245351
|
7.5 |
HIGH
|
jelsoft
|
vbulletin
|
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
|
NVD-CWE-Other
|
CVE-2004-1515
|
2016-10-18 11:55 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245352
|
7.5 |
HIGH
|
new_media_generation
|
hired_team_trial
|
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
|
NVD-CWE-Other
|
CVE-2004-1526
|
2016-10-18 11:55 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245353
|
7.5 |
HIGH
|
mediawiki
|
mediawiki
|
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary c…
|
NVD-CWE-Other
|
CVE-2004-1405
|
2016-10-18 11:54 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245354
|
5.0 |
MEDIUM
|
singapore
|
image_gallery_web_application
|
Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML.
|
NVD-CWE-Other
|
CVE-2004-1409
|
2016-10-18 11:54 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245355
|
4.3 |
MEDIUM
|
gadu-gadu
|
gadu-gadu_instant_messenger
|
Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing…
|
NVD-CWE-Other
|
CVE-2004-1410
|
2016-10-18 11:54 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245356
|
5.0 |
MEDIUM
|
gadu-gadu
|
gadu-gadu_instant_messenger
|
Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of service (application hang) via a message that contains many special strings that are converted to images.
|
NVD-CWE-Other
|
CVE-2004-1414
|
2016-10-18 11:54 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245357
|
5.0 |
MEDIUM
|
korweblog
|
korweblog
|
Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to read arbitrary files and execute arbitrary PHP files via .. (dot dot) sequences in the lng…
|
NVD-CWE-Other
|
CVE-2004-1426
|
2016-10-18 11:54 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245358
|
7.5 |
HIGH
|
asante
|
fm2008_managed_ethernet_switch
|
The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access.
|
NVD-CWE-Other
|
CVE-2004-1321
|
2016-10-18 11:53 |
2004-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245359
|
4.4 |
MEDIUM
|
oracle
|
application_server collaboration_suite e-business_suite enterprise_manager enterprise_manager_database_control enterprise_manager_grid_control oracle10g oracle8i oracle9i
|
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-reada…
|
CWE-200
情報漏えい
|
CVE-2004-1367
|
2016-10-18 11:53 |
2004-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245360
|
2.1 |
LOW
|
gnu
|
glibc
|
The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
|
NVD-CWE-Other
|
CVE-2004-1382
|
2016-10-18 11:53 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245361
|
7.5 |
HIGH
|
hylafax
|
hylafax
|
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostnam…
|
NVD-CWE-Other
|
CVE-2004-1182
|
2016-10-18 11:52 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245362
|
7.5 |
HIGH
|
gadu-gadu
|
gadu-gadu_instant_messenger
|
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2…
|
NVD-CWE-Other
|
CVE-2004-1229
|
2016-10-18 11:52 |
2005-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245363
|
7.2 |
HIGH
|
atari800 debian
|
atari800 debian_linux
|
Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.
|
NVD-CWE-Other
|
CVE-2004-1076
|
2016-10-18 11:51 |
2005-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245364
|
7.5 |
HIGH
|
rssh gentoo
|
rssh linux
|
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) …
|
NVD-CWE-Other
|
CVE-2004-1161
|
2016-10-18 11:51 |
2005-01-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245365
|
2.1 |
LOW
|
ssmtp
|
ssmtp
|
The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.
|
NVD-CWE-Other
|
CVE-2004-0423
|
2016-10-18 11:45 |
2004-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245366
|
5.0 |
MEDIUM
|
microsoft
|
ie
|
Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which trig…
|
NVD-CWE-Other
|
CVE-2004-0479
|
2016-10-18 11:45 |
2004-07-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245367
|
6.4 |
MEDIUM
|
yabb
|
yabb
|
Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5.4 through 1.5.5b allows remote attackers to delete arbitrary files via a .. (dot dot) in the attachOld parameter.
