Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0318 | 1 Platform | 1 Lsf | 2017-07-10 | 10.0 HIGH | N/A |
| Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID environment variable, if it exists, instead of the real UID of the user, which could allow remote attackers within the local cluster to gain privileges. | |||||
| CVE-2004-0319 | 1 Ezboard | 1 Ezboard | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7.3u allows remote attackers to execute arbitrary script as other users, as demonstrated using the background:url in a (1) font color or (2) font face argument. | |||||
| CVE-2004-0321 | 1 Singularity Software | 1 Team Factor | 2017-07-10 | 5.0 MEDIUM | N/A |
| Team Factor 1.25 and earlier allows remote attackers to cause a denial of service (crash) via a packet that uses a negative number to specify the size of the data block that follows, which causes Team Factor to read unallocated memory. | |||||
| CVE-2004-0324 | 1 Confirm | 1 Confirm | 2017-07-10 | 7.5 HIGH | N/A |
| Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $. | |||||
| CVE-2004-0325 | 1 Typsoft | 1 Typsoft Ftp Server | 2017-07-10 | 2.1 LOW | N/A |
| TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe, (8) rnfr, (9) rnto, (10) rmd, or (11) xrmd, as demonstrated using "//../qwerty". | |||||
| CVE-2004-0326 | 1 Proxy-pro | 1 Professional Gatekeeper | 2017-07-10 | 10.0 HIGH | N/A |
| Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request. | |||||
| CVE-2004-0327 | 1 Skintech | 1 Phpnewsmanager | 2017-07-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in functions.php in PhpNewsManager 1.46 allows remote attackers to retrieve arbitrary files via .. (dot dot) sequences in the clang parameter. | |||||
| CVE-2004-0328 | 1 Gigabyte | 1 Gn-b46b | 2017-07-10 | 7.2 HIGH | N/A |
| Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 allows local users on the same local network as the router to bypass authentication by using a copy of the router's html menu on a separate system. | |||||
| CVE-2004-0329 | 1 Freechat | 1 Freechat | 2017-07-10 | 5.0 MEDIUM | N/A |
| FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa". | |||||
| CVE-2004-0331 | 1 Dell | 1 Openmanage | 2017-07-10 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. | |||||
| CVE-2004-0332 | 1 Extremail | 1 Extremail | 2017-07-10 | 10.0 HIGH | N/A |
| Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | |||||
| CVE-2004-0333 | 4 Gentoo, Openpkg, Uudeview and 1 more | 4 Linux, Openpkg, Uudeview and 1 more | 2017-07-10 | 10.0 HIGH | N/A |
| Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. | |||||
| CVE-2004-0334 | 1 Innomedia | 1 Innomedia Videophone | 2017-07-10 | 5.0 MEDIUM | N/A |
| InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error. | |||||
| CVE-2004-0335 | 1 Software602 | 1 602pro Lan Suite | 2017-07-10 | 5.0 MEDIUM | N/A |
| LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. | |||||
| CVE-2004-0337 | 1 Software602 | 1 602pro Lan Suite | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future. | |||||
| CVE-2004-0338 | 1 Invision Power Services | 1 Invision Board | 2017-07-10 | 10.0 HIGH | N/A |
| SQL injection vulnerability in search.php for Invision Board Forum allows remote attackers to execute arbitrary SQL queries via the st parameter. | |||||
| CVE-2004-0339 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, possibly 2.0.6c and earlier, allows remote attackers to execute arbitrary script or HTML as other users via the postorder parameter. | |||||
| CVE-2004-0340 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-10 | 7.2 HIGH | N/A |
| Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands. | |||||
| CVE-2004-0341 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-10 | 2.1 LOW | N/A |
| WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline. | |||||
| CVE-2004-0342 | 1 Texas Imperial Software | 1 Wftpd | 2017-07-10 | 2.1 LOW | N/A |
| WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | |||||