Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1930 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the cookiedecode function in mainfile.php for PHP-Nuke 6.x through 7.2, when themes are used, allows remote attackers to inject arbitrary web script or HTML via a base64-encoded user parameter or cookie. | |||||
| CVE-2004-1932 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL code and create an administrator account via base64-encoded SQL in the admin parameter. | |||||
| CVE-2004-1933 | 1 Citadel | 1 Ux | 2017-07-10 | 2.1 LOW | N/A |
| Citadel/UX 5.00 through 6.14 installs the database directory and files with world-read permissions, which could allow local users to bypass access controls and read unauthorized messages. | |||||
| CVE-2004-1934 | 1 Isesam | 1 Gemitel | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50 allows remote attackers to execute arbitrary PHP code via the base parameter. | |||||
| CVE-2004-1935 | 1 Sct Corporation | 1 Campus Pipeline | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment. | |||||
| CVE-2004-1936 | 1 Zonelabs | 1 Zonealarm | 2017-07-10 | 7.5 HIGH | N/A |
| ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote attackers to bypass e-mail protection via attachments whose names contain certain non-English characters. | |||||
| CVE-2004-1937 | 1 Nuked-klan | 1 Nuked-klan | 2017-07-10 | 5.0 MEDIUM | N/A |
| Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. | |||||
| CVE-2004-1938 | 1 Phorum | 1 Phorum | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | |||||
| CVE-2004-1939 | 1 Rhinosoft | 1 Zaep Antispam | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter. | |||||
| CVE-2004-1940 | 1 Kphone | 1 Kphone | 2017-07-10 | 5.0 MEDIUM | N/A |
| sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read. | |||||
| CVE-2004-1941 | 1 Fastream | 1 Netfile Ftp Web Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist. | |||||
| CVE-2004-1942 | 1 Sun | 1 Patch Manager | 2017-07-10 | 7.5 HIGH | N/A |
| The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map such as passwd.adjunct.byname. | |||||
| CVE-2004-1943 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. | |||||
| CVE-2004-1944 | 1 Qualcomm | 1 Eudora | 2017-07-10 | 5.0 MEDIUM | N/A |
| Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message. | |||||
| CVE-2004-1945 | 1 Kinesphere Corporation | 1 Exchange Pop3 | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to execute arbitrary code via a long MAIL FROM field. | |||||
| CVE-2004-1946 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-10 | 4.6 MEDIUM | N/A |
| Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this issue could be exploited remotely, or if Cherokee is running at escalated privileges. Therefore it might not be a vulnerability. | |||||
| CVE-2004-1947 | 1 Softwin | 1 Bitdefender | 2017-07-10 | 5.0 MEDIUM | N/A |
| The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab. | |||||
| CVE-2004-1948 | 1 Ncftp Software | 1 Ncftp | 2017-07-10 | 4.6 MEDIUM | N/A |
| NcFTP client 3.1.6 and 3.1.7, when the username and password are included in an FTP URL that is provided on the command line, allows local users to obtain sensitive information via "ps aux," which displays the URL in the process list. | |||||
| CVE-2004-1949 | 1 Postnuke Software Foundation | 1 Postnuke | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. | |||||
| CVE-2004-1950 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 5.0 MEDIUM | N/A |
| phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses. | |||||