|
366251
|
4.6 |
MEDIUM
|
microsoft
|
windows_xp
|
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that byp…
|
NVD-CWE-Other
|
CVE-2004-2176
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366252
|
4.3 |
MEDIUM
|
devoybb
|
devoybb_web_forum
|
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2177
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366253
|
7.5 |
HIGH
|
devoybb
|
devoybb_web_forum
|
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2178
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366254
|
5.0 |
MEDIUM
|
microsoft
|
frontpage ie
|
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
|
NVD-CWE-Other
|
CVE-2004-2179
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366255
|
4.3 |
MEDIUM
|
wowbb
|
wowbb_web_forum
|
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show paramete…
|
NVD-CWE-Other
|
CVE-2004-2180
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366256
|
7.5 |
HIGH
|
wehelpbus
|
wehelpbus
|
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.
|
NVD-CWE-Other
|
CVE-2004-2183
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366257
|
6.8 |
MEDIUM
|
mediawiki
|
mediawiki
|
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page view…
|
NVD-CWE-Other
|
CVE-2004-2185
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366258
|
7.5 |
HIGH
|
mediawiki
|
mediawiki
|
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
|
NVD-CWE-Other
|
CVE-2004-2186
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366259
|
5.0 |
MEDIUM
|
mediawiki
|
mediawiki
|
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2004-2187
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366260
|
7.5 |
HIGH
|
dmxready
|
dmxready_site_chassis_manager
|
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2189
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366261
|
5.0 |
MEDIUM
|
unzoo
|
unzoo
|
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2004-2190
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366262
|
5.0 |
MEDIUM
|
mailenable
|
mailenable_enterprise mailenable_professional
|
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
|
NVD-CWE-Other
|
CVE-2004-2194
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366263
|
4.3 |
MEDIUM
|
ideal_science
|
idealbb
|
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2207
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366264
|
5.0 |
MEDIUM
|
ideal_science
|
idealbb
|
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2208
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366265
|
7.5 |
HIGH
|
ideal_science
|
idealbb
|
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
|
NVD-CWE-Other
|
CVE-2004-2209
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366266
|
4.3 |
MEDIUM
|
express-web
|
express-web_content_management_system
|
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other e…
|
NVD-CWE-Other
|
CVE-2004-2210
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366267
|
5.0 |
MEDIUM
|
mozilla
|
firefox
|
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
|
NVD-CWE-Other
|
CVE-2004-2225
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366268
|
7.5 |
HIGH
|
-
|
-
|
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
|
NVD-CWE-Other
|
CVE-2004-2234
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366269
|
10.0 |
HIGH
|
moodle
|
moodle
|
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
|
NVD-CWE-Other
|
CVE-2004-2235
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366270
|
4.3 |
MEDIUM
|
goollery
|
goollery
|
Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.
|
NVD-CWE-Other
|
CVE-2004-2246
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366271
|
10.0 |
HIGH
|
goosequill
|
audienceconnect
|
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
|
NVD-CWE-Other
|
CVE-2004-2247
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366272
|
5.0 |
MEDIUM
|
evan_sims
|
effingerd
|
efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.
