Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-2400 | 1 Winftp Server | 1 Winftp Server | 2017-07-10 | 2.1 LOW | N/A |
| WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials. | |||||
| CVE-2004-2401 | 1 Ipswitch | 1 Imail Express | 2017-07-10 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text." | |||||
| CVE-2004-2402 | 1 Yabb | 1 Yabb | 2017-07-10 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect. | |||||
| CVE-2004-2403 | 1 Yabb | 1 Yabb | 2017-07-10 | 10.0 HIGH | N/A |
| Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters. | |||||
| CVE-2004-2405 | 1 F-secure | 4 F-secure Anti-virus, F-secure For Firewalls, F-secure Internet Security and 1 more | 2017-07-10 | 6.4 MEDIUM | N/A |
| Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive. | |||||
| CVE-2004-2408 | 1 Vserver | 1 Linux-vserver | 2017-07-10 | 3.6 LOW | N/A |
| Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in /proc to obtain system information or cause a denial of service on other virtual servers or the host server. | |||||
| CVE-2004-2409 | 1 Samhain Labs | 1 Samhain | 2017-07-10 | 7.2 HIGH | N/A |
| Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code. | |||||
| CVE-2004-2411 | 1 Virtual Programming | 1 Vp-asp | 2017-07-10 | 4.3 MEDIUM | N/A |
| The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors. | |||||
| CVE-2004-2412 | 1 Virtual Programming | 1 Vp-asp | 2017-07-10 | 7.5 HIGH | N/A |
| Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp. | |||||
| CVE-2004-2413 | 1 Virtual Programming | 1 Vp-asp | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp. | |||||
| CVE-2004-2414 | 1 Novell | 1 Netware | 2017-07-10 | 2.1 LOW | N/A |
| Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2) NI.LOG log files, which might allow local users to obtain the passwords. | |||||
| CVE-2004-2415 | 1 Davenport | 1 Davenport | 2017-07-10 | 5.0 MEDIUM | N/A |
| Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks. | |||||
| CVE-2004-2416 | 1 Youngzsoft | 1 Ccproxy | 2017-07-10 | 7.5 HIGH | N/A |
| Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request. | |||||
| CVE-2004-2417 | 1 Smtp.proxy | 1 Smtp.proxy | 2017-07-10 | 7.5 HIGH | N/A |
| Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message. | |||||
| CVE-2004-2418 | 1 Whitsoft Development | 1 Slimftpd | 2017-07-10 | 7.2 HIGH | N/A |
| Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT. | |||||
| CVE-2004-2419 | 1 Keene | 1 Digital Media Server | 2017-07-10 | 2.1 LOW | N/A |
| Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system. | |||||
| CVE-2004-2420 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2017-07-10 | 5.0 MEDIUM | N/A |
| Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets. | |||||
| CVE-2004-2421 | 1 Hitachi | 3 Jp1 P-1b41-9461, Jp1 P-1b41-9471, Jp1 P-1j41-9471 | 2017-07-10 | 10.0 HIGH | N/A |
| Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights. | |||||
| CVE-2004-2422 | 1 Ipswitch | 1 Imail | 2017-07-10 | 5.0 MEDIUM | N/A |
| Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component. | |||||
| CVE-2004-2423 | 1 Ipswitch | 1 Imail | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content." | |||||