Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1738 | 1 Jshop E-commerce | 1 Jshop Server | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter. | |||||
| CVE-2004-1739 | 1 Bird Chat | 1 Internet Chat Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users. | |||||
| CVE-2004-1740 | 1 Music Daemon | 1 Music Daemon | 2017-07-10 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST. | |||||
| CVE-2004-1741 | 1 Music Daemon | 1 Music Daemon | 2017-07-10 | 5.0 MEDIUM | N/A |
| Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST. | |||||
| CVE-2004-1742 | 1 Web-app.org | 1 Webapp | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. | |||||
| CVE-2004-1743 | 1 Efs Software | 1 Efs Web Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. | |||||
| CVE-2004-1744 | 1 Efs Software | 1 Efs Web Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests. | |||||
| CVE-2004-1745 | 1 People Can Fly | 1 Painkiller | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password. | |||||
| CVE-2004-1746 | 1 Php Code Snippet Library | 1 Php Code Snippet Library | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters. | |||||
| CVE-2004-1747 | 1 Network Everywhere | 1 Nr041 | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option. | |||||
| CVE-2004-1748 | 1 Sysinternals | 1 Regmon | 2017-07-10 | 2.1 LOW | N/A |
| NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue. | |||||
| CVE-2004-1749 | 1 Toplayer | 1 Attack Mitigator | 2017-07-10 | 5.0 MEDIUM | N/A |
| Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests. | |||||
| CVE-2004-1750 | 1 Vnc | 1 Realvnc | 2017-07-10 | 5.0 MEDIUM | N/A |
| RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900. | |||||
| CVE-2004-1751 | 1 Massive Entertainment | 1 Ground Control Ii Operation Exodus | 2017-07-10 | 5.0 MEDIUM | N/A |
| Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error. | |||||
| CVE-2004-1752 | 1 Nakedsoft | 1 Gaucho | 2017-07-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header. | |||||
| CVE-2004-1753 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-07-10 | 2.6 LOW | N/A |
| The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allows Java applets from one tab to draw to other tabs and facilitates phishing attacks that spoof tabs. | |||||
| CVE-2004-1755 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 7.5 HIGH | N/A |
| The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges. | |||||
| CVE-2004-1756 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers. | |||||
| CVE-2004-1757 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges. | |||||
| CVE-2004-1758 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 4.6 MEDIUM | N/A |
| BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges. | |||||