| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
901 |
CVE-2004-1865 |
79 |
|
XSS |
2004-03-26 |
2020-12-08 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are normally allowed to add HTML by other means, e.g. through Smarty templates, then this issue would not give any additional privileges, and thus would not be considered a vulnerability. |
|
902 |
CVE-2004-1864 |
|
|
Exec Code Sql |
2004-03-26 |
2021-04-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. |
|
903 |
CVE-2004-1863 |
79 |
|
XSS |
2004-12-31 |
2021-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the restrict parameter in (2) member.php, (3) misc.php, and (4) today.php, and (5) an arbitrary parameter in phpinfo.php. |
|
904 |
CVE-2004-1862 |
|
|
XSS |
2004-03-26 |
2021-04-29 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter to u2u.php, (3) viewmost, replymost, or latest parameter to stats.php, (4) message or icons parameter to post.php, (5) threadlist, pagelinks, forumlist, navigation, or (6) forumdisplay parameter to forumdisplay.php. |
|
905 |
CVE-2004-1861 |
|
|
|
2004-03-25 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. |
|
906 |
CVE-2004-1860 |
|
|
DoS Exec Code Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large filter on a column when using SmartView Tracker. |
|
907 |
CVE-2004-1859 |
|
|
Dir. Trav. |
2004-03-24 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. |
|
908 |
CVE-2004-1858 |
|
|
DoS |
2004-12-31 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. |
|
909 |
CVE-2004-1857 |
|
|
Dir. Trav. |
2004-03-24 |
2017-07-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. |
|
910 |
CVE-2004-1856 |
|
|
|
2004-03-24 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. |
|
911 |
CVE-2004-1855 |
|
|
|
2004-03-23 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack. |
|
912 |
CVE-2004-1854 |
|
|
Exec Code Overflow |
2004-03-24 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet. |
|
913 |
CVE-2004-1853 |
|
|
DoS Overflow |
2004-03-19 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable. |
|
914 |
CVE-2004-1852 |
|
|
|
2004-03-23 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. |
|
915 |
CVE-2004-1851 |
|
|
+Info |
2004-03-24 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing. |
|
916 |
CVE-2004-1850 |
|
|
DoS |
2004-03-23 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Rage 1.01 and earlier allows remote attackers to cause a denial of service (infinite loop) via a TCP packet with the port and IP address set to zero. |
|
917 |
CVE-2004-1849 |
|
|
XSS |
2004-03-24 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to dodelautores.html or (2) handle parameter to addhandle.html. |
|
918 |
CVE-2004-1848 |
399 |
|
DoS Bypass |
2004-12-31 |
2019-08-13 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. |
|
919 |
CVE-2004-1847 |
|
|
+Priv Bypass |
2004-03-20 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie. |
|
920 |
CVE-2004-1846 |
|
|
Exec Code Sql |
2004-03-20 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp. |
|
921 |
CVE-2004-1845 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in News Manager Lite 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to comment_add.asp, (2) search parameter to search.asp, or (3) n parameter to category_news_headline.asp. |
|
922 |
CVE-2004-1844 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Member Management System 2.1 allows remote attackers to inject arbitrary web script or HTML via (1) the err parameter to error.asp or (2) register.asp. |
|
923 |
CVE-2004-1843 |
|
|
Sql |
2004-03-20 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp. |
|
924 |
CVE-2004-1842 |
|
|
+Priv CSRF |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php. |
|
925 |
CVE-2004-1841 |
|
|
Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL via the referer field in an HTTP request. |
|
926 |
CVE-2004-1840 |
|
|
XSS |
2004-03-22 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis module 2.0 for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) screen parameter to modules.php, (2) module_name parameter to title.php, (3) sortby parameter to modules.php, or (4) overview parameter to modules.php. |
|
927 |
CVE-2004-1839 |
|
|
+Info |
2004-03-22 |
2016-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. |
|
928 |
CVE-2004-1838 |
|
|
Dir. Trav. |
2004-03-22 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL. |
|
929 |
CVE-2004-1837 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3.0.16-pre2 and 3.2.x before 3.2.0-pre4 allows remote attackers to inject arbitrary web script or HTML via the certain survey fields or error messages for malformed query strings. |
|
930 |
CVE-2004-1836 |
|
|
Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Invision Power Top Site List 1.1 RC 2 and earlier allows remote attackers to execute arbitrary SQL via the id parameter of the comments action. |
|
931 |
CVE-2004-1835 |
|
|
Sql |
2004-12-31 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1) img, (2) cat, (3) sort_key, (4) order_key, (5) user, or (6) album parameters. |
|
932 |
CVE-2004-1834 |
|
|
|
2004-03-20 |
2021-06-06 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, including authentication information, on the hard disk, which could allow local users to gain sensitive information. |
|
933 |
CVE-2004-1833 |
|
|
+Priv |
2004-03-20 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges. |
|
934 |
CVE-2004-1832 |
|
|
DoS Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allows remote attackers to cause a denial of service (crash and restart) via a large amount of data to TCP port 660. |
|
935 |
CVE-2004-1831 |
|
|
DoS Overflow |
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large length value, which leads to a null dereference or out-of-bounds read. |
|
936 |
CVE-2004-1830 |
|
|
+Info |
2004-03-18 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message. |
|
937 |
CVE-2004-1829 |
|
|
XSS |
2004-03-18 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gijza.net Error Manager 2.1 for PHP-Nuke 6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pagetitle or (2) error parameters, or (3) certain parameters in the error log. |
|
938 |
CVE-2004-1828 |
|
|
|
2004-12-31 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Vcard 2.9 and possibly other versions does not require authorization to run uninstall.php, which could allow remote attackers to uninstall Vcard and delete database tables via a direct request to uninstall.php. |
|
939 |
CVE-2004-1827 |
|
|
XSS |
2004-03-15 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags. |
|
940 |
CVE-2004-1826 |
|
|
Exec Code Sql |
2004-03-16 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. |
|
941 |
CVE-2004-1825 |
|
|
XSS |
2004-03-16 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) return or (2) mos_change_template parameters. |
|
942 |
CVE-2004-1824 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3.0 allows remote attackers to inject arbitrary web script or HTML via the what parameter to memberlist.php. |
|
943 |
CVE-2004-1823 |
|
|
XSS |
2004-12-31 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBulletin 2.0 beta 3 through 3.0 can4 allows remote attackers to inject arbitrary web script or HTML via the (1) page parameter to showthread.php or (2) order parameter to forumdisplay.php. |
|
944 |
CVE-2004-1822 |
|
|
XSS |
2004-03-15 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. |
|
945 |
CVE-2004-1821 |
|
|
+Priv Sql |
2004-03-15 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter. |
|
946 |
CVE-2004-1820 |
|
|
Exec Code File Inclusion |
2004-03-15 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. |
|
947 |
CVE-2004-1819 |
|
|
+Info |
2004-03-15 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message. |
|
948 |
CVE-2004-1818 |
|
|
XSS |
2004-03-15 |
2017-07-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter. |
|
949 |
CVE-2004-1817 |
|
|
XSS |
2004-03-15 |
2017-07-11 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7.1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) Your Name field, (2) e-mail field, (3) nicname field, (4) fname parameter, (5) ratenum parameter, or (6) search field. |
|
950 |
CVE-2004-1816 |
|
|
DoS |
2004-03-15 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption). |
