Vulnerabilities (CVE)

Total 165079 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Firebird, Mozilla, Thunderbird 2008-09-05 2.6 LOW N/A
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2004-1450 1 Mozilla 1 Mozilla 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
CVE-2004-1451 1 Mozilla 1 Mozilla 2008-09-05 2.6 LOW N/A
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
CVE-2004-1489 1 Opera Software 1 Opera Web Browser 2008-09-05 2.6 LOW N/A
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
CVE-2004-0997 1 Linux 1 Linux Kernel 2008-09-05 4.6 MEDIUM N/A
Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.
CVE-2004-1039 1 Sco 2 Openserver, Unixware 2008-09-05 5.0 MEDIUM N/A
The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.
CVE-2004-1077 1 Citrix 2 Metaframe Client, Program Neighborhood Agent 2008-09-05 5.0 MEDIUM N/A
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
CVE-2004-1078 1 Citrix 2 Metaframe Client, Program Neighborhood Agent 2008-09-05 7.5 HIGH N/A
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.
CVE-2004-1157 1 Opera Software 1 Opera Web Browser 2008-09-05 7.5 HIGH N/A
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVE-2004-1160 1 Netscape 1 Navigator 2008-09-05 7.5 HIGH N/A
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
CVE-2004-1312 1 Gfi 2 Mailessentials, Mailsecurity 2008-09-05 10.0 HIGH N/A
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
CVE-2004-0921 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2008-09-05 7.5 HIGH N/A
AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets.
CVE-2004-0922 1 Apple 3 Mac Os X, Mac Os X Server, Quicktime 2008-09-05 5.0 MEDIUM N/A
AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box.
CVE-2004-0924 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2008-09-05 5.0 MEDIUM N/A
NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not.
CVE-2004-0926 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2008-09-05 10.0 HIGH N/A
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
CVE-2004-0927 2 Apple, Easy Software Products 3 Mac Os X, Mac Os X Server, Cups 2008-09-05 5.0 MEDIUM N/A
ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example self-signed certificate on each system, which allows remote attackers to decrypt sessions.
CVE-2004-0944 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2008-09-05 5.0 MEDIUM N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
CVE-2004-0945 1 Mitel 1 Mitel 3300 Integrated Communication Platform 2008-09-05 5.0 MEDIUM N/A
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.
CVE-2004-0498 1 Stonesoft 1 Firewall Engine 2008-09-05 5.0 MEDIUM N/A
The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.
CVE-2004-0540 1 Microsoft 1 Windows 2000 2008-09-05 10.0 HIGH N/A
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.