Medium
CVE-2004-1539
Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.
Read moreUncategorized 2004
Page 6/19.
CVEs without a recognized CWE (not present in the CWE map or marked as N/A).
CVSS ≥ 0.0
2004-12-31
High
CVE-2004-1538
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Read moreMedium
CVE-2004-1537
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
Read moreHigh
CVE-2004-1510
WebCalendar allows remote attackers to gain privileges by modifying critical parameters to (1) view_entry.php or (2) upcoming.php.
Read moreMedium
CVE-2004-1511
Hotfoon 4.0 does not notify users before opening links in web browsers, which could allow remote attackers to execute arbitrary code via a certain link sent in a chat window.
Read moreMedium
CVE-2004-1512
Cross-site scripting (XSS) vulnerability in Response_default.html in 04WebServer 1.42 allows remote attackers to execute arbitrary web script or HTML via script code in the URL, which is not quoted i…
Read moreMedium
CVE-2004-1513
04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.
Read moreMedium
CVE-2004-1514
04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2.
Read moreHigh
CVE-2004-1515
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
Read moreMedium
CVE-2004-1516
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_userna…
Read moreHigh
CVE-2004-1517
Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions.
Read moreMedium
CVE-2004-1518
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
Read moreHigh
CVE-2004-1519
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parame…
Read moreMedium
CVE-2004-1520
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
Read moreMedium
CVE-2004-1521
Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitr…
Read moreMedium
CVE-2004-1522
Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings.
Read moreMedium
CVE-2004-1523
Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in…
Read moreMedium
CVE-2004-1524
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.
Read moreMedium
CVE-2004-1525
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command.
Read moreHigh
CVE-2004-1526
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
Read moreMedium
CVE-2004-1527
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is…
Read moreMedium
CVE-2004-1528
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path i…
Read moreMedium
CVE-2004-1529
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year param…
Read moreHigh
CVE-2004-1530
SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.
Read moreHigh
CVE-2004-1531
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
Read moreHigh
CVE-2004-1532
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.
Read moreMedium
CVE-2004-1533
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
Read moreMedium
CVE-2004-1534
ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript.
Read moreHigh
CVE-2004-1535
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to referen…
Read moreHigh
CVE-2004-1536
SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Read moreHigh
CVE-2004-1439
Buffer overflow in BlackJumboDog 3.x allows remote attackers to execute arbitrary code via long FTP commands such as (1) USER, (2) PASS, (3) RETR,(4) CWD, (5) XMKD, and (6) XRMD.
Read moreLow
CVE-2004-1438
The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier allows remote authenticated users, with write access to the repository, to read unauthorized parts of the repository via the svn co…
Read moreHigh
CVE-2004-1437
Multiple buffer overflows in the digest authentication functionality in Pavuk 0.9.28-r2 and earlier allow remote attackers to execute arbitrary code.
Read moreMedium
CVE-2004-0997
Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.
Read moreCritical
CVE-2004-0904
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide…
Read moreMedium
CVE-2004-0906
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, whic…
Read moreMedium
CVE-2004-0907
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow…
Read moreMedium
CVE-2004-0908
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive informa…
Read moreMedium
CVE-2004-0909
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing softwar…
Read moreMedium
CVE-2004-0913
Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configura…
Read moreMedium
CVE-2004-0919
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.
Read moreMedium
CVE-2004-0931
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in t…
Read moreHigh
CVE-2004-0951
The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive informat…
Read moreMedium
CVE-2004-0952
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote…
Read moreMedium
CVE-2004-0979
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operat…
Read moreHigh
CVE-2004-0984
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
Read moreCritical
CVE-2004-0985
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .p…
Read moreLow
CVE-2004-0999
zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.
Read moreLow
CVE-2004-1179
The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories.
Read moreCritical
CVE-2004-1017
Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
Read moreMedium
CVE-2004-1043
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window co…
Read moreMedium
CVE-2004-1049
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, whic…
Read moreCritical
CVE-2004-1050
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discove…
Read moreHigh
CVE-2004-1104
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the le…
Read moreMedium
CVE-2004-1140
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.
Read moreMedium
CVE-2004-1141
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed…
Read moreHigh
CVE-2004-1143
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
Read moreHigh
CVE-2004-1144
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.
Read moreMedium
CVE-2004-1146
Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.
Read moreMedium
CVE-2004-1150
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, a…
Read moreHigh
CVE-2004-1155
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, a…
Read moreMedium
CVE-2004-1156
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a dif…
Read moreMedium
CVE-2004-0829
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demons…
Read moreHigh
CVE-2004-0826
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
Read moreMedium
CVE-2004-0825
QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.
Read moreLow
CVE-2004-0824
PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files.
