Uncategorized CVEs — 2004 (Page 3/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2004-12-31

Medium

CVE-2004-2279

Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2280

Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by…

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2281

Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2)…

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2282

DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2283

Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2284

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.

CVSS: 10.0CWE: N/A

High

CVE-2004-2286

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2287

Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2288

Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.

CVSS: 4.3CWE: N/A

Critical

CVE-2004-2289

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated wit…

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2453

Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

High

CVE-2004-2515

Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line…

CVSS: 7.2CWE: N/A

High

CVE-2004-2455

Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting th…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2637

The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypa…

CVSS: 6.4CWE: N/A

Medium

CVE-2004-2624

Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2625

Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.

CVSS: 5.1CWE: N/A

Low

CVE-2004-2626

GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.

CVSS: 3.7CWE: N/A

Critical

CVE-2004-2627

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2628

Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-d…

CVSS: 5.0CWE: N/A

High

CVE-2004-2629

Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference S…

CVSS: 7.8CWE: N/A

High

CVE-2004-2630

The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in uns…

CVSS: 7.5CWE: N/A

High

CVE-2004-2631

Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.

CVSS: 7.5CWE: N/A

High

CVE-2004-2632

phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2633

Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.

CVSS: 5.1CWE: N/A

Medium

CVE-2004-2634

The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.

CVSS: 6.2CWE: N/A

High

CVE-2004-2635

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2636

TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.

CVSS: 5.0CWE: N/A

High

CVE-2004-2638

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.

CVSS: 7.5CWE: N/A

Critical

CVE-2004-2622

AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrato…

CVSS: 10.0CWE: N/A

High

CVE-2004-2639

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2640

Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2641

Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Ser…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2642

Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.

CVSS: 6.4CWE: N/A

Low

CVE-2004-2643

Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.

CVSS: 3.7CWE: N/A

Critical

CVE-2004-2644

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2645

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2646

The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName va…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2647

Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2648

FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.

CVSS: 1.0CWE: N/A

Medium

CVE-2004-2650

Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock fr…

CVSS: 4.9CWE: N/A

Medium

CVE-2004-2651

Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page…

CVSS: 4.3CWE: N/A

High

CVE-2004-2652

The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packe…

CVSS: 7.8CWE: N/A

Critical

CVE-2004-2623

Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2621

Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates…

CVSS: 4.0CWE: N/A

High

CVE-2004-2456

SQL injection vulnerability in index.php in miniBB 1.7f and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a userinfo action.

CVSS: 7.5CWE: N/A

Low

CVE-2004-2605

aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.

CVSS: 2.1CWE: N/A

Critical

CVE-2004-2590

Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.

CVSS: 10.0CWE: N/A

Low

CVE-2004-2591

The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.

CVSS: 2.1CWE: N/A

High

CVE-2004-2593

Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2594

Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "\/" in a pathname argument, as de…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2595

Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download co…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2597

Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is al…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2598

Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then re…

CVSS: 5.0CWE: N/A

Low

CVE-2004-2599

Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2600

The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2601

PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to inc/skin.p…

CVSS: 6.4CWE: N/A

Medium

CVE-2004-2602

PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.

CVSS: 6.8CWE: N/A

Medium

CVE-2004-2603

Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2604

Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter.

CVSS: 4.3CWE: N/A

High

CVE-2004-2606

The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration sp…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2620

The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.

CVSS: 5.0CWE: N/A

Low

CVE-2004-2607

A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2608

SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive informa…

CVSS: 5.0CWE: CWE-264

Low

CVE-2004-2609

The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four "stuff…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2610

mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerabi…

CVSS: 4.6CWE: N/A

Medium

CVE-2004-2611

The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and…

CVSS: 4.6CWE: N/A

High

CVE-2004-2612

BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.

CVSS: 7.5CWE: N/A

Critical

CVE-2004-2613

Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and a…

CVSS: 10.0CWE: N/A

High

CVE-2004-2614

Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2615

The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false n…

CVSS: 4.6CWE: N/A

Medium

CVE-2004-2616

The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.

CVSS: 4.0CWE: N/A

Medium

CVE-2004-2617

Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2618

Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).

CVSS: 4.3CWE: N/A

High

CVE-2004-2619

ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.

CVSS: 7.5CWE: N/A

High

CVE-2004-2653

Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2654

The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigge…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2655

rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the…

CVSS: 5.4CWE: N/A

Low

CVE-2004-2722

Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has disputed this issue

CVSS: 2.1CWE: CWE-255

Critical

CVE-2004-2692

The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not h…

CVSS: 9.3CWE: CWE-16

High

CVE-2004-2693

HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.

CVSS: 7.2CWE: CWE-264

Medium

CVE-2004-2694

Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE…

CVSS: 5.8CWE: CWE-264

Medium

CVE-2004-2696

BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for differ…

CVSS: 5.5CWE: CWE-255

Medium

CVE-2004-2699

deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.

CVSS: 4.3CWE: CWE-264

Critical

CVE-2004-2700

Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.

CVSS: 9.0CWE: CWE-264

Medium

CVE-2004-2703

Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted…

CVSS: 4.3CWE: CWE-310

Medium

CVE-2004-2705

Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsre…

CVSS: 5.0CWE: N/A

High

CVE-2004-2707

Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2708

Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.

CVSS: 5.0CWE: CWE-255

Low

CVE-2004-2713

Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissio…

CVSS: 1.9CWE: CWE-264

Medium

CVE-2004-2718

PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.

CVSS: 4.3CWE: CWE-264

Medium

CVE-2004-2721

The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt mes…

CVSS: 4.3CWE: CWE-310

Low

CVE-2004-2723

NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.

CVSS: 2.1CWE: CWE-255

Medium

CVE-2004-2656

Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2726

HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and appli…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2729

Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.

CVSS: 4.4CWE: CWE-264

Medium

CVE-2004-2730

Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) Ps…

CVSS: 4.6CWE: CWE-264

Medium

CVE-2004-2731

Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arb…

CVSS: 4.4CWE: CWE-189

Medium

CVE-2004-2733

Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic…

CVSS: 5.8CWE: CWE-264

High

CVE-2004-2739

The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.

CVSS: 7.5CWE: CWE-264

Medium

CVE-2004-2743

upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.

CVSS: 6.4CWE: CWE-264

Medium

CVE-2004-2744

Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2753

Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "fil…

CVSS: 5.6CWE: N/A

High

CVE-2004-2758

Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), a…

CVSS: 7.5CWE: N/A

Low

CVE-2004-2759

Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by acce…

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2760

sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt wi…

CVSS: 6.8CWE: CWE-16

Medium

CVE-2004-2191

Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl paramete…

CVSS: 4.3CWE: N/A

High

CVE-2004-2691

Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web man…

CVSS: 7.1CWE: N/A

High

CVE-2004-2690

Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.

CVSS: 8.5CWE: N/A

Critical

CVE-2004-2689

NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.

CVSS: 10.0CWE: CWE-264

Critical

CVE-2004-2687

distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed…

CVSS: 9.3CWE: CWE-16

Low

CVE-2004-2657

Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a…

CVSS: 1.7CWE: N/A

Low

CVE-2004-2658

resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-2660

Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.

CVSS: 4.9CWE: N/A

Medium

CVE-2004-2661

Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2662

Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but conti…

CVSS: 5.0CWE: N/A

High

CVE-2004-2663

The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2664

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2665

Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service vi…

CVSS: 4.9CWE: N/A

Medium

CVE-2004-2666

Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (privat…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2667

Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS: 6.8CWE: N/A