Total
210374 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0703 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 7.5 HIGH | N/A |
| Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control. | |||||
| CVE-2004-0704 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products. | |||||
| CVE-2004-0705 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter. | |||||
| CVE-2004-0706 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 2.1 LOW | N/A |
| Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files. | |||||
| CVE-2004-0707 | 1 Mozilla | 1 Bugzilla | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL. | |||||
| CVE-2004-0708 | 1 Moinmoin | 1 Moinmoin | 2017-07-10 | 7.5 HIGH | N/A |
| MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges. | |||||
| CVE-2004-0709 | 1 Hp | 1 Openview Select Access | 2017-07-10 | 7.5 HIGH | N/A |
| HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions. | |||||
| CVE-2004-0711 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 7.5 HIGH | N/A |
| The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected. | |||||
| CVE-2004-0712 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 4.6 MEDIUM | N/A |
| The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges. | |||||
| CVE-2004-0713 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 6.4 MEDIUM | N/A |
| The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown. | |||||
| CVE-2004-0715 | 1 Bea | 1 Weblogic Server | 2017-07-10 | 5.1 MEDIUM | N/A |
| The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges. | |||||
| CVE-2004-0720 | 1 Apple | 1 Safari | 2017-07-10 | 7.5 HIGH | N/A |
| Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability. | |||||
| CVE-2004-0723 | 1 Microsoft | 1 Java Virtual Machine | 2017-07-10 | 6.4 MEDIUM | N/A |
| Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java." | |||||
| CVE-2004-0724 | 1 Valve Software | 2 Half-life, Half-life Dedicated Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet. | |||||
| CVE-2004-0728 | 1 Microsoft | 1 Systems Management Server | 2017-07-10 | 5.0 MEDIUM | N/A |
| The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address. | |||||
| CVE-2004-0729 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 5.0 MEDIUM | N/A |
| PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message. | |||||
| CVE-2004-0730 | 1 Phpbb Group | 1 Phpbb | 2017-07-10 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php. | |||||
| CVE-2004-0731 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. | |||||
| CVE-2004-0732 | 1 Francisco Burzi | 1 Php-nuke | 2017-07-10 | 7.5 HIGH | N/A |
| SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. | |||||
| CVE-2004-0734 | 1 Extropia | 1 Extropia Webstore | 2017-07-10 | 7.5 HIGH | N/A |
| Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. | |||||