Vulnerabilities (CVE)

Total 165079 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2294 1 Francisco Burzi 1 Php-nuke 2008-09-05 4.3 MEDIUM N/A
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
CVE-2004-2298 1 Novell 2 Internet Messaging System, Netmail 2008-09-05 6.4 MEDIUM N/A
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
CVE-2004-2317 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2008-09-05 5.0 MEDIUM N/A
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
CVE-2004-2338 1 Openbsd 1 Openbsd 2008-09-05 7.5 HIGH N/A
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
CVE-2004-2364 1 Phpx 1 Phpx 2008-09-05 5.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
CVE-2004-1754 1 Symantec 2 Enterprise Firewall, Gateway Security 2008-09-05 5.0 MEDIUM N/A
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
CVE-2004-1777 1 Skype Technologies 1 Skype 2008-09-05 5.0 MEDIUM N/A
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
CVE-2004-1780 1 Info Touch 1 Surfnet 2008-09-05 4.6 MEDIUM N/A
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
CVE-2004-1781 1 Info Touch 1 Surfnet 2008-09-05 4.6 MEDIUM N/A
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
CVE-2004-1783 1 Net2soft 1 Flash Ftp Server 2008-09-05 7.5 HIGH N/A
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
CVE-2004-1785 1 Invision Power Services 1 Invision Board 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
CVE-2004-1788 1 Asp-nuke 1 Asp-nuke 2008-09-05 5.0 MEDIUM N/A
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.
CVE-2004-1791 1 Edimax 1 Full Rate Adsl Router 2008-09-05 7.5 HIGH N/A
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.
CVE-2004-1795 1 Info Touch 1 Surfnet 2008-09-05 2.1 LOW N/A
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
CVE-2004-1891 1 Sgi 1 Irix 2008-09-05 5.0 MEDIUM N/A
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.
CVE-2004-2001 1 Sgi 1 Irix 2008-09-05 4.6 MEDIUM N/A
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
CVE-2004-2024 1 Zen Cart 1 Zen Cart 2008-09-05 7.5 HIGH N/A
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVE-2004-1342 1 Cvs 1 Cvs 2008-09-05 7.5 HIGH N/A
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
CVE-2004-1343 1 Cvs 1 Cvs 2008-09-05 5.0 MEDIUM N/A
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
CVE-2004-1374 1 Netbsd 1 Netbsd 2008-09-05 7.2 HIGH N/A
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.