|
NVD-CWE-Other
|
CVE-2004-2273
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366273
|
5.0 |
MEDIUM
|
ibm
|
lotus_notes
|
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by…
|
NVD-CWE-Other
|
CVE-2004-2280
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366274
|
10.0 |
HIGH
|
ibm
|
lotus_notes
|
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) …
|
NVD-CWE-Other
|
CVE-2004-2281
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366275
|
5.0 |
MEDIUM
|
daniel_barron
|
dansguardian
|
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
|
NVD-CWE-Other
|
CVE-2004-2282
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366276
|
5.0 |
MEDIUM
|
daniel_barron
|
dansguardian
|
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
|
NVD-CWE-Other
|
CVE-2004-2283
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366277
|
5.0 |
MEDIUM
|
dsm
|
light_web_file_browser
|
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
|
NVD-CWE-Other
|
CVE-2004-2287
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366278
|
4.3 |
MEDIUM
|
jelsoft
|
vbulletin
|
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
|
NVD-CWE-Other
|
CVE-2004-2288
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366279
|
4.3 |
MEDIUM
|
francisco_burzi
|
php-nuke
|
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences…
|
NVD-CWE-Other
|
CVE-2004-2294
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366280
|
6.4 |
MEDIUM
|
novell
|
internet_messaging_system netmail
|
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store da…
|
NVD-CWE-Other
|
CVE-2004-2298
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366281
|
5.0 |
MEDIUM
|
mbedthis_software
|
mbedthis_appweb_http_server
|
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
|
NVD-CWE-Other
|
CVE-2004-2317
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366282
|
7.5 |
HIGH
|
openbsd
|
openbsd
|
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
|
NVD-CWE-Other
|
CVE-2004-2338
|
2008-09-6 05:43 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366283
|
5.0 |
MEDIUM
|
symantec
|
enterprise_firewall gateway_security
|
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additiona…
|
NVD-CWE-Other
|
CVE-2004-1754
|
2008-09-6 05:42 |
2004-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366284
|
5.0 |
MEDIUM
|
skype_technologies
|
skype
|
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL,…
|
CWE-20
不適切な入力確認
|
CVE-2004-1777
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366285
|
4.6 |
MEDIUM
|
info_touch
|
surfnet
|
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
|
NVD-CWE-Other
|
CVE-2004-1780
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366286
|
4.6 |
MEDIUM
|
info_touch
|
surfnet
|
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
|
NVD-CWE-Other
|
CVE-2004-1781
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366287
|
7.5 |
HIGH
|
-
|
-
|
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
|
NVD-CWE-Other
|
CVE-2004-1783
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366288
|
7.5 |
HIGH
|
invision_power_services
|
invision_board
|
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
|
NVD-CWE-Other
|
CVE-2004-1785
|
2008-09-6 05:42 |
2004-01-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366289
|
5.0 |
MEDIUM
|
asp-nuke
|
asp-nuke
|
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to ma…
|
NVD-CWE-Other
|
CVE-2004-1788
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366290
|
7.5 |
HIGH
|
edimax
|
full_rate_adsl_router
|
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remo…
|
NVD-CWE-Other
|
CVE-2004-1791
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366291
|
2.1 |
LOW
|
-
|
-
|
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
|
NVD-CWE-Other
|
CVE-2004-1795
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366292
|
5.0 |
MEDIUM
|
sgi
|
irix
|
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.
|
NVD-CWE-Other
|
CVE-2004-1891
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366293
|
4.6 |
MEDIUM
|
sgi
|
irix
|
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.
|
NVD-CWE-Other
|
CVE-2004-2001
|
2008-09-6 05:42 |
2004-05-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366294
|
7.5 |
HIGH
|
zen_cart
|
zen_cart
|
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_…
|
NVD-CWE-Other
|
CVE-2004-2024
|
2008-09-6 05:42 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366295
|
7.5 |
HIGH
|
cvs
|
cvs
|
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
|
NVD-CWE-Other
|
CVE-2004-1342
|
2008-09-6 05:41 |
2005-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366296
|
5.0 |
MEDIUM
|
cvs
|
cvs
|
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of…
|
NVD-CWE-Other
|
CVE-2004-1343
|
2008-09-6 05:41 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366297
|
7.2 |
HIGH
|
netbsd
|
netbsd
|
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
|
NVD-CWE-Other
|
CVE-2004-1374
|
2008-09-6 05:41 |
2004-12-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366298
|
2.6 |
LOW
|
firebirdsql mozilla
|
firebird mozilla thunderbird
|
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking th…
|
NVD-CWE-Other
|
CVE-2004-1449
|
2008-09-6 05:41 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366299
|
5.0 |
MEDIUM
|
mozilla
|
mozilla
|
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
|
NVD-CWE-Other
|
CVE-2004-1450
|
2008-09-6 05:41 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
366300
|
2.6 |
LOW
|
mozilla
|
mozilla
|
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facili…
|
NVD-CWE-Other
|
CVE-2004-1451
|
2008-09-6 05:41 |
2004-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|