Uncategorized CVEs — 2004 (Page 1/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2004-12-31

Medium

CVE-2004-2328

Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers to cause a denial of service (infinite loop) via an e-mail with a crafted RAR archive attached.

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2359

Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessi…

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2361

Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0, allows remote attackers to cause a denial of service (crash) via a chat message with a large…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2362

PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonst…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2363

Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encode…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2364

Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator…

CVSS: 5.0CWE: N/A

Low

CVE-2004-2365

Memory leak in Microsoft Windows XP and Windows Server 2003 allows local users to cause a denial of service (memory exhaustion) by repeatedly creating and deleting directories using a non-standard to…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2366

Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2367

The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows remote authenticated users to cause a denial of service (crash) via a long FTP command.

CVSS: 5.0CWE: N/A

High

CVE-2004-2368

PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2369

Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 6.5.1 allows attackers to create and detect directories via a .. (dot dot) in the directory creation command.

CVSS: 6.4CWE: N/A

High

CVE-2004-2370

Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillian Pro 1.0 through 2.01 allows remote attackers to execute arbitrary code via a Yahoo Messenger packet with a long key name.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2371

Multiple Red Storm web-based games, including Ghost Recon 1.4 and earlier, Desert Siege, and The Sum of all Fears 1.1.1.0 and earlier, do not properly check return values from certain functions, whic…

CVSS: 5.0CWE: N/A

High

CVE-2004-2372

Buffer overflow in Bochs before 2.1.1, if installed setuid, allows local users to execute arbitrary code via a long HOME environment variable, which is used if the .bochsrc, bochsrc, and bochsrc.txt…

CVSS: 7.2CWE: N/A

High

CVE-2004-2373

The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is created in a predictable location, which may allow remote attackers to use a shell: URI to exploit other vulnerabilities that in…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2374

BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.

CVSS: 5.0CWE: N/A

High

CVE-2004-2375

Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an APOP USER command with a long s…

CVSS: 7.5CWE: N/A

High

CVE-2004-2376

Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request with a lon…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2377

Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-ch…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2378

@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2379

Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2380

Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a .. (dot dot) in the attfile parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2381

HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2382

The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2327

Vizer Web Server 1.9.1 allows remote attackers to cause a denial of service (crash) via multiple malformed requests including (1) requests without GET, (2) GET requests without HTTP, (3) or long GET…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2383

Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript th…

CVSS: 5.1CWE: N/A

Medium

CVE-2004-2384

NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the c…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2385

EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.

CVSS: 5.0CWE: N/A

High

CVE-2004-2387

Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2360

Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2358

Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter.

CVSS: 4.3CWE: N/A

High

CVE-2004-2329

Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges…

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2357

The embedded MySQL 4.0 server for Proofpoint Protection Server does not require a password for the root user of MySQL, which allows remote attackers to read or modify the backend database.

CVSS: 6.4CWE: N/A

Medium

CVE-2004-2330

ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a denial of service via an HTTP request containing a large number of form fields.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2332

Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form before 1.13 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2333

Bodington 2.1.0 RC1 and earlier does not secure the file upload area, which allows remote attackers to read uploaded files.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2334

Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2.7 allow remote attackers to inject arbitrary web script or HTML via (1) a hex-encoded value to the variable parameter in emumail…

CVSS: 4.3CWE: N/A

High

CVE-2004-2335

The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and wr…

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2336

Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 through 6.5, when running with Apache Web Server 1.3 for NetWare where Apache is loaded using GWAPACHE.CONF, allows remote attack…

CVSS: 5.0CWE: N/A

Low

CVE-2004-2337

The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed with world readable permissions, which allows local users to obtain user POP3 credentials.

CVSS: 2.1CWE: N/A

High

CVE-2004-2338

OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.

CVSS: 7.5CWE: N/A

High

CVE-2004-2339

Microsoft Windows 2000, XP, and possibly 2003 allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl f…

CVSS: 8.4CWE: N/A

High

CVE-2004-2340

** UNVERIFIABLE ** SQL injection vulnerability in PunkBuster Screenshot Database (PB-DB) Alpha 6 allows remote attackers to execute arbitrary SQL commands via the username and password fields of the…

CVSS: 7.5CWE: N/A

High

CVE-2004-2341

PHP file include injection vulnerability in isearch.inc.php for iSearch allows remote attackers to execute arbitrary code via the isearch_path parameter.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2342

ChatterBox 2.0 allows remote attackers to cause a denial of service (server crash) via a malformed request to the server, as demonstrated using "aaaaaa".

CVSS: 5.0CWE: N/A

High

CVE-2004-2343

Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive.…

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2344

Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW120 and VGW480 allows remote attackers to cause a denial of service.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2345

Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, 9.0.1.5, 9.2.0.3, and 9.2.0.4 allow local users with the ability to invoke SQL to cause a denial of service or obtain sensitive i…

CVSS: 6.5CWE: N/A

Medium

CVE-2004-2346

Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Server 1.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Subject field in post1.htm and (2) th…

CVSS: 4.3CWE: N/A

High

CVE-2004-2347

blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2348

Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to cause a denial of service (hang) via an encrypted ZIP file with the "include full path info" option set, as used by certain vari…

CVSS: 5.0CWE: N/A

High

CVE-2004-2349

Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow remote attackers to execute arbitrary SQL queries.

