Waitman Gobble

irc://irc.y0m4m4.com/ Radio Puke.World Wiki OOO

CVE List 2004 (page: 1)

2021 2020 2019 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2004 2003 2002 2001 2000 1999

Name Description
CVE-2004-2779 id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition [...]
CVE-2004-2778 Ebuild in Gentoo may change directory and file permissions depending on the order of installed packages, which allows local users to read or write to restricted directories or execute restricted [...]
CVE-2004-2777 GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet for the administrator account, (2) webadmin for the webadmin administrator account of the ASACA DVD library, (3) an empty value [...]
CVE-2004-2776 go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) query string or (2) artarchive parameter.
CVE-2004-2771 The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in an email address.
CVE-2004-2769 Cerberus FTP Server before 4.0.3.0 allows remote authenticated users to list hidden files, even when the "Display hidden files" option is enabled, via the (1) MLSD or (2) MLST commands.
CVE-2004-2768 dpkg 1.9.21 does not properly reset the metadata of a file during replacement of the file in a package upgrade, which might allow local users to gain privileges by creating a hard link to a vulnerable [...]
CVE-2004-2767 NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not promptly close DS sessions, which allows remote attackers to cause a denial of service (connection slot exhaustion) by [...]
CVE-2004-2766 Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02 allows remote attackers to obtain unspecified "access" to e-mail via a crafted e-mail message, related to a [...]
CVE-2004-2765 Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5.2 before 5.2hf2.02, when Internet Explorer is used, allows remote attackers to inject [...]
CVE-2004-2764 Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4.1 through 1.4.1_07, and 1.4.0 through 1.4.0_04 allows untrusted applets and unprivileged servlets to gain privileges and read [...]
CVE-2004-2763 The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using [...]
CVE-2004-2762 The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x before 5.1.9.1, 5.1.x before 5.1.10, 5.2.2.x before 5.2.2.3, 5.2.x before 5.2.3, 5.3.x before 5.3.0, and 6.x before 6.1, when the [...]
CVE-2004-2761 The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the [...]
CVE-2004-2760 sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt [...]
CVE-2004-2759 Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by [...]
CVE-2004-2758 Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as [...]
CVE-2004-2757 Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or [...]
CVE-2004-2756 Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id [...]
CVE-2004-2755 Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked [...]
CVE-2004-2754 SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the [...]
CVE-2004-2753 Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of [...]
CVE-2004-2752 Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle [...]
CVE-2004-2751 SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter.
CVE-2004-2750 Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is [...]
CVE-2004-2749 Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in [...]
CVE-2004-2748 viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an [...]
CVE-2004-2747 Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary [...]
CVE-2004-2746 SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
CVE-2004-2745 Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
CVE-2004-2744 Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release."
CVE-2004-2743 upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files.
CVE-2004-2742 Cross-site scripting (XSS) vulnerability in the report viewer in Crystal Enterprise 8.5, 9, and 10 allows remote attackers to inject arbitrary web script or HTML via script in the URL to a report [...]
CVE-2004-2741 Cross-site scripting (XSS) vulnerability in the "help window" (help.php) in Horde Application Framework 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) module, (2) [...]
CVE-2004-2740 PHP remote file inclusion vulnerability in authform.inc.php in PHProjekt 4.2.3 and earlier allows remote attackers to include arbitrary PHP code via a URL in the path_pre parameter.
CVE-2004-2739 The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
CVE-2004-2738 Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroBoard 4.1pl4 and earlier allows remote attackers to inject arbitrary web script or HTML via the user_id parameter.
CVE-2004-2737 SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
CVE-2004-2736 Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
CVE-2004-2735 Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) SET_PREFERENCES parameter in SetPreferences.cgi; (2) BRANCH [...]
CVE-2004-2734 webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access [...]
CVE-2004-2733 Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via [...]
CVE-2004-2732 nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensitive information via the cmd=test option, which can be leveraged to determine the access key.
CVE-2004-2731 Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute [...]
CVE-2004-2730 Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2) PsGetsid before 1.41, (3) PsInfo before 1.61, (4) PsKill before 1.03, (5) PsList before 1.26, (6) PsLoglist before 2.51, (7) [...]
CVE-2004-2729 Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 allows local users to execute arbitrary code by changing the program for handling incoming connections.
CVE-2004-2728 Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
CVE-2004-2727 Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.
CVE-2004-2726 HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and [...]
CVE-2004-2725 Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter in (a) search.php, (2) the email [...]
CVE-2004-2724 LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null [...]
CVE-2004-2723 NessusWX 1.4.4 stores account passwords in plaintext in .session files, which allows local users to obtain passwords.
CVE-2004-2722 ** DISPUTED ** Nessus 2.0.10a stores account passwords in plaintext in .nessusrc files, which allows local users to obtain passwords. NOTE: the original researcher reports that the vendor has [...]
CVE-2004-2721 The CheckGroup function in openSkat VTMF before 2.1 generates public key pairs in which the "p" variable might not be prime, which allows remote attackers to determine the private key and decrypt [...]