|
NVD-CWE-Other
|
CVE-2004-0344
|
2016-10-18 11:44 |
2004-11-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245368
|
5.0 |
MEDIUM
|
lionmax_software
|
www_file_share_pro
|
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter…
|
NVD-CWE-Other
|
CVE-2004-0059
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245369
|
5.0 |
MEDIUM
|
lionmax_software
|
www_file_share_pro
|
WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.
|
NVD-CWE-Other
|
CVE-2004-0060
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245370
|
7.5 |
HIGH
|
lionmax_software
|
www_file_share_pro
|
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
|
NVD-CWE-Other
|
CVE-2004-0061
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245371
|
7.5 |
HIGH
|
fishnet
|
fishcart
|
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
|
NVD-CWE-Other
|
CVE-2004-0062
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245372
|
2.1 |
LOW
|
suse
|
suse_linux
|
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary …
|
NVD-CWE-Other
|
CVE-2004-0064
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245373
|
7.5 |
HIGH
|
phpgedview
|
phpgedview
|
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
|
NVD-CWE-Other
|
CVE-2004-0065
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245374
|
7.5 |
HIGH
|
hd_soft
|
windows_ftp_server
|
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wsc…
|
NVD-CWE-Other
|
CVE-2004-0069
|
2016-10-18 11:40 |
2004-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245375
|
7.5 |
HIGH
|
pmachine
|
pmachine_free pmachine_pro
|
PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine Free and pMachine Pro 2.2 and 2.2.1 allows remote attackers to execute arbitrary PHP code by modifying the pm_path parameter to r…
|
NVD-CWE-Other
|
CVE-2003-1086
|
2016-10-18 11:39 |
2003-06-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245376
|
6.4 |
MEDIUM
|
http_fetcher
|
http_fetcher_library
|
Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL request via a lon…
|
NVD-CWE-Other
|
CVE-2003-1262
|
2016-10-18 11:39 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245377
|
7.8 |
HIGH
|
-
|
-
|
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
|
NVD-CWE-Other
|
CVE-2003-1318
|
2016-10-18 11:39 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245378
|
5.0 |
MEDIUM
|
truegalerie
|
truegalerie
|
upload.php in Truegalerie 1.0 allows remote attackers to read arbitrary files by specifying the target filename in the file cookie in form.php, then downloading the file from the image gallery.
|
CWE-287
不適切な認証
|
CVE-2003-1489
|
2016-10-18 11:39 |
2003-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245379
|
7.5 |
HIGH
|
gnu
|
cfengine
|
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction fu…
|
NVD-CWE-Other
|
CVE-2003-0849
|
2016-10-18 11:38 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245380
|
7.5 |
HIGH
|
dug_song rafal_wojtczuk
|
dsniff libnids
|
The TCP reassembly functionality in libnids before 1.18 allows remote attackers to cause "memory corruption" and possibly execute arbitrary code via "overlarge TCP packets."
|
NVD-CWE-Other
|
CVE-2003-0850
|
2016-10-18 11:38 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245381
|
7.5 |
HIGH
|
mpg123
|
mpg123
|
Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.
|
NVD-CWE-Other
|
CVE-2003-0865
|
2016-10-18 11:38 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245382
|
2.1 |
LOW
|
openslp
|
openslp
|
Symbolic link vulnerability in the slpd script slpd.all_init for OpenSLP before 1.0.11 allows local users to overwrite arbitrary files via the route.check temporary file.
|
NVD-CWE-Other
|
CVE-2003-0875
|
2016-10-18 11:38 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245383
|
10.0 |
HIGH
|
hylafax
|
hylafax
|
Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier allows remote attackers to execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2003-0886
|
2016-10-18 11:38 |
2003-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245384
|
7.5 |
HIGH
|
sun
|
jre
|
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and exe…
|
NVD-CWE-Other
|
CVE-2003-0896
|
2016-10-18 11:38 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245385
|
4.6 |
MEDIUM
|
ibm
|
db2_universal_database
|
IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.
