Medium
CVE-2004-2528
Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
Read moreUncategorized 2004
Page 5/19.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2004-12-31
Medium
CVE-2004-2529
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
Read moreLow
CVE-2004-2530
Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, whic…
Read moreHigh
CVE-2004-2531
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing lon…
Read moreCritical
CVE-2004-2532
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default admi…
Read moreHigh
CVE-2004-2534
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of serv…
Read moreMedium
CVE-2004-2535
The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.
Read moreHigh
CVE-2004-2536
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does…
Read moreCritical
CVE-2004-2537
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
Read moreMedium
CVE-2004-2538
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2)…
Read moreHigh
CVE-2004-2539
Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vector…
Read moreMedium
CVE-2004-2540
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted seri…
Read moreHigh
CVE-2004-2542
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to exe…
Read moreMedium
CVE-2004-2543
Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MI…
Read moreLow
CVE-2004-2544
Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information.
Read moreMedium
CVE-2004-2545
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE:…
Read moreMedium
CVE-2004-2546
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
Read moreLow
CVE-2004-2547
NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a n…
Read moreMedium
CVE-2004-2548
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the scri…
Read moreMedium
CVE-2004-2549
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline char…
Read moreMedium
CVE-2004-2550
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a…
Read moreHigh
CVE-2004-2551
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_sus…
Read moreMedium
CVE-2004-2552
Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called…
Read moreHigh
CVE-2004-2192
SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter.
Read moreHigh
CVE-2004-1885
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.
Read moreMedium
CVE-2004-2190
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
Read moreMedium
CVE-2004-1491
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
Read moreMedium
CVE-2004-1474
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP communit…
Read moreMedium
CVE-2004-1475
Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 allow attackers to execute arbitrary code via (1) long VideoCD vcd:// MRLs or (2) long subtitle lines.
Read moreMedium
CVE-2004-1476
Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc2 through 1-rc5, as derived from libcdio, allows attackers to execute arbitrary code via a VideoCD with an unterminated disk labe…
Read moreMedium
CVE-2004-1477
Cross-site scripting (XSS) vulnerability in the Management Console in JRun 4.0 allows remote attackers to execute arbitrary web script or HTML and possibly hijack a user's session.
Read moreHigh
CVE-2004-1478
JRun 4.0 does not properly generate and handle the JSESSIONID, which allows remote attackers to perform a session fixation attack and hijack a user's HTTP session.
Read moreHigh
CVE-2004-1480
Unknown vulnerability in the management station in HP StorageWorks Command View XP 1.8B and earlier allows remote attackers to bypass access restrictions.
Read moreMedium
CVE-2004-1481
Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12.1040) and earlier, and RealOne Player 1 or 2 on Windows or Mac OS, allows remote attackers to execute arbitrary code via a SMIL f…
Read moreHigh
CVE-2004-1482
The sbuf_getmsg function in BNC incorrectly handles backspace characters, which could allow remote attackers to bypass authentication and gain access to arbitrary scripts.
Read moreCritical
CVE-2004-1483
Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.
Read moreMedium
CVE-2004-1484
Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to exec…
Read moreHigh
CVE-2004-1485
Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote malicious DNS servers to execute arbitrary code via a large DNS response that is handled by the gethostbyname function.
Read moreCritical
CVE-2004-1486
Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object…
Read moreLow
CVE-2004-1490
Opera 7.54 and earlier allows remote attackers to spoof file types in the download dialog via dots and non-breaking spaces (ASCII character code 160) in the (1) Content-Disposition or (2) Content-Typ…
Read moreMedium
CVE-2004-1492
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (game exit) via a data packet that contains a large size specifier, which causes a large memory allocation t…
Read moreMedium
CVE-2004-1472
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 allow remote attackers to cause a denial of service (device freeze) via a fast UDP port scan on the WAN int…
Read moreMedium
CVE-2004-1493
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.
