Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2253 | 1 Netwin | 1 Surgeldap | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command. | |||||
| CVE-2004-2254 | 1 Netwin | 1 Surgeldap | 2017-07-10 | 7.5 HIGH | N/A |
| SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. | |||||
| CVE-2004-2255 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename. | |||||
| CVE-2004-2256 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable. | |||||
| CVE-2004-2257 | 1 Phpmyfaq | 1 Phpmyfaq | 2017-07-10 | 5.0 MEDIUM | N/A |
| phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request. | |||||
| CVE-2004-2258 | 1 Hummingbird | 1 Exceed | 2017-07-10 | 2.1 LOW | N/A |
| Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab. | |||||
| CVE-2004-2261 | 1 E107 | 1 E107 | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions. | |||||
| CVE-2004-2263 | 1 Playsms | 1 Playsms | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. | |||||
| CVE-2004-2264 | 1 Gnu | 1 Less | 2017-07-10 | 6.4 MEDIUM | N/A |
| ** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed. | |||||
| CVE-2004-2265 | 1 Uudeview | 1 Uudeview | 2017-07-10 | 7.2 HIGH | N/A |
| UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. | |||||
| CVE-2004-2266 | 1 Ansel | 1 Ansel | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. | |||||
| CVE-2004-2267 | 1 Ansel | 1 Ansel | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name. | |||||
| CVE-2004-2268 | 1 Pimentech | 1 Pimengest2 | 2017-07-10 | 5.0 MEDIUM | N/A |
| PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php. | |||||
| CVE-2004-2269 | 1 Matt Shelton | 1 Pads | 2017-07-10 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability. | |||||
| CVE-2004-2270 | 1 Ibm | 1 Parallel Environment | 2017-07-10 | 7.2 HIGH | N/A |
| Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. | |||||
| CVE-2004-2271 | 1 Minishare | 1 Minimal Http Server | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-2272 | 1 Evan Sims | 1 Effingerd | 2017-07-10 | 5.0 MEDIUM | N/A |
| Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command. | |||||
| CVE-2004-2274 | 1 W3c | 1 Jigsaw | 2017-07-10 | 6.4 MEDIUM | N/A |
| Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI. | |||||
| CVE-2004-2275 | 1 I-mall Commerce | 1 I-mall.cgi | 2017-07-10 | 10.0 HIGH | N/A |
| i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter. | |||||
| CVE-2004-2276 | 1 F-secure | 1 F-secure Anti-virus | 2017-07-10 | 2.1 LOW | N/A |
| F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection. | |||||