| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
701 |
CVE-2004-2003 |
|
|
Exec Code Overflow |
2004-05-06 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field. |
|
702 |
CVE-2004-2002 |
|
|
DoS |
2004-05-05 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet. |
|
703 |
CVE-2004-2001 |
|
|
|
2004-05-05 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received. |
|
704 |
CVE-2004-2000 |
|
|
Sql |
2004-05-05 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. |
|
705 |
CVE-2004-1999 |
|
|
XSS |
2004-05-05 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. |
|
706 |
CVE-2004-1998 |
|
|
|
2004-05-05 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. |
|
707 |
CVE-2004-1997 |
|
|
+Priv |
2004-05-05 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. |
|
708 |
CVE-2004-1996 |
|
|
XSS |
2004-05-05 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. |
|
709 |
CVE-2004-1995 |
|
|
CSRF |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. |
|
710 |
CVE-2004-1994 |
|
|
|
2004-05-05 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. |
|
711 |
CVE-2004-1993 |
|
|
Exec Code |
2004-05-04 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password. |
|
712 |
CVE-2004-1992 |
119 |
|
DoS Overflow |
2004-04-20 |
2020-07-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. |
|
713 |
CVE-2004-1991 |
22 |
|
Dir. Trav. |
2004-05-03 |
2020-12-08 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. |
|
714 |
CVE-2004-1990 |
|
|
|
2004-03-03 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request. |
|
715 |
CVE-2004-1989 |
|
|
Exec Code File Inclusion |
2004-04-30 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server that contains user_list_info_box.inc. |
|
716 |
CVE-2004-1988 |
|
|
Exec Code File Inclusion |
2004-04-30 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server that contains functions.inc.php. |
|
717 |
CVE-2004-1987 |
|
|
Exec Code |
2004-04-30 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG['impath'] or (2) $CONFIG['jpeg_qual'] parameters. |
|
718 |
CVE-2004-1986 |
|
|
Dir. Trav. |
2004-04-04 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. |
|
719 |
CVE-2004-1985 |
|
|
XSS |
2004-04-30 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. |
|
720 |
CVE-2004-1984 |
|
|
+Info |
2004-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message. |
|
721 |
CVE-2004-1982 |
|
|
|
2004-05-03 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field. |
|
722 |
CVE-2004-1981 |
|
|
DoS |
2004-05-02 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder. |
|
723 |
CVE-2004-1980 |
|
|
Dir. Trav. |
2004-04-30 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. (dot dot) in (1) module or (2) format variables. |
|
724 |
CVE-2004-1979 |
|
|
XSS |
2004-04-30 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6.1 allows remote attackers to inject arbitrary HTML or web script via the search_string parameter. |
|
725 |
CVE-2004-1978 |
|
|
XSS |
2004-04-30 |
2020-12-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter. |
|
726 |
CVE-2004-1977 |
|
|
DoS |
2004-04-29 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode. |
|
727 |
CVE-2004-1976 |
|
|
|
2004-04-28 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900. |
|
728 |
CVE-2004-1975 |
|
|
XSS |
2004-04-27 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the category module in pafiledb.php for paFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a vulnerability that is closely related to CVE-2004-1551. |
|
729 |
CVE-2004-1974 |
|
|
|
2004-04-27 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
paFileDB 3.1 allows remote attackers to gain sensitive information via a direct request to (1) login.php, (2) category.php, (3) search.php, (4) main.php, (5) viewall.php, (6) download.php, (7) email.php, (8) file.php, (9) rate.php, or (10) stats.php, which reveals the path in an error message. |
|
730 |
CVE-2004-1973 |
|
|
DoS |
2004-04-27 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters. |
|
731 |
CVE-2004-1972 |
|
|
Exec Code Sql |
2004-04-26 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to execute arbitrary SQL code via the (1) clipid or (2) catid parameters in a viewclip, viewcat, or voteclip action. |
|
732 |
CVE-2004-1971 |
|
|
|
2004-04-26 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote attackers to gain sensitive information via an HTTP request with an invalid (1) catid or (2) clipid parameter, which reveals the full path in an error message. |
|
733 |
CVE-2004-1970 |
|
|
|
2004-04-26 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Samsung SmartEther SS6215S switch, and possibly other Samsung switches, allows remote attackers and local users to gain administrative access by providing the admin username followed by a password that is the maximum allowed length, then pressing the enter key after the resulting error message. |
|
734 |
CVE-2004-1969 |
|
|
Exec Code |
2004-04-25 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to execute arbitrary script by uploading files that include scripting code such as Javascript. |
|
735 |
CVE-2004-1968 |
|
|
|
2004-04-26 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to read arbitrary messages by modifying the id parameter. |
|
736 |
CVE-2004-1967 |
|
|
Exec Code CSRF |
2004-04-25 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php, (2) cp_usergroup.php, (3) cp_ipbans.php, (4) myhome.php, (5) post.php, or (6) moderator.php in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary code by including the code in an image tag or a link. |
|
737 |
CVE-2004-1966 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FID parameter in board.php, (2) sortorder, perpage, or id parameters in member.php, (3) forums parameter in search.php, or (4) PID or FID parameters in post.php. |
|
738 |
CVE-2004-1965 |
|
|
XSS |
2004-04-25 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to myhome.php (3) TID parameter to post.php, or (4) redirect parameter to index.php. |
|
739 |
CVE-2004-1964 |
|
|
XSS |
2004-04-23 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. |
|
740 |
CVE-2004-1963 |
|
|
+Info |
2004-04-23 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. |
|
741 |
CVE-2004-1962 |
|
|
Sql Bypass |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. |
|
742 |
CVE-2004-1961 |
|
|
Exec Code Sql Bypass |
2004-04-23 |
2016-12-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "'" characters ("%27"). |
|
743 |
CVE-2004-1960 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. |
|
744 |
CVE-2004-1959 |
|
|
|
2004-04-23 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. |
|
745 |
CVE-2004-1958 |
|
|
Dir. Trav. |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file. |
|
746 |
CVE-2004-1956 |
|
|
|
2004-04-21 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message. |
|
747 |
CVE-2004-1955 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. |
|
748 |
CVE-2004-1954 |
|
|
XSS |
2004-04-21 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. |
|
749 |
CVE-2004-1953 |
|
|
|
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. |
|
750 |
CVE-2004-1952 |
|
|
Exec Code +Priv Sql |
2004-04-23 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. |