Read moreMedium
CVE-2004-1494
Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 allows remote attackers to cause a denial of service ( CPU consumption or application exit) and possibly execute arbitrary code v…
Read moreLow
CVE-2004-1495
The Repair Archive command in WinRAR 3.40 allows remote attackers to cause a denial of service (application crash) via a corrupt ZIP archive.
Read moreMedium
CVE-2004-1496
Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Power Pack allows remote attackers to read arbitrary files via a URL containing (1) "..\" (dot dot backslash), (2) "../" (dot dot sl…
Read moreMedium
CVE-2004-1497
Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext in the Username.ini file, which allows local users to gain privileges.
Read moreHigh
CVE-2004-1498
SQL injection vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary SQL commands via the messageToUserAccNum parameter.
Read moreMedium
CVE-2004-1499
Cross-site scripting (XSS) vulnerability in the compose message form in HELM 3.1.19 and earlier allows remote attackers to execute arbitrary web script or HTML via the Subject field.
Read moreLow
CVE-2004-1500
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a…
Read moreMedium
CVE-2004-1501
The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) by sending a POST request with a large Content-Length…
Read moreMedium
CVE-2004-1502
The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows remote attackers to cause a denial of service (socket exhaustion) via a Telnet request to an IP address of the proxy's network inte…
Read moreMedium
CVE-2004-1503
Integer overflow in the InitialDirContext in Java Runtime Environment (JRE) 1.4.2, 1.5.0 and possibly other versions allows remote attackers to cause a denial of service (Java exception and failed DN…
Read moreMedium
CVE-2004-1504
The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation p…
Read moreHigh
CVE-2004-1505
Directory traversal vulnerability in index.php in Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to read arbitrary files and possibly execute PHP code via a .. (dot dot) in the show p…
Read moreMedium
CVE-2004-1473
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 allow remote attackers to bypass filter…
Read moreHigh
CVE-2004-1471
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) a…
Read moreMedium
CVE-2004-1571
AJ-Fork 167 allows remote attackers to gain sensitive information via a direct request to (1) auto-acronyms.php, (2) auto-archive.php, (3) ount-article-views.php, (4) kses.php, (5) custom-quick-tags.…
Read moreMedium
CVE-2004-1454
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
Read moreHigh
CVE-2004-1440
Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the m…
Read moreCritical
CVE-2004-1441
Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.04PF allows remote attackers to inject arbitrary web script or HTML via the action parameter.
Read moreMedium
CVE-2004-1442
Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly…
Read moreMedium
CVE-2004-1443
Cross-site scripting (XSS) vulnerability in the inline MIME viewer in Horde-IMP (Internet Messaging Program) 3.2.4 and earlier, when used with Internet Explorer, allows remote attackers to inject arb…
Read moreLow
CVE-2004-1445
A race condition in nessus-adduser in Nessus 2.0.11 and possibly earlier versions, if the TMPDIR environment variable is not set, allows local users to gain privileges.
Read moreMedium
CVE-2004-1446
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Read moreMedium
CVE-2004-1447
Jetbox One 2.0.8 and possibly other versions stores passwords in the database in plaintext, which could allow attackers to gain sensitive information.
Read moreMedium
CVE-2004-1448
Jetbox One 2.0.8 and possibly other versions allow remote attackers with Author privileges in the IMAGES module to upload PHP files and execute arbitrary code.
Read moreLow
CVE-2004-1449
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking th…
Read moreMedium
CVE-2004-1450
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
Read moreLow
CVE-2004-1451
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facili…
Read moreHigh
CVE-2004-1452
Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat g…
Read moreLow
CVE-2004-1453
GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LD_DEBUG for a setuid program, which allows local users to gain sensitive i…
Read moreMedium
CVE-2004-1455
Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
Read moreMedium
CVE-2004-1470
CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions before 1.0b1, allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server.
Read moreHigh
CVE-2004-1456
filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo.