CVE-2004-2720 Cross-site scripting (XSS) vulnerability in register.asp in Snitz Forums 2000 3.4.04 and earlier allows remote attackers to inject arbitrary web script or HTML via javascript events in the Email [...]
CVE-2004-2719 Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than [...]
CVE-2004-2718 PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
CVE-2004-2717 Multiple directory traversal vulnerabilities in admin.php3 in PHPMyChat 0.14.5 allow remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the (1) sheet and (2) [...]
CVE-2004-2716 Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck [...]
CVE-2004-2715 edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
CVE-2004-2714 Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string [...]
CVE-2004-2713 ** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%Internet Logs* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents [...]
CVE-2004-2712 Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data."
CVE-2004-2711 Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar [...]
CVE-2004-2710 Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending [...]
CVE-2004-2709 Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors [...]
CVE-2004-2708 Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
CVE-2004-2707 Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP [...]
CVE-2004-2706 Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
CVE-2004-2705 Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq [...]
CVE-2004-2704 Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be [...]
CVE-2004-2703 Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted [...]
CVE-2004-2702 Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might [...]
CVE-2004-2701 Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
CVE-2004-2700 Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.
CVE-2004-2699 deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
CVE-2004-2698 Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink [...]
CVE-2004-2697 The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be [...]
CVE-2004-2696 BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for [...]
CVE-2004-2695 SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the [...]
CVE-2004-2694 Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE [...]
CVE-2004-2693 HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
CVE-2004-2692 The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not [...]
CVE-2004-2691 Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web [...]
CVE-2004-2690 Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
CVE-2004-2689 NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
CVE-2004-2688 Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in [...]
CVE-2004-2687 distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed [...]
CVE-2004-2686 Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: [...]
CVE-2004-2685 Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than [...]
CVE-2004-2684 Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files [...]
CVE-2004-2683 Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
CVE-2004-2682 PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the [...]
CVE-2004-2681 PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.
CVE-2004-2680 mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed [...]
CVE-2004-2679 Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes [...]
CVE-2004-2678 Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges [...]
CVE-2004-2677 Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the [...]
CVE-2004-2676 The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
CVE-2004-2675 ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be [...]
CVE-2004-2674 Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
CVE-2004-2673 Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long [...]
CVE-2004-2672 Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
CVE-2004-2671 mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error [...]
CVE-2004-2670 Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) [...]
CVE-2004-2669 Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d [...]
CVE-2004-2668 SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2667 Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2004-2666 Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private [...]
CVE-2004-2665 Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via [...]
CVE-2004-2664 John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals [...]
CVE-2004-2663 The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a [...]
CVE-2004-2662 Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but [...]
CVE-2004-2661 Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).
CVE-2004-2660 Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
CVE-2004-2659 Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open [...]
CVE-2004-2658 resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
CVE-2004-2657 ** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the [...]
CVE-2004-2656 Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or [...]
CVE-2004-2655 rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the [...]
CVE-2004-2654 The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger [...]
CVE-2004-2653 Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
CVE-2004-2652 The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via [...]
CVE-2004-2651 Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page [...]
CVE-2004-2650 Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock [...]
CVE-2004-2649 Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as "&#32") in the middle of the URL.
CVE-2004-2648 FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.
CVE-2004-2647 Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
CVE-2004-2646 The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName [...]
CVE-2004-2645 Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."
CVE-2004-2644 Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.
CVE-2004-2643 Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
CVE-2004-2642 Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.
CVE-2004-2641 Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of [...]
CVE-2004-2640 Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.
CVE-2004-2639 Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.
CVE-2004-2638 The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
CVE-2004-2637 The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to [...]
CVE-2004-2636 TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
