 1 Pedestal Software | 1 Integrity Protection Driver | 2017-07-10 | 2.1 LOW | N/A |
| The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument. | |||||
| CVE-2004-1719 | 1 Merak | 1 Mail Server | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message. | |||||
| CVE-2004-1720 | 1 Merak | 1 Mail Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means. | |||||
| CVE-2004-1721 | 1 Merak | 1 Mail Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000. | |||||
| CVE-2004-1722 | 1 Merak | 1 Mail Server | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter. | |||||
| CVE-2004-1723 | 1 Php Fusion | 1 Php Fusion | 2017-07-10 | 5.0 MEDIUM | N/A |
| The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. | |||||
| CVE-2004-1724 | 1 Php Fusion | 1 Php Fusion | 2017-07-10 | 7.5 HIGH | N/A |
| The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password. | |||||
| CVE-2004-1725 | 1 John Bradley | 1 Xv | 2017-07-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file. | |||||
| CVE-2004-1726 | 1 John Bradley | 1 Xv | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow. | |||||
| CVE-2004-1727 | 1 Working Resources Inc. | 1 Badblue | 2017-07-10 | 5.0 MEDIUM | N/A |
| BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address. | |||||
| CVE-2004-1728 | 1 British National Corpus | 1 Sara | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string. | |||||
| CVE-2004-1729 | 1 Nihuo Software | 1 Web Log Analyzer | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. | |||||
| CVE-2004-1730 | 1 Mantis | 1 Mantis | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php. | |||||
| CVE-2004-1731 | 1 Mantis | 1 Mantis | 2017-07-10 | 5.0 MEDIUM | N/A |
| signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. | |||||
| CVE-2004-1732 | 1 Mydms | 1 Mydms | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter. | |||||
| CVE-2004-1733 | 1 Mydms | 1 Mydms | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL. | |||||
| CVE-2004-1734 | 1 Mantis | 1 Mantis | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-1735 | 1 Sympa | 1 Sympa | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. | |||||
| CVE-2004-1736 | 1 The Cacti Group | 1 Cacti | 2017-07-10 | 5.0 MEDIUM | N/A |
| Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message. | |||||
| CVE-2004-1737 | 2 Gentoo, The Cacti Group | 2 Linux, Cacti | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. | |||||