Read moreCritical
CVE-2004-0090
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
Read moreMedium
CVE-2004-0138
The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers…
Read moreHigh
CVE-2004-0323
Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to inject arbitrary SQL and gain privileges via the (1) ppp parameter in viewthread.php, (2) desc parameter in misc.…
Read moreLow
CVE-2004-0325
TYPSoft FTP Server 1.10 allows remote authenticated users to cause a denial of service (CPU consumption) via "//../" arguments to (1) mkd, (2) xmkd, (3) dele, (4) size, (5) retr, (6) stor, (7) appe,…
Read moreHigh
CVE-2004-0369
Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec Enterprise Firewall 7.0 through 8.0, Gateway Security 5300 1.0, Gateway Security 5400 2.0, and VelociRaptor 1.5, allows remote at…
Read moreHigh
CVE-2004-0390
SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style access control when users log in using scologin, which allows remote attackers to gain unauthorized access to an X session via other…
Read moreCritical
CVE-2004-0429
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.
Read moreLow
CVE-2004-0462
The built-in web servers for multiple networking devices do not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in plaintext o…
Read moreMedium
CVE-2004-0465
Directory traversal vulnerability in jretest.html in WebConnect 6.5 and 6.4.4, and possibly earlier versions, allows remote attackers to read keys within arbitrary INI formatted files via "..//" sequ…
Read moreMedium
CVE-2004-0467
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to…
Read moreLow
CVE-2004-0491
The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not properly maintain the mlock page count when one process unlocks pages that belong to another process, which allows local users to m…
Read moreMedium
CVE-2004-0498
The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.
Read moreLow
CVE-2004-0533
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete…
Read moreHigh
CVE-2004-0555
Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
Read moreHigh
CVE-2004-0560
Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the over…
Read moreHigh
CVE-2004-0561
Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Read moreHigh
CVE-2004-0567
The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP 6a, NT Terminal Server 4.0 SP 6, Windows 2000 Server SP3 and SP4, and Windows Server 2003 does not properly validate the compute…
Read moreMedium
CVE-2004-0592
The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denia…
Read moreHigh
CVE-2004-0780
Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
Read moreMedium
CVE-2004-0789
Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 a…
Read moreMedium
CVE-2004-0802
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
Read moreHigh
CVE-2004-0806
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local us…
Read moreMedium
CVE-2004-0808
The process_logon_packet function in the nmbd server for Samba 3.0.6 and earlier, when domain logons are enabled, allows remote attackers to cause a denial of service via a SAM_UAS_CHANGE request wit…
Read moreHigh
CVE-2004-0811
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication c…
Read moreLow
CVE-2004-0813
Unknown vulnerability in the SG_IO functionality in ide-cd allows local users to bypass read-only access and perform unauthorized write and erase operations.
Read moreHigh
CVE-2004-0817
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
Read moreHigh
CVE-2004-0821
The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
Read moreHigh
CVE-2004-1173
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls…
Read moreHigh
CVE-2004-1182
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostnam…
Read moreHigh
CVE-2004-1436
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote…
Read moreMedium
CVE-2004-1416
pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as used in Internet Explorer, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary…
Read moreHigh
CVE-2004-1403
PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote w…
Read moreHigh
CVE-2004-1404
Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and exe…
Read moreHigh
CVE-2004-1405
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary c…
Read moreHigh
CVE-2004-1406
SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter.
Read moreMedium
CVE-2004-1407
Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete…
Read moreHigh
CVE-2004-1408
The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files.
Read moreMedium
CVE-2004-1409
Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.
Read moreMedium
CVE-2004-1410
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing…
Read moreLow
CVE-2004-1411
Gadu-Gadu build 155 and earlier allows remote attackers to cause a denial of service (infinite loop) via a message that contains an image whose filename does not start with restricted characters.
Read moreMedium
CVE-2004-1412
Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.x allows remote attackers to inject arbitrary web script or HTML via the searchm parameter.
Read moreMedium
CVE-2004-1413
Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow remote attackers to execute arbitrary SQL commands via the (1) subcat, (2) rate, (3) questiondetails, (4) ticketkey22, (5) email22…
Read moreMedium
CVE-2004-1414
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
Read moreMedium
CVE-2004-1415
SQL injection vulnerability in (1) disp_album.php and possibly (2) disp_img.php in 2Bgal 2.4 and 2.5.1 allows remote attackers to execute arbitrary SQL commands via the id_album parameter.
Read moreMedium
CVE-2004-1418
Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an e-mail address, which is not quoted when a parsing error…
Read moreMedium
CVE-2004-1186
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
Read moreMedium
CVE-2004-1420
Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http…
Read moreHigh
CVE-2004-1421
Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, (2) step_one_tables.php, (3) step_two_tables.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to execute arbitrary…
Read moreMedium
CVE-2004-1422
WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.
Read moreMedium
CVE-2004-1425
Directory traversal vulnerability in file.php in Moodle 1.4.2 and earlier allows remote attackers to read arbitrary session files for known session IDs via a .. (dot dot) in the file parameter.
Read moreMedium
CVE-2004-1426
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng…
Read moreHigh
CVE-2004-1427
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a…
Read moreHigh
CVE-2004-1429
ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times that a bad password can be entered, which makes it easier for remote attackers to guess passwords via a brute force attack.
Read moreHigh
CVE-2004-1430
SQL injection vulnerability in the show_stats module in Arcade.php in IbProArcade allows remote attackers to execute arbitrary SQL code via the gameid parameter.
Read more