Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2312 | 1 Ibm | 1 Aix | 2017-07-10 | 7.2 HIGH | N/A |
| Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. | |||||
| CVE-2004-2313 | 1 Inter7 | 1 Sqwebmail | 2017-07-10 | 5.0 MEDIUM | N/A |
| Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks. | |||||
| CVE-2004-2314 | 1 Novell | 1 Ichain | 2017-07-10 | 7.5 HIGH | N/A |
| The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. | |||||
| CVE-2004-2315 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request. | |||||
| CVE-2004-2316 | 1 Mbedthis Software | 1 Mbedthis Appweb Http Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1. | |||||
| CVE-2004-2318 | 1 Netwin | 1 Surgeftp | 2017-07-10 | 5.0 MEDIUM | N/A |
| The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in the CMD parameter. | |||||
| CVE-2004-2319 | 1 Ibm | 2 Informix Dynamic Server, Informix Extended Parallel Server | 2017-07-10 | 3.6 LOW | N/A |
| IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tmp to onshowaudit. | |||||
| CVE-2004-2320 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 5.8 MEDIUM | N/A |
| The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. | |||||
| CVE-2004-2321 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 2.1 LOW | N/A |
| BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) NodeManagerMBean.CertificatePassword. | |||||
| CVE-2004-2322 | 1 Phpwebsite | 1 Phpwebsite | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. | |||||
| CVE-2004-2323 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-10 | 5.0 MEDIUM | N/A |
| DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or configuration files such as Web.config. | |||||
| CVE-2004-2324 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. | |||||
| CVE-2004-2325 | 1 Dotnetnuke | 1 Dotnetnuke | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2004-2327 | 1 Vizer Web Server | 1 Vizer Web Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET requests. | |||||
| CVE-2004-2328 | 1 Clearswift | 1 Mailsweeper | 2017-07-10 | 5.0 MEDIUM | N/A |
| Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached. | |||||
| CVE-2004-2329 | 1 Kerio | 1 Personal Firewall | 2017-07-10 | 7.2 HIGH | N/A |
| Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. | |||||
| CVE-2004-2330 | 1 Macromedia | 1 Coldfusion | 2017-07-10 | 5.0 MEDIUM | N/A |
| ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields. | |||||
| CVE-2004-2331 | 1 Macromedia | 1 Coldfusion | 2017-07-10 | 2.1 LOW | N/A |
| ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag. | |||||
| CVE-2004-2332 | 1 Cpan | 1 Www Form | 2017-07-10 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. | |||||
| CVE-2004-2333 | 1 Bodington | 1 Bodington | 2017-07-10 | 5.0 MEDIUM | N/A |
| Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files. | |||||