Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2505 | 1 Macromedia | 1 Coldfusion | 2017-07-10 | 5.0 MEDIUM | N/A |
| Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data. | |||||
| CVE-2004-2506 | 1 Wikindx | 1 Wikindx | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file. | |||||
| CVE-2004-2507 | 1 Linksys | 1 Wvc11b | 2017-07-10 | 5.0 MEDIUM | N/A |
| Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | |||||
| CVE-2004-2508 | 1 Linksys | 1 Wvc11b | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. | |||||
| CVE-2004-2509 | 1 Ubbcentral | 1 Ubb.threads | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter. | |||||
| CVE-2004-2510 | 1 Ubbcentral | 1 Ubb.threads | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter. | |||||
| CVE-2004-2511 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php. | |||||
| CVE-2004-2512 | 1 Codeworx Technologies | 1 Dcp-portal | 2017-07-10 | 4.3 MEDIUM | N/A |
| CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter. | |||||
| CVE-2004-2514 | 1 Powerportal | 1 Powerportal | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field. | |||||
| CVE-2004-2515 | 1 Vmware | 1 Workstation | 2017-07-10 | 7.2 HIGH | N/A |
| Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability. | |||||
| CVE-2004-2516 | 1 Myserver | 1 Myserver | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences. | |||||
| CVE-2004-2517 | 1 Myserver | 1 Myserver | 2017-07-10 | 5.0 MEDIUM | N/A |
| myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html. | |||||
| CVE-2004-2518 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-10 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message. | |||||
| CVE-2004-2519 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-10 | 5.0 MEDIUM | N/A |
| Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en". | |||||
| CVE-2004-2520 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-10 | 4.0 MEDIUM | N/A |
| POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands. | |||||
| CVE-2004-2521 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-10 | 5.0 MEDIUM | N/A |
| Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP). | |||||
| CVE-2004-2522 | 1 Geeos Team | 1 Gattaca Server 2003 | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter. | |||||
| CVE-2004-1878 | 1 Linbit Technologies | 1 Linbox Officeserver | 2017-07-10 | 5.0 MEDIUM | N/A |
| LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). | |||||
| CVE-2004-1879 | 1 Phpkit | 1 Phpkit | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. | |||||
| CVE-2004-1881 | 1 Cactusoft | 1 Cactushop | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. | |||||