Uncategorized CVEs — 2004 (Page 8/19)

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0

2004-12-31

Medium

CVE-2004-2177

Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3CWE: N/A

High

CVE-2004-2178

SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2179

asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2180

Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show paramete…

CVSS: 4.3CWE: N/A

High

CVE-2004-2181

Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id pa…

CVSS: 7.5CWE: N/A

High

CVE-2004-2183

Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2184

Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) p…

CVSS: 6.4CWE: N/A

Medium

CVE-2004-2185

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page view…

CVSS: 6.8CWE: N/A

High

CVE-2004-2186

SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2187

Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2188

Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

CVSS: 4.3CWE: N/A

High

CVE-2004-1573

The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.

CVSS: 7.2CWE: N/A

Critical

CVE-2004-2159

Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.

CVSS: 10.0CWE: N/A

High

CVE-2004-2158

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2157

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (…

CVSS: 4.3CWE: N/A

Critical

CVE-2004-2156

Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

Critical

CVE-2004-2114

Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.

CVSS: 10.0CWE: N/A

Medium

CVE-2004-2115

Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Server 1.3.22, based on Apache, allow remote attackers to execute arbitrary script as other users via the (1) action, (2) username,…

CVSS: 6.8CWE: N/A

Medium

CVE-2004-2116

Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2118

Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2119

Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2121

Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2123

Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.a…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-2124

The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2125

Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI fil…

CVSS: 4.6CWE: N/A

Medium

CVE-2004-2126

The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users…

CVSS: 4.6CWE: N/A

Medium

CVE-2004-2128

Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll.

CVSS: 6.8CWE: N/A

Medium

CVE-2004-2129

SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2137

Outlook Express 6.0, when sending multipart e-mail messages using the "Break apart messages larger than" setting, leaks the BCC recipients of the message to the addresses listed in the To and CC fiel…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2138

Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScripts MySQLGuest allows remote attackers to inject arbitrary HTML and PHP code via the (1) Name, (2) Email, (3) Homepage or (4) Com…

CVSS: 6.8CWE: N/A

High

CVE-2004-2139

Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows attackers to execute arbitrary code via settings.pl.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2140

CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote attackers to modify text file contents via the subject variable.

CVSS: 5.0CWE: N/A

Critical

CVE-2004-2142

Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

High

CVE-2004-2143

SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in th…

CVSS: 7.5CWE: N/A

High

CVE-2004-2145

SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memb…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-2146

CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2147

Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage ret…

CVSS: 5.0CWE: N/A

High

CVE-2004-2148

Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors.

CVSS: 7.2CWE: N/A

Medium

CVE-2004-2149

Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2151

Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-2152

Cross-site scripting (XSS) vulnerability in 'raw' page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML.

CVSS: 4.3CWE: N/A

Critical

CVE-2004-2153

Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.

CVSS: 10.0CWE: N/A

High

CVE-2004-2155

Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1953

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1879

Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.

CVSS: 4.3CWE: N/A

High

CVE-2004-1949

SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset paramete…

CVSS: 7.5CWE: N/A

High

CVE-2004-1782

athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.

CVSS: 7.5CWE: N/A

Low

CVE-2004-1753

The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, and Firefox 0.9.3 on MacOS X 10.3.5, when tabbed browsing is enabled, does not properly handle SetWindow(NULL) calls, which allo…

CVSS: 2.6CWE: N/A

High

CVE-2004-1755

The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after th…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1757

BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.

CVSS: 4.6CWE: N/A

High

CVE-2004-1762

Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.

CVSS: 7.5CWE: N/A

Critical

CVE-2004-1763

Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project n…

CVSS: 10.0CWE: N/A

High

CVE-2004-1765

Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.

CVSS: 7.5CWE: N/A

High

CVE-2004-1767

The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.

CVSS: 7.2CWE: CWE-264

Medium

CVE-2004-1772

Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.