CVE-2004-2635 An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.
CVE-2004-2634 The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.
CVE-2004-2633 Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.
CVE-2004-2632 phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
CVE-2004-2631 Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
CVE-2004-2630 The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in [...]
CVE-2004-2629 Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference [...]
CVE-2004-2628 Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash [...]
CVE-2004-2627 Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
CVE-2004-2626 GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
CVE-2004-2625 Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
CVE-2004-2624 Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.
CVE-2004-2623 Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."
CVE-2004-2622 AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator [...]
CVE-2004-2621 Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates [...]
CVE-2004-2620 The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "r" and "n" characters in headers, which leads to a buffer underflow.
CVE-2004-2619 ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
CVE-2004-2618 Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).
CVE-2004-2617 Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.
CVE-2004-2616 The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to obtain sensitive information by uploading a file, which reveals the path in a success message.
CVE-2004-2615 The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false [...]
CVE-2004-2614 Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
CVE-2004-2613 Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and [...]
CVE-2004-2612 BNC 2.9.0 only grants access when an incorrect password is provided, which allows remote attackers to use the functionality intended for authorized users.
CVE-2004-2611 The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and [...]
CVE-2004-2610 mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a [...]
CVE-2004-2609 The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boot disks allows local users to obtain sensitive information (an unencrypted password for a Windows domain account) via four [...]
CVE-2004-2608 SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news database") under the web document root with insufficient access control, which allows remote attackers to obtain sensitive [...]
CVE-2004-2607 A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to 2.6.5 and 2.4 up to 2.4.29-rc1 allows local users to read portions of kernel memory via a large len argument, which is received [...]
CVE-2004-2606 The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration [...]
CVE-2004-2605 aStats 1.6.5 allows local users to overwrite arbitrary files via a symlink attack on (1) the aStats-Graphic-Signature-Generation file and (2) certain PNG image files.
CVE-2004-2604 Cross-site scripting (XSS) vulnerability in index.php in PHProxy allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2004-2603 Cross-site scripting (XSS) vulnerability in the Search module in UberTec Help Center Live (HCL) allows remote attackers to inject arbitrary web script or HTML via the find parameter to index.php.
CVE-2004-2602 PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) before 1.2.7 allows remote attackers to execute arbitrary PHP code via a URL in the HCL_path parameter to pipe.php.
CVE-2004-2601 PHP remote file inclusion vulnerability in UberTec Help Center Live (HCL) allows remote attackers to read local files and possibly execute PHP code via a URL in the SKIN_inner parameter to [...]
CVE-2004-2600 The firmware for Intelligent Platform Management Interface (IPMI) 1.5-based Intel Server Boards and Platforms is shipped with an Authentication Type Enables parameter set to an invalid None parameter, [...]
CVE-2004-2599 Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
CVE-2004-2598 Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then [...]
CVE-2004-2597 Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is [...]
CVE-2004-2596 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP [...]
CVE-2004-2595 Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download [...]
CVE-2004-2594 Absolute path traversal vulnerability in Quake II server before R1Q2 on Windows, as used in multiple products, allows remote attackers to read arbitrary files via a "/" in a pathname argument, as [...]
CVE-2004-2593 Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary [...]
CVE-2004-2592 Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a modified client that asks the server to send data stored at a [...]
CVE-2004-2591 The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does not properly overwrite data in files, which allows attackers to recover the data.
CVE-2004-2590 Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
CVE-2004-2589 Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.
CVE-2004-2588 Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote attackers to obtain sensitive information such as the configuration of the web [...]
CVE-2004-2587 login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
CVE-2004-2586 Directory traversal vulnerability in frmGetAttachment.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to read arbitrary files via the filename parameter.
CVE-2004-2585 Cross-site scripting (XSS) vulnerability in frmCompose.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to inject arbitrary web script or HTML via Javascript to the [...]
CVE-2004-2584 frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote authenticated users to create a folder that SmarterMail cannot delete or rename via a folder name with a null byte [...]
CVE-2004-2583 SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port [...]
CVE-2004-2582 Novell iChain 2.3 includes the build number in the VIA line of the proxy server's HTTP headers, which allows remote attackers to obtain sensitive information.
CVE-2004-2581 Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."
CVE-2004-2580 Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows remote attackers to obtain login credentials via unspecified vectors.
CVE-2004-2579 ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences [...]
CVE-2004-2578 phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2) setup passwords in plaintext via cookies, which allows remote attackers to sniff passwords.
CVE-2004-2577 The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from [...]
