Vulnerabilities (CVE)

Total 174711 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-2209 1 Ideal Science 1 Idealbb 2008-09-05 7.5 HIGH N/A
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2210 1 Express-web 1 Express-web Content Management System 2008-09-05 4.3 MEDIUM N/A
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
CVE-2004-2225 1 Mozilla 1 Firefox 2008-09-05 5.0 MEDIUM N/A
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
CVE-2004-2234 1 Moodle 1 Moodle 2008-09-05 7.5 HIGH N/A
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
CVE-2004-2235 1 Moodle 1 Moodle 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
CVE-2004-2246 1 Goollery 1 Goollery 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.
CVE-2004-2247 1 Goosequill 1 Audienceconnect 2008-09-05 10.0 HIGH N/A
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
CVE-2004-2273 1 Evan Sims 1 Effingerd 2008-09-05 5.0 MEDIUM N/A
efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.
CVE-2004-2280 1 Ibm 1 Lotus Notes 2008-09-05 5.0 MEDIUM N/A
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
CVE-2004-2281 1 Ibm 1 Lotus Notes 2008-09-05 10.0 HIGH N/A
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
CVE-2004-2282 1 Daniel Barron 1 Dansguardian 2008-09-05 5.0 MEDIUM N/A
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
CVE-2004-2283 1 Daniel Barron 1 Dansguardian 2008-09-05 5.0 MEDIUM N/A
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
CVE-2004-2287 1 Dsm 1 Light Web File Browser 2008-09-05 5.0 MEDIUM N/A
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
CVE-2004-2288 1 Jelsoft 1 Vbulletin 2008-09-05 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
CVE-2004-2294 1 Francisco Burzi 1 Php-nuke 2008-09-05 4.3 MEDIUM N/A
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
CVE-2004-2298 1 Novell 2 Internet Messaging System, Netmail 2008-09-05 6.4 MEDIUM N/A
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
CVE-2004-2317 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2008-09-05 5.0 MEDIUM N/A
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
CVE-2004-2338 1 Openbsd 1 Openbsd 2008-09-05 7.5 HIGH N/A
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
CVE-2004-2364 1 Phpx 1 Phpx 2008-09-05 5.0 MEDIUM N/A
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2) admin/news.php, (3) admin/user.php, (4) admin/images.php, (5) admin/page.php, or (6) admin/forums.php.
CVE-2004-1754 1 Symantec 2 Enterprise Firewall, Gateway Security 2008-09-05 5.0 MEDIUM N/A
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.