Uncategorized CVEs — 2004 (Page 2/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2004-12-31

High

CVE-2004-2418

Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.

CVSS: 7.2CWE: N/A

Low

CVE-2004-2419

Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2420

Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets.

CVSS: 5.0CWE: N/A

High

CVE-2004-2326

SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was lat…

CVSS: 7.5CWE: N/A

High

CVE-2004-2266

SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.

CVSS: 7.5CWE: N/A

High

CVE-2004-2324

SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkCl…

CVSS: 7.5CWE: N/A

High

CVE-2004-2239

Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2226

Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2227

Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.

CVSS: 5.0CWE: N/A

High

CVE-2004-2228

Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges.

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2229

Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.

CVSS: 4.6CWE: N/A

Low

CVE-2004-2230

Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.

CVSS: 2.1CWE: N/A

Low

CVE-2004-2231

Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.

CVSS: 1.2CWE: N/A

High

CVE-2004-2232

SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.

CVSS: 7.5CWE: N/A

Critical

CVE-2004-2233

Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

High

CVE-2004-2234

Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.

CVSS: 7.5CWE: N/A

Critical

CVE-2004-2235

Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2236

Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2237

Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2238

Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when…

CVSS: 5.0CWE: N/A

High

CVE-2004-2240

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2224

Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2241

Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2242

Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.

CVSS: 4.3CWE: N/A

High

CVE-2004-2243

Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected ver…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2244

The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2245

Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpi…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2246

Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.

CVSS: 4.3CWE: N/A

Critical

CVE-2004-2247

Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2248

Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."

CVSS: 10.0CWE: N/A

High

CVE-2004-2249

Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.

CVSS: 7.5CWE: N/A

High

CVE-2004-2250

Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2251

The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2253

Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.

CVSS: 5.0CWE: N/A

High

CVE-2004-2254

SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2225

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2223

FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2323

DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to obtain sensitive information, including the SQL server username and password, via a GET request for source or c…

CVSS: 5.0CWE: N/A

High

CVE-2004-2206

SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2193

Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2194

MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2195

PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2196

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) de…

CVSS: 5.0CWE: N/A

High

CVE-2004-2197

kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2198

account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.

CVSS: 6.4CWE: N/A

Medium

CVE-2004-2199

Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2200

Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.

CVSS: 4.3CWE: N/A

High

CVE-2004-2201

SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail…

CVSS: 7.5CWE: N/A

High

CVE-2004-2202

Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (…

CVSS: 7.5CWE: N/A

High

CVE-2004-2203

Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories.

CVSS: 7.5CWE: N/A

High

CVE-2004-2204

Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administ…

CVSS: 7.2CWE: N/A

High

CVE-2004-2205

Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2207

Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2222

Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2208

CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.

CVSS: 5.0CWE: N/A

High

CVE-2004-2209

SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2210

Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other e…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2211

Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to pos…

CVSS: 4.3CWE: N/A

High

CVE-2004-2212

SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2213

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2215

RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.

CVSS: 4.6CWE: N/A

Medium

CVE-2004-2216

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (c…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2217

Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

CVSS: 5.0CWE: N/A

High

CVE-2004-2218

SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.

CVSS: 7.5CWE: N/A

Low

CVE-2004-2219

Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.b…

CVSS: 2.6CWE: N/A

Medium

CVE-2004-2220

F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.

CVSS: 5.0CWE: N/A

High

CVE-2004-2221

Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2255

Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a templat…

CVSS: 6.4CWE: N/A

Medium

CVE-2004-2256

Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2258

Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the or…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2307

Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2294

Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences…

CVSS: 4.3CWE: N/A

High

CVE-2004-2295

SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2296

The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2297

The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2298

Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store da…

CVSS: 6.4CWE: N/A

High

CVE-2004-2299

Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.

CVSS: 7.5CWE: N/A

High

CVE-2004-2300

Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether th…

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2301

Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2302

Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in…

CVSS: 2.6CWE: N/A

Low

CVE-2004-2303

MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.

CVSS: 3.6CWE: N/A

High

CVE-2004-2304

Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that t…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2305

Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the pas…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2306

Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, whic…

CVSS: 4.6CWE: N/A

Medium

CVE-2004-2308

Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2259

vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2309

Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2310

Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.

CVSS: 4.3CWE: N/A

Low

CVE-2004-2311

Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.

CVSS: 3.6CWE: N/A

High

CVE-2004-2312

Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2313

Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to…

CVSS: 5.0CWE: N/A

High

CVE-2004-2314

The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2315

Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via an empty OPTIONS request.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2316

Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to cause a denial of service (crash) via a GET request containing an MS-DOS device name such as COM1.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2317

Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2318

The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0b through 2.2k1 allows remote attackers to cause a temporary denial of service (crash) via requests with two percent (%) signs in…

CVSS: 5.0CWE: N/A

Low

CVE-2004-2319

IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users to (1) create or overwrite files via the /001 log file to onedcu or (2) read arbitrary files via a symlink attack on a file in /tm…

CVSS: 3.6CWE: N/A

Low

CVE-2004-2321

BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users in the Operator role to obtain administrator passwords via MBean attributes, including (1) ServerStartMBean.Password and (2) Nod…

CVSS: 2.1CWE: N/A

High

CVE-2004-2322

SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2293

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encycl…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2292

Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server.

CVSS: 5.0CWE: N/A

High

CVE-2004-2291

Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target scr…

CVSS: 7.5CWE: N/A

High

CVE-2004-2290

Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2261

Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.

CVSS: 4.3CWE: N/A

High

CVE-2004-2263

SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2264

Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings…

CVSS: 6.4CWE: N/A

High

CVE-2004-2265

UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.

CVSS: 7.2CWE: N/A

Low

CVE-2004-2454

aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive information such as hashed passwords from (1) hotlog.htm and (2) config.xml.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2267

Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2268

PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.

CVSS: 5.0CWE: N/A

High

CVE-2004-2269

Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally…

CVSS: 7.2CWE: N/A

High

CVE-2004-2270

Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.

CVSS: 7.2CWE: N/A

High

CVE-2004-2271

Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2272

Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2273

efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2274

Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.

CVSS: 6.4CWE: N/A

Critical

CVE-2004-2275

i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.

CVSS: 10.0CWE: N/A

Low

CVE-2004-2276

F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2277

Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2278

Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors.

CVSS: 4.3CWE: N/A