CVE-2004-2576 class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htaccess files to enable authorization checks for access to users' home-directory files, which allows remote attackers to obtain [...]
CVE-2004-2575 phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) [...]
CVE-2004-2574 Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to inject arbitrary web script or HTML via the date parameter in a [...]
CVE-2004-2573 PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir [...]
CVE-2004-2572 AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensitive information by entering (1) invalid characters such as "()" or (2) a large number of characters in the Lookup field on the [...]
CVE-2004-2571 Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote attackers to execute arbitrary code via the (1) parseQmailFromBytesLine, (2) parseQmailToRemoteLine, (3) parseQmailToLocalLine, (4) [...]
CVE-2004-2570 Opera before 7.54 allows remote attackers to modify properties and methods of the location object and execute Javascript to read arbitrary files from the client's local filesystem or display a false [...]
CVE-2004-2569 ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users to overwrite arbitrary files via a symlink attack on the ipmenu.log temporary file.
CVE-2004-2568 Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) user id, (2) recipe id, (3) category id, and (4) other [...]
CVE-2004-2567 Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.
CVE-2004-2566 Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld products, possibly including (1) LiveForum, (2) LiveQ&A, (3) LiveChat, and (4) LiveFocusGroup, allow remote attackers to inject [...]
CVE-2004-2565 Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the [...]
CVE-2004-2564 Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, allow remote attackers to inject arbitrary web script or HTML via (1) [...]
CVE-2004-2563 Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct [...]
CVE-2004-2562 SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2004-2561 Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp [...]
CVE-2004-2560 DokuWiki before 2004-10-19, when used on a web server that permits execution based on file extension, allows remote attackers to execute arbitrary code by uploading a file with an appropriate [...]
CVE-2004-2559 DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of [...]
CVE-2004-2558 Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, Access Manager for e-business 3.9 to 5.1, Access Manager Identity Manager Solution 5.1, Configuration Manager 4.2, Configuration [...]
CVE-2004-2557 NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
CVE-2004-2556 NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the [...]
CVE-2004-2555 Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses weak cryptography (arithmetic and XOR operations) to relate the Control password to the Administrator password, which allows local [...]
CVE-2004-2554 Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Firewall, allows local users to execute arbitrary code with SYSTEM privileges by opening the NCF tray icon and using the Help [...]
CVE-2004-2553 The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode [...]
CVE-2004-2552 Buffer overflow in XBoard 4.2.7 and earlier might allow local users to execute arbitrary code via a long -icshost command line argument. NOTE: since the program is not setuid and not normally called [...]
CVE-2004-2551 Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the [...]
CVE-2004-2550 Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a [...]
CVE-2004-2549 Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline [...]
CVE-2004-2548 Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the [...]
CVE-2004-2547 NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to obtain sensitive information via HTTP requests that (a) specify the / URI, (b) specify the /scripts/ URI, or (c) specify a [...]
CVE-2004-2546 Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
CVE-2004-2545 Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: [...]
CVE-2004-2544 Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 exports private keys when exporting firewall certificates, which might allow attackers to obtain sensitive information.
CVE-2004-2543 Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid [...]
CVE-2004-2542 Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to [...]
CVE-2004-2541 Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
CVE-2004-2540 readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted [...]
CVE-2004-2539 Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack [...]
CVE-2004-2538 Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) [...]
CVE-2004-2537 Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
CVE-2004-2536 The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does [...]
CVE-2004-2535 The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.
CVE-2004-2534 Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of [...]
CVE-2004-2533 Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\..." followed by a short string
CVE-2004-2532 Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default [...]
CVE-2004-2531 X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long [...]
CVE-2004-2530 Visual truncation vulnerability in Gadu-Gadu allows remote attackers to spoof the file extension on transmitted files via a filename with a large number of spaces followed by the real extension, which [...]
CVE-2004-2529 Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
CVE-2004-2528 Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
CVE-2004-2527 The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the [...]
CVE-2004-2526 Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
CVE-2004-2525 Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
Page:


Copyright © 1999–2021, The MITRE Corporation

LICENSE

Submissions: For all materials you submit to the Common Vulnerabilities and Exposures (CVE®), you hereby grant to The MITRE Corporation (MITRE) and all CVE Numbering Authorities (CNAs) a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute such materials and derivative works. Unless required by applicable law or agreed to in writing, you provide such materials on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.

CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy.

DISCLAIMERS

ALL DOCUMENTS AND THE INFORMATION CONTAINED THEREIN PROVIDED BY MITRE ARE PROVIDED ON AN "AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS, AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.