Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2224 | 1 Appfoundry | 1 Message Foundry | 2017-07-10 | 5.0 MEDIUM | N/A |
| Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1. | |||||
| CVE-2004-2226 | 1 Mozilla | 1 Thunderbird | 2017-07-10 | 5.0 MEDIUM | N/A |
| Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server. | |||||
| CVE-2004-2227 | 1 Mozilla | 1 Firefox | 2017-07-10 | 5.0 MEDIUM | N/A |
| Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions. | |||||
| CVE-2004-2228 | 1 Mozilla | 1 Firefox | 2017-07-10 | 7.2 HIGH | N/A |
| Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. | |||||
| CVE-2004-2229 | 1 Oracle | 1 Database Server Lite | 2017-07-10 | 4.6 MEDIUM | N/A |
| Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges. | |||||
| CVE-2004-2230 | 1 Openbsd | 1 Openbsd | 2017-07-10 | 2.1 LOW | N/A |
| Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket. | |||||
| CVE-2004-2231 | 1 Zero G | 1 Installanywhere | 2017-07-10 | 1.2 LOW | N/A |
| Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files. | |||||
| CVE-2004-2238 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2017-07-10 | 5.0 MEDIUM | N/A |
| ** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability. | |||||
| CVE-2004-2239 | 1 Inter7 | 1 Vpopmail \(vchkpw\) | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-2240 | 1 Phorum | 1 Phorum | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | |||||
| CVE-2004-2241 | 1 Phorum | 1 Phorum | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. | |||||
| CVE-2004-2242 | 1 Phorum | 1 Phorum | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. | |||||
| CVE-2004-2243 | 1 Phorum | 1 Phorum | 2017-07-10 | 7.5 HIGH | N/A |
| Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous. | |||||
| CVE-2004-2244 | 1 Oracle | 2 Application Server, Oracle9i | 2017-07-10 | 5.0 MEDIUM | N/A |
| The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD. | |||||
| CVE-2004-2245 | 1 Goollery | 1 Goollery | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php. | |||||
| CVE-2004-2248 | 1 Goosequill | 1 Remoteeditor | 2017-07-10 | 10.0 HIGH | N/A |
| Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions." | |||||
| CVE-2004-2249 | 1 Goosequill | 1 Audienceconnect Secureeditor | 2017-07-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
| CVE-2004-2250 | 1 Goosequill | 1 Audienceconnect Remoteeditor | 2017-07-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. | |||||
| CVE-2004-2251 | 1 Astaro | 1 Security Linux | 2017-07-10 | 5.0 MEDIUM | N/A |
| The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks. | |||||
| CVE-2004-2252 | 1 Astaro | 1 Security Linux | 2017-07-10 | 5.0 MEDIUM | N/A |
| The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks. | |||||