| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2004-1966 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. |
|
702 |
CVE-2004-1962 |
|
|
Sql Bypass |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. |
|
703 |
CVE-2004-1960 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. |
|
704 |
CVE-2004-1958 |
|
|
Dir. Trav. |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file. |
|
705 |
CVE-2004-1955 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. |
|
706 |
CVE-2004-1953 |
|
|
|
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. |
|
707 |
CVE-2004-1951 |
|
|
|
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.21 to 0.9.23 allows remote attackers to overwrite arbitrary files via the (1) audio.sun_audio_device or (2) dxr3.devicename options in an MRL link. |
|
708 |
CVE-2004-1949 |
|
|
Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remote attackers to execute arbitrary SQL via (1) the sif parameter to index.php in the Comments module or (2) timezoneoffset parameter to changeinfo.php in the Your_Account module. |
|
709 |
CVE-2004-1940 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read. |
|
710 |
CVE-2004-1937 |
|
|
Dir. Trav. |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module. |
|
711 |
CVE-2004-1914 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. |
|
712 |
CVE-2004-1913 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. |
|
713 |
CVE-2004-1912 |
|
|
+Info |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. |
|
714 |
CVE-2004-1911 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. |
|
715 |
CVE-2004-1910 |
|
|
DoS Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged. |
|
716 |
CVE-2004-1909 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm. |
|
717 |
CVE-2004-1908 |
|
|
+Info |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows remote attackers to obtain sensitive information via the GetSpecialFolderLocation function with certain parameters. |
|
718 |
CVE-2004-1907 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.13 allows remote attackers to cause a denial of service (crash) by sending hex-encoded URLs containing "%13%12%13". |
|
719 |
CVE-2004-1906 |
|
|
DoS Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow. |
|
720 |
CVE-2004-1905 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause a denial of service (crash) by calling the SetSitesFile function. |
|
721 |
CVE-2004-1904 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string. |
|
722 |
CVE-2004-1903 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag. |
|
723 |
CVE-2004-1902 |
|
|
|
2004-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The Citrix MetaFrame Password Manager 2.0, when a central credential store is not configured, does not encrypt passwords entered immediately after executing the First Time User Wizards, which allows local users to gain sensitive information. |
|
724 |
CVE-2004-1901 |
|
|
|
2004-12-31 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Portage before 2.0.50-r3 allows local users to overwrite arbitrary files via a hard link attack on the lockfiles. |
|
725 |
CVE-2004-1900 |
|
|
Exec Code |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the logging function in IGI 2 Covert Strike server 1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in RCON commands. |
|
726 |
CVE-2004-1899 |
|
|
Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The administration interface in Monit 1.4 through 4.2 allows remote attackers to cause an off-by-one overflow via a POST that contains 1024 bytes. |
|
727 |
CVE-2004-1898 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username. |
|
728 |
CVE-2004-1897 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Administration interface in Monit 1.4 through 4.2 allows remote attackers to cause a denial of service (segmentation fault) by sending a Basic Authentication request without a password, which causes Monit to decrement a null pointer and perform an out-of-bounds read. |
|
729 |
CVE-2004-1896 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-11 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 through 5.02 allows remote attackers to execute arbitrary code via a Fasttracker 2 (.xm) mod media file. |
|
730 |
CVE-2004-1895 |
|
|
|
2004-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to overwrite arbitrary files via a symlink attack on you-$USER/cookies. |
|
731 |
CVE-2004-1894 |
|
|
|
2004-12-31 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
TEXutil in ConTEXt, when executed with the --silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log. |
|
732 |
CVE-2004-1893 |
|
|
Exec Code +Info |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to obtain sensitive information and possibly execute arbitrary SQL commands via a direct request to mmhttpdb.asp. |
|
733 |
CVE-2004-1892 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. |
|
734 |
CVE-2004-1891 |
|
|
|
2004-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. |
|
735 |
CVE-2004-1889 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. |
|
736 |
CVE-2004-1888 |
|
|
Exec Code |
2004-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. |
|
737 |
CVE-2004-1887 |
|
|
|
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null). |
|
738 |
CVE-2004-1885 |
|
|
Exec Code |
2004-12-31 |
2019-08-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. |
|
739 |
CVE-2004-1883 |
|
|
Exec Code Overflow |
2004-12-31 |
2019-08-13 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary code by causing a long hostname or username to be inserted into a reply to a STAT command while a file is being transferred. |
|
740 |
CVE-2004-1882 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. |
|
741 |
CVE-2004-1881 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. |
|
742 |
CVE-2004-1880 |
|
|
DoS |
2004-12-31 |
2008-09-10 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). |
|
743 |
CVE-2004-1879 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. |
|
744 |
CVE-2004-1873 |
|
|
+Priv Sql |
2004-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter. |
|
745 |
CVE-2004-1869 |
|
|
DoS |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allows remote attackers to cause a denial of service (crash) by sending a packet that specifies the size for the next packet, then sending a larger packet than specified, which causes Etherlords to read unallocated memory. |
|
746 |
CVE-2004-1867 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest Book allows remote attackers to inject arbitrary web script or HTML via the Name field. |
|
747 |
CVE-2004-1863 |
79 |
|
XSS |
2004-12-31 |
2021-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. |
|
748 |
CVE-2004-1860 |
|
|
DoS Exec Code Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. |
|
749 |
CVE-2004-1858 |
|
|
DoS |
2004-12-31 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. |
|
750 |
CVE-2004-1848 |
399 |
|
DoS Bypass |
2004-12-31 |
2019-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. |
