CVE Daily
← All years

Uncategorized 2004

Page 7/19.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2004-12-31
Medium

CVE-2004-1431

FormMail.php 5.0, and possibly other versions, allows remote attackers to read arbitrary files via a full pathname in the ar_file (auto-reply) parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1432

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a d…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1433

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1434

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (c…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1435

Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a d…

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2004-1402

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.

CVSS: 10.0CWE: N/A
Read more
High

CVE-2004-1401

SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-1400

The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-1399

Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1198

Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested ar…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1200

Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2004-1234

load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL.

CVSS: 2.1CWE: N/A
Read more
Critical

CVE-2004-1236

Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2004-1296

The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2004-1306

Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.

CVSS: 5.1CWE: N/A
Read more
High

CVE-2004-1327

Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-1328

Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.

CVSS: 7.2CWE: N/A
Read more
High

CVE-2004-2189

SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-1332

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-1343

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2004-1382

The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2004-1383

Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to execute arbitrary SQL statements via the (1) order, (2) project_id, (3) pro_main, or (4) hours_…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-1384

Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0.9.16.003 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) kp3, (2) type, (3) msg, (4) forum_…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-1385

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname paramete…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2004-1387

The check_forensic script in apache-utils package 1.3.31 allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

CVSS: 2.1CWE: N/A
Read more
High

CVE-2004-1388

Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests cont…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-1389

Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup…

CVSS: 6.0CWE: N/A
Read more
Critical

CVE-2004-1390

Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscrip…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2004-1391

Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2004-1392

PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1393

Unknown vulnerability in the tcsetattr function for Sun Solaris for SPARC 2.6, 7, and 8 allows local users to cause a denial of service (system hang).

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1394

The pfexec function for Sun Solaris 8 and 9 does not properly handle when a custom profile contains an invalid entry in the exec_attr database, which may allow local users with custom rights profiles…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2004-1395

The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) No one lives forever 2 1.3 and earlier, (3) Tron 2.0 1.042 and earlier, (4) F.E.A.R. (First Encounter Assault and Recon), and po…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2004-1396

Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data…

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2004-1397

Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-1398

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2004-1570

SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote attackers to execute arbitrary SQL commands via the p parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-1330

Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.

CVSS: 7.2CWE: N/A
Read more
Medium

CVE-2004-1572

AJ-Fork 167 does not restrict access to directories such as (1) data, (2) inc, (3) plugins, (4) skins, or (5) tools, which allows remote attackers to list files in those directories via a direct HTTP…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2094

Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows remote attackers to inject arbitrary HTML or web script as other users via a URL that contains the script.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2060

ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable b…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2004-2062

SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2063

Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-2065

DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2068

fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2069

sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceed…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2004-2070

The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vul…

CVSS: 7.2CWE: N/A
Read more
High

CVE-2004-2071

Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2072

Cross-site scripting (XSS) vulnerability in index.php for Mambo Open Source 4.6, and possibly earlier versions, allows remote attackers to execute script on other clients via the Itemid parameter.

CVSS: 6.8CWE: N/A
Read more
Medium

CVE-2004-2074

Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2075

Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of service (infinite loop) via a MIME header that is not properly terminated.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2076

Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2081

The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to cause a denial of service (pmsystem.exe crash) by issuing (1) a CD command with a tilde (~) character or dot dot (/../) or (2) a…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2095

Honeyd before 0.8 replies to TCP packets with the SYN and RST flags set, which allows remote attackers to identify IP addresses that are being simulated by Honeyd.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2058

ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2096

Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 final allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into the URL.

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2004-2097

Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/ra…

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2004-2098

Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5.0 allows remote attackers to execute arbitrary script as other users via the HTML banner view/preview capability.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2099

Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), version 242 and earlier, allows remote attackers (servers) to execute arbitrary code via long (1) gamename, (2) gamever, (3) hostnam…

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2004-2100

GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2101

The sysinfo script in GeoHttpServer allows remote attackers to cause a denial of service (crash) via a long pwd parameter, possibly triggering a buffer overflow.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2102

Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified version of thttpd, allows remote attackers to inject arbitrary web script or HTML via the test parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2103

Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for…

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2104

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to obtain sensitive server information, including the internal IP address, via a direct request to (1) snoop.jsp, (2) SnoopSer…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2105

The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to read arbitrary .htt files via a full pathname in the error parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2106

Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to list directories via a direct request to (1) /com/, (2) /com/novell/, (3) /com/novell/webaccess, or (4) /ns-icons/.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2004-2107

Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not authenticate FHTTP commands on TCP port 3141, which allows remote attackers to use the finjan-parameter-type header to (1) restart…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2108

Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote attackers to execute arbitrary SQL commands via certain parameters to (1) search.asp, (2) browse.asp, (3) details.asp, (4) showc…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2059

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parame…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2004-2057

SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-1951

xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename option…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2019

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2004-1955

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-1958

Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-1960

Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-1962

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-1966

Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2010

PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the base_dir parameter to reference a URL on a rem…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2004-2011

msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to cause a denial of service (crash) via a single & (ampersand) in a <Ref href> link, which triggers a parsing error, possibly due t…

CVSS: 2.6CWE: N/A
Read more
High

CVE-2004-2012

The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before settin…

CVSS: 7.2CWE: N/A
Read more
Low

CVE-2004-2014

Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded.

CVSS: 2.6CWE: N/A
Read more
Medium

CVE-2004-2015

Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allows remote attackers to inject arbitrary HTML or web script via (1) iframe, (2) img, or (3) object tags.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-2016

Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earlier allows remote attackers to execute arbitrary code via a long GET request.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2017

Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-2018

PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x through 7.3 allows remote attackers to execute arbitrary PHP code by modifying the modpath parameter to reference a URL on a remot…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2020

Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x through 7.3 allow remote attackers to inject arbitrary HTML or web script into the (1) optionbox parameter in the News module, (2)…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-2056

SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2021

Directory traversal vulnerability in file_manager.php in osCommerce 2.2 allows remote attackers to view arbitrary files via a .. (dot dot) in the filename argument.

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2004-2022

ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a l…

CVSS: 2.1CWE: N/A
Read more
High

CVE-2004-2023

SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 before patch 1, and possibly other versions allows remote attackers to execute arbitrary SQL via the (1) admin_name or (2) admin_pas…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2024

The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2025

SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2026

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2045

The HTTP administration interface on Conceptronic CADSLR1 ADSL router running firmware 3.04n allows remote attackers to cause a denial of service (device reboot) via an HTTP request with a long usern…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2046

Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7.0.1 allows remote attackers to cause a denial of service via unknown attack vectors.

CVSS: 5.0CWE: N/A
Read more
Critical

CVE-2004-2048

radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain acce…

CVSS: 10.0CWE: N/A
Read more
Medium

CVE-2004-2049

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store sensitive usernames and passwords in cleartext in configuration files for the keeper library, which allows attackers to gain acc…

CVSS: 4.6CWE: N/A
Read more
Medium

CVE-2004-2050

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshe…

CVSS: 4.6CWE: N/A
Read more
High

CVE-2004-2052

eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2054

CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to…

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2109

Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.asp or (2) recommend.asp in Q-Shop allow remote attackers to execute arbitrary script and steal the user session ID via Javascript…

CVSS: 6.8CWE: N/A
Read more
High

CVE-2004-2110

SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2112

Directory traversal vulnerability in BremsServer 1.2.4 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in the URL.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2174

Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2160

Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS: 6.4CWE: N/A
Read more
High

CVE-2004-2161

SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2162

Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-2163

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by sp…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2164

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2165

Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname.

CVSS: 5.0CWE: N/A
Read more
High

CVE-2004-2166

The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authenti…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2167

Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) Tr…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2168

BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3).

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2004-2169

Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.

CVSS: 2.1CWE: N/A
Read more
Medium

CVE-2004-2170

Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2004-2171

Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.

CVSS: 4.3CWE: N/A
Read more
High

CVE-2004-2173

SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.

CVSS: 7.5CWE: N/A
Read more
High

CVE-2004-2175

Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.…

CVSS: 7.5CWE: N/A
Read more
Medium

CVE-2004-2113

Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2004-2176

The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that byp…

CVSS: 4.6CWE: N/A
Read more
>