|
366201
|
7.5 |
HIGH
|
squirrelmail
|
squirrelmail
|
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
|
NVD-CWE-Other
|
CVE-2005-0152
|
2008-09-6 05:45 |
2005-02-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366202
|
7.5 |
HIGH
|
bidwatcher
|
bidwatcher
|
Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via c…
|
NVD-CWE-Other
|
CVE-2005-0158
|
2008-09-6 05:45 |
2005-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366203
|
5.1 |
MEDIUM
|
e-merge
|
unace
|
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" message…
|
NVD-CWE-Other
|
CVE-2005-0160
|
2008-09-6 05:45 |
2005-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366204
|
2.1 |
LOW
|
e-merge
|
unace
|
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
|
NVD-CWE-Other
|
CVE-2005-0161
|
2008-09-6 05:45 |
2005-02-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366205
|
4.6 |
MEDIUM
|
yahoo
|
messenger
|
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program dir…
|
NVD-CWE-Other
|
CVE-2005-0242
|
2008-09-6 05:45 |
2005-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366206
|
5.0 |
MEDIUM
|
yahoo
|
messenger
|
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downl…
|
NVD-CWE-Other
|
CVE-2005-0243
|
2008-09-6 05:45 |
2005-02-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366207
|
5.0 |
MEDIUM
|
jbrowser
|
jbrowser
|
Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is …
|
CWE-22
パス・トラバーサル
|
CVE-2004-2750
|
2008-09-6 05:45 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366208
|
4.3 |
MEDIUM
|
postnuke_software_foundation
|
postnuke
|
Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle p…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2004-2752
|
2008-09-6 05:45 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366209
|
7.5 |
HIGH
|
yabb
|
yabb_se
|
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (…
|
CWE-89
SQLインジェクション
|
CVE-2004-2754
|
2008-09-6 05:45 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366210
|
4.3 |
MEDIUM
|
xoops
|
xoops
|
Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id par…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2004-2756
|
2008-09-6 05:45 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366211
|
5.0 |
MEDIUM
|
securecomputing
|
sidewinder_g2
|
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
|
NVD-CWE-Other
|
CVE-2004-2399
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366212
|
10.0 |
HIGH
|
phpgroupware
|
phpgroupware
|
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
|
NVD-CWE-Other
|
CVE-2004-2406
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366213
|
10.0 |
HIGH
|
phpgroupware
|
phpgroupware
|
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
|
NVD-CWE-Other
|
CVE-2004-2407
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366214
|
2.1 |
LOW
|
samhain_labs
|
samhain
|
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
|
NVD-CWE-Other
|
CVE-2004-2410
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366215
|
10.0 |
HIGH
|
axis
|
2100_network_camera 2110_network_camera 2120_network_camera 2130_ptz_network_camera 230_mpeg2_video_server 2400_video_server 2401_video_server 2411_video_server 2420_network_c…
|
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi…
|
NVD-CWE-Other
|
CVE-2004-2427
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366216
|
2.1 |
LOW
|
gnu
|
gnubiff
|
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
|
NVD-CWE-Other
|
CVE-2004-2459
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366217
|
5.0 |
MEDIUM
|
securecomputing
|
sidewinder_g2
|
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: …
|
NVD-CWE-Other
|
CVE-2004-2545
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366218
|
7.5 |
HIGH
|
phpgroupware
|
phpgroupware
|
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir paramet…
|
NVD-CWE-Other
|
CVE-2004-2573
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366219
|
5.0 |
MEDIUM
|
phpgroupware
|
phpgroupware
|
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from u…
|
NVD-CWE-Other
|
CVE-2004-2577
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366220
|
5.0 |
MEDIUM
|
-
|
-
|
Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then re…
|
NVD-CWE-Other
|
CVE-2004-2598
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366221
|
10.0 |
HIGH
|
vserver
|
linux-vserver
|
Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and a…
|
NVD-CWE-Other
|
CVE-2004-2613
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366222
|
5.0 |
MEDIUM
|
paul_l_daniels
|
ripmime
|
The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.