|
NVD-CWE-Other
|
CVE-2003-0898
|
2016-10-18 11:38 |
2003-11-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245386
|
7.5 |
HIGH
|
clearswift
|
mailsweeper
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
|
NVD-CWE-Other
|
CVE-2003-0928
|
2016-10-18 11:38 |
2004-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245387
|
7.5 |
HIGH
|
clearswift
|
mailsweeper
|
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
|
NVD-CWE-Other
|
CVE-2003-0929
|
2016-10-18 11:38 |
2004-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245388
|
7.5 |
HIGH
|
clearswift
|
mailsweeper
|
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.
|
NVD-CWE-Other
|
CVE-2003-0930
|
2016-10-18 11:38 |
2004-09-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245389
|
4.6 |
MEDIUM
|
symbol_technologies
|
pdt
|
Symbol Access Portable Data Terminal (PDT) 8100 does not hide the default WEP keys if they are not changed, which could allow attackers to retrieve the keys and gain access to the wireless network.
|
NVD-CWE-Other
|
CVE-2003-0934
|
2016-10-18 11:38 |
2003-12-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245390
|
7.2 |
HIGH
|
symantec
|
pcanywhere
|
Symantec PCAnywhere 10.x and 11, when started as a service, allows attackers to gain SYSTEM privileges via the help interface using AWHOST32.exe.
|
NVD-CWE-Other
|
CVE-2003-0936
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245391
|
7.5 |
HIGH
|
clam_anti-virus
|
clamav
|
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary…
|
NVD-CWE-Other
|
CVE-2003-0946
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245392
|
4.6 |
MEDIUM
|
openbsd
|
openbsd
|
OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code in 3.4 via a program with an invalid header that is not properly handled …
|
NVD-CWE-Other
|
CVE-2003-0955
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245393
|
7.5 |
HIGH
|
openca
|
openca
|
OpenCA before 0.9.1.4 does not use the correct certificate in a chain to check the serial, which could cause OpenCA to accept revoked or expired certificates.
|
NVD-CWE-Other
|
CVE-2003-0960
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245394
|
7.2 |
HIGH
|
linux
|
linux_kernel
|
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
|
NVD-CWE-Other
|
CVE-2003-0961
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245395
|
10.0 |
HIGH
|
-
|
-
|
Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experimental module for FreeRADIUS 0.9.3 and earlier allows remote attackers to execute arbitrary code via a long User-Password attribut…
|
NVD-CWE-Other
|
CVE-2003-0968
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245396
|
10.0 |
HIGH
|
gnu
|
screen
|
Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, and 3.9.15 and earlier, allows local users to execute arbitrary code via a large number of ";" (semicolon) characters in escape se…
|
NVD-CWE-Other
|
CVE-2003-0972
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245397
|
7.5 |
HIGH
|
applied_watch_technologies
|
applied_watch_command_center
|
Applied Watch Command Center allows remote attackers to conduct unauthorized activities without authentication, such as (1) add new users to a console, as demonstrated using appliedsnatch.c, or (2) a…
|
NVD-CWE-Other
|
CVE-2003-0974
|
2016-10-18 11:38 |
2003-12-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245398
|
5.0 |
MEDIUM
|
freescripts
|
visitorbook
|
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra h…
|
NVD-CWE-Other
|
CVE-2003-0979
|
2016-10-18 11:38 |
2004-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245399
|
4.3 |
MEDIUM
|
freescripts
|
visitorbook
|
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" p…
|
NVD-CWE-Other
|
CVE-2003-0980
|
2016-10-18 11:38 |
2004-01-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245400
|
7.2 |
HIGH
|
symantec
|
norton_antivirus norton_internet_security norton_system_works windows_liveupdate
|
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and …
|
NVD-CWE-Other
|
CVE-2003-0994
|
2016-10-18 11:38 |
2004-02-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|