CVSS: 7.5CWE: N/A

High

CVE-2004-2350

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2351

Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) name, (2) email, (3) city, and…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2352

Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $_COOKIE PHP variable, which is no…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2353

BugPort before 1.099 stores its configuration file (conf/config.conf) under the web document root with a file extension that is not normally parsed by web servers, which allows remote attackers to ob…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2389

Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2354

SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 through 6.9 allows remote attackers to modify SQL statements via the entry parameter to modules.php, which can also facilitate cross-s…

CVSS: 6.8CWE: N/A

Medium

CVE-2004-2355

Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (CSLH) before 2.7.4 allows remote attackers to inject arbitrary web script or HTML via the name field of a livehelp or chat session.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2356

Early termination vulnerability in Fizmez Web Server 1.0 allows remote attackers to cause a denial of service (crash) by connecting to the server and then disconnecting without sending any data, whic…

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2388

rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges…

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2448

S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the databa…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2390

The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unkn…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2438

Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.

CVSS: 4.3CWE: N/A

High

CVE-2004-2425

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query stri…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2426

Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST requ…

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2427

Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi…

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2428

Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext usern…

CVSS: 5.0CWE: N/A

High

CVE-2004-2429

Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline fun…

CVSS: 7.5CWE: N/A

High

CVE-2004-2430

Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privilege…

CVSS: 7.2CWE: N/A

High

CVE-2004-2431

Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2432

WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow.

CVSS: 5.0CWE: N/A

High

CVE-2004-2433

Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6,…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2434

Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the use…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2435

Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HT…

CVSS: 4.3CWE: N/A

Low

CVE-2004-2436

Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.

CVSS: 2.1CWE: N/A

High

CVE-2004-2437

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id paramete…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2439

The remote upgrade capability in HP LaserJet 4200 and 4300 printers does not require a password, which allows remote attackers to upgrade firmware.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2391

Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty <priority/> tag.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2440

Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlier allows local users to obtain proxy credentials (username or password) of other users.

CVSS: 2.1CWE: N/A

Critical

CVE-2004-2441

Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2442

Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Ser…

CVSS: 5.0CWE: N/A

High

CVE-2004-2443

Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged sess…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2444

Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2445

Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows remote attackers to view arbitrary files via a .. (dot dot) in the gadget parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2446

Directory traversal vulnerability in 1st Class Mail Server 4.01 allows remote attackers to read arbitrary files via a ".." (dot dot) sequences in unknown vectors.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2447

Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 allows remote attackers to inject arbitrary web script or HTML via the Mailbox parameter to (1) viewmail.tagz, (2) the index scr…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2325

Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to inject arbitrary web script or HTML.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2449

Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2450

The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2451

Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2452

Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01-01, 01-02, 02-01, 02-02, 02-03, and other versions allows remote attackers to obtain sensitive information in the <ut:cache> tag…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2424

BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the s…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2423

Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2422

Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web M…

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2421

Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain admin…

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2392

libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

CVSS: 5.0CWE: N/A

High

CVE-2004-2393

Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/T…

CVSS: 7.5CWE: N/A

Low

CVE-2004-2394

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of t…

CVSS: 2.1CWE: N/A

Low

CVE-2004-2395

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

CVSS: 2.1CWE: N/A

High

CVE-2004-2396

passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.

CVSS: 7.2CWE: N/A

Low

CVE-2004-2398

Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the f…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2399

Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2400

WinFTP Server 1.6 stores username and password credentials in plaintext in the data\user.wfd file, which allows local users to gain access to the credentials.

CVSS: 2.1CWE: N/A

High

CVE-2004-2401

Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2402

Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that…

CVSS: 4.3CWE: N/A

Critical

CVE-2004-2403

Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specif…

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2405

Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module rest…

CVSS: 6.4CWE: N/A

Critical

CVE-2004-2406

Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2407

Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.

CVSS: 10.0CWE: N/A

Low

CVE-2004-2408

Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earlier shares /proc permissions across all virtual and host servers, which allows local users with the ability to set permissions in…

CVSS: 3.6CWE: N/A

High

CVE-2004-2409

Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.

CVSS: 7.2CWE: N/A

Low

CVE-2004-2410

Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2411

The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks t…

CVSS: 4.3CWE: N/A

High

CVE-2004-2412

Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) s…

CVSS: 7.5CWE: N/A

High

CVE-2004-2413

SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to…

CVSS: 7.5CWE: N/A

Low

CVE-2004-2414

Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Overlay CDs and performing a custom installation with OpenSSH, includes sensitive password information in the (1) NIOUTPUT.TXT and (2…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2415

Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.

CVSS: 5.0CWE: N/A

High

CVE-2004-2416

Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.

CVSS: 7.5CWE: N/A

High

CVE-2004-2417

Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, whi…

CVSS: 7.5CWE: N/A