Read moreMedium
CVE-2004-1457
The Virtual Private Network (VPN) capability in Novell Bordermanager 3.8 allows remote attackers to cause a denial of service (ABEND in IKE.NLM) via a malformed IKE packet, as sent by the Striker ISA…
Read moreMedium
CVE-2004-1458
The CSAdmin web administration interface for Cisco Secure Access Control Server (ACS) 3.2(2) build 15 allows remote attackers to cause a denial of service (hang) via a flood of TCP connections to por…
Read moreMedium
CVE-2004-1459
Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) vi…
Read moreHigh
CVE-2004-1460
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers t…
Read moreHigh
CVE-2004-1461
Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers t…
Read moreHigh
CVE-2004-1462
Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete.
Read moreCritical
CVE-2004-1463
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
Read moreLow
CVE-2004-1465
Multiple buffer overflows in WinZip 9.0 and earlier may allow attackers to execute arbitrary code via multiple vectors, including the command line.
Read moreHigh
CVE-2004-1466
The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attac…
Read moreMedium
CVE-2004-1467
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calenda…
Read moreHigh
CVE-2004-1468
The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message.
Read moreHigh
CVE-2004-1469
Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument tha…
Read moreMedium
CVE-2004-1506
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5)…
Read moreMedium
CVE-2004-1507
CRLF injection vulnerability in login.php in WebCalendar allows remote attackers to inject CRLF sequences via the return_path parameter and perform HTTP Response Splitting attacks to modify expected…
Read moreHigh
CVE-2004-1508
init.php in WebCalendar allows remote attackers to execute arbitrary local PHP scripts via the user_inc parameter.
Read moreHigh
CVE-2004-1555
Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter…
Read moreHigh
CVE-2004-1541
SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.
Read moreMedium
CVE-2004-1542
Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.
Read moreMedium
CVE-2004-1543
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
Read moreMedium
CVE-2004-1544
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.
Read moreMedium
CVE-2004-1545
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and…
Read moreMedium
CVE-2004-1546
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST comm…
Read moreMedium
CVE-2004-1547
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow.
Read moreMedium
CVE-2004-1548
Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename.
Read moreMedium
CVE-2004-1549
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network conne…
Read moreHigh
CVE-2004-1550
Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP reque…
Read moreMedium
CVE-2004-1551
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
Read moreHigh
CVE-2004-1552
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
Read moreHigh
CVE-2004-1554
PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a rem…
Read moreMedium
CVE-2004-1556
MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time.
Read moreMedium
CVE-2004-1509
validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message.
Read moreMedium
CVE-2004-1557
MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.
Read moreHigh
CVE-2004-1558
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USE…
Read moreMedium
CVE-2004-1559
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to…
Read moreMedium
CVE-2004-1560
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
Read moreHigh
CVE-2004-1561
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
Read moreHigh
CVE-2004-1562
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
Read moreMedium
CVE-2004-1563
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser…
Read moreMedium
CVE-2004-1564
CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the threa…
Read moreMedium
CVE-2004-1565
list.php in w-Agora 4.1.6a allows remote attackers to reveal the full path via a crafted HTTP request, possibly involving a malformed id parameter.
Read moreMedium
CVE-2004-1566
Cross-site scripting (XSS) vulnerability in index.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to execute arbitrary web script or HTML via the module parameter.
Read moreHigh
CVE-2004-1567
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.
Read moreMedium
CVE-2004-1568
Directory traversal vulnerability in ParaChat Server 5.5 allows remote attackers to read arbitrary files via a ..%5C (hex-encoded dot dot) in the URL.
Read moreMedium
CVE-2004-1569
Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe in dBpowerAMP Audio Player 2.0 and dbPowerAmp Music Converter 10.0 allows remote attackers to cause a denial of service or…
Read moreMedium
CVE-2004-1540
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers…
Read more