CVSS: 4.6CWE: N/A

High

CVE-2004-1773

Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1775

Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1779

Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-1780

Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.

CVSS: 4.6CWE: N/A

Medium

CVE-2004-1781

Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.

CVSS: 4.6CWE: N/A

High

CVE-2004-1783

Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1801

Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

CVSS: 5.0CWE: N/A

High

CVE-2004-1787

SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1788

ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to ma…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1789

Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-1790

Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL.

CVSS: 4.3CWE: N/A

High

CVE-2004-1791

The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remo…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1792

swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000).

CVSS: 5.0CWE: N/A

High

CVE-2004-1793

Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.ht…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1794

Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard.

CVSS: 4.3CWE: N/A

Low

CVE-2004-1795

Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.

CVSS: 2.1CWE: N/A

High

CVE-2004-1796

PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) confi…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1797

Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-1798

RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:…

CVSS: 5.1CWE: N/A

High

CVE-2004-1799

PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1750

RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900.

CVSS: 5.0CWE: N/A

Low

CVE-2004-1748

NtRegmon before 6.12 allows local users to cause a denial of service (crash), while NtRegmon is running, via invalid pointers to hook functions such as ZwSetQueryValue.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-1747

Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-1746

Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.

CVSS: 4.3CWE: N/A

High

CVE-2004-1574

Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote attackers to execute arbitrary code via a message with a long first field.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1575

The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1576

Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a chat message.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1577

index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1578

Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.

CVSS: 4.3CWE: N/A

Medium

CVE-2004-1579

index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.

CVSS: 5.0CWE: N/A

High

CVE-2004-1580

SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1581

BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.

CVSS: 5.0CWE: N/A

High

CVE-2004-1582

PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1583

Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, o…

CVSS: 6.4CWE: N/A

Medium

CVE-2004-1584

CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1585

Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.

CVSS: 5.0CWE: N/A

Low

CVE-2004-1586

Flash Messaging clients can ignore disconnecting commands such as "shutdown" from the Flash Messaging Server 5.2.0g (rev 1.1.2), which could allow remote attackers to stay connected.

CVSS: 2.1CWE: N/A

Medium

CVE-2004-1587

Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allo…

CVSS: 5.0CWE: N/A

High

CVE-2004-1588

SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1589

Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID paramet…

CVSS: 4.3CWE: N/A

Medium

CVE-2004-1590

Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.

CVSS: 5.0CWE: N/A

High

CVE-2004-1591

The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remo…

CVSS: 7.5CWE: N/A

High

CVE-2004-1592

PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a re…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1593

Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.

CVSS: 4.3CWE: N/A

High

CVE-2004-1666

Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN servers to execute arbitrary code via a long string that ends in a newline character.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1723

The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an…

CVSS: 5.0CWE: N/A

High

CVE-2004-1725

Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1730

Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup…

CVSS: 4.3CWE: N/A

High

CVE-2004-1734

PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter t…

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1736

Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the…

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1738

Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.

CVSS: 4.3CWE: N/A

High

CVE-2004-1800

Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1761

Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1802

Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1899

The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1882

Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter.

CVSS: 4.3CWE: N/A

High

CVE-2004-1883

Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) ma…

CVSS: 7.2CWE: N/A

Medium

CVE-2004-1887

Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null).

CVSS: 5.0CWE: N/A

High

CVE-2004-1888

display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1889

Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows.

CVSS: 5.0CWE: N/A

Medium

CVE-2004-1891

The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.

CVSS: 5.0CWE: N/A

High

CVE-2004-1892

Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.

CVSS: 7.5CWE: N/A

Medium

CVE-2004-1893

Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows r…

CVSS: 5.0CWE: N/A

Low

CVE-2004-1894

TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log.

CVSS: 2.1CWE: N/A

Low

CVE-2004-1895

YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies.

CVSS: 2.1CWE: N/A