|
NVD-CWE-Other
|
CVE-2004-2620
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366223
|
7.8 |
HIGH
|
first_virtual_communications
|
click_to_meet_express click_to_meet_premier conference_server v-gate
|
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference S…
|
NVD-CWE-Other
|
CVE-2004-2629
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366224
|
4.9 |
MEDIUM
|
apache
|
james
|
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock fr…
|
NVD-CWE-Other
|
CVE-2004-2650
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366225
|
7.5 |
HIGH
|
pd9_software
|
megabbs
|
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
|
NVD-CWE-Other
|
CVE-2004-2653
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366226
|
5.0 |
MEDIUM
|
squid
|
squid
|
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigge…
|
NVD-CWE-Other
|
CVE-2004-2654
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366227
|
2.1 |
LOW
|
suse
|
suse_linux
|
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
|
NVD-CWE-Other
|
CVE-2004-2658
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366228
|
5.0 |
MEDIUM
|
soft3304
|
04webserver
|
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).
|
NVD-CWE-Other
|
CVE-2004-2661
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366229
|
5.0 |
MEDIUM
|
soft3304
|
04webserver
|
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but conti…
|
NVD-CWE-Other
|
CVE-2004-2662
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366230
|
5.0 |
MEDIUM
|
john_lim
|
adodb
|
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals…
|
NVD-CWE-Other
|
CVE-2004-2664
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366231
|
5.0 |
MEDIUM
|
john_lim
|
adodb
|
This vulnerability is addressed in the following product release:
John Lim, ADOdb, 4.23
|
NVD-CWE-Other
|
CVE-2004-2664
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366232
|
5.0 |
MEDIUM
|
mantis
|
mantis
|
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (privat…
|
NVD-CWE-Other
|
CVE-2004-2666
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366233
|
6.8 |
MEDIUM
|
-
|
-
|
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2004-2667
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366234
|
7.5 |
HIGH
|
-
|
-
|
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2668
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366235
|
7.5 |
HIGH
|
argosoft
|
ftp_server
|
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2672
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366236
|
7.5 |
HIGH
|
argosoft
|
ftp_server
|
This vulnerability is addressed in the following product release:
ArGoSoft, FTP server, 1.4.2.2
|
NVD-CWE-Other
|
CVE-2004-2672
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366237
|
5.8 |
MEDIUM
|
peersec_networks
|
matrixssl
|
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the nu…
|
NVD-CWE-Other
|
CVE-2004-2682
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366238
|
5.0 |
MEDIUM
|
phrozensmoke
|
gyach_enhanced
|
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
|
CWE-255
証明書・パスワード管理
|
CVE-2004-2708
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366239
|
7.5 |
HIGH
|
phrozensmoke
|
gyach_enhanced
|
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors in…
|
CWE-119
バッファエラー
|
CVE-2004-2709
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366240
|
7.5 |
HIGH
|
phrozensmoke
|
gyach_enhanced
|
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending c…
|
CWE-119
バッファエラー
|
CVE-2004-2710
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366241
|
7.5 |
HIGH
|
phrozensmoke
|
gyach_enhanced
|
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retri…
|
CWE-119
バッファエラー
|
CVE-2004-2711
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366242
|
5.0 |
MEDIUM
|
phrozensmoke
|
gyach_enhanced
|
Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data."
|
CWE-119
バッファエラー
|
CVE-2004-2712
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366243
|
4.3 |
MEDIUM
|
php_heaven
|
phpmychat
|
PHPMyChat 0.14.5 does not remove or protect setup.php3 after installation, which allows attackers to obtain sensitive information including database passwords via a direct request.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2004-2718
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366244
|
5.0 |
MEDIUM
|
mailenable
|
mailenable
|
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and appli…
|
NVD-CWE-Other
|
CVE-2004-2726
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366245
|
4.4 |
MEDIUM
|
linux
|
linux_kernel
|
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arb…
|
CWE-189
数値処理の問題
|
CVE-2004-2731
|
2008-09-6 05:44 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366246
|
7.5 |
HIGH
|
zen_cart
|
zen_cart
|
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.
|
NVD-CWE-Other
|
CVE-2004-2025
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366247
|
7.2 |
HIGH
|
-
|
-
|
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vul…
|
NVD-CWE-Other
|
CVE-2004-2070
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366248
|
5.0 |
MEDIUM
|
microsoft
|
baseline_security_analyzer
|
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administr…
|
NVD-CWE-Other
|
CVE-2004-2091
|
2008-09-6 05:43 |
2004-02-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366249
|
5.0 |
MEDIUM
|
symantec
|
norton_antivirus
|
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage ret…
|
NVD-CWE-Other
|
CVE-2004-2147
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366250
|
6.4 |
MEDIUM
|
xmlstarlet
|
command_line_xml_toolkit
|
Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.
|
NVD-CWE-Other
|
CVE-2004-2160
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|