Total
29736 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2004-0224 | 3 Double Precision Incorporated, Gentoo, Inter7 | 4 Courier Mta, Sqwebmail, Linux and 1 more | 2025-04-03 | N/A |
| Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range." | ||||
| CVE-2004-0249 | 1 Phpx | 1 Phpx | 2025-04-03 | N/A |
| PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID. | ||||
| CVE-2004-0247 | 1 Cauldron | 2 Chaser Client, Chaser Server | 2025-04-03 | N/A |
| The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory. | ||||
| CVE-2004-0248 | 1 Phpx | 1 Phpx | 2025-04-03 | N/A |
| Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote attackers to execute arbitrary script as other users by injecting arbitrary HTML or script into (1) keywords argument of main.inc.php, (2) body argument of help.inc.php, or (3) the subject field in Personal Messages and Forum. | ||||
| CVE-2004-0252 | 1 Typsoft | 1 Typsoft Ftp Server | 2025-04-03 | N/A |
| TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name. | ||||
| CVE-2004-0253 | 1 Ibm | 1 Cloudscape | 2025-04-03 | N/A |
| IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability. | ||||
| CVE-2004-0303 | 1 Fools Workshop | 1 Owls Workshop | 2025-04-03 | N/A |
| OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd. | ||||
| CVE-2004-0302 | 1 Fools Workshop | 1 Owls Workshop | 2025-04-03 | N/A |
| Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php. | ||||
| CVE-2004-0304 | 1 Webcortex | 1 Webstores 2000 | 2025-04-03 | N/A |
| SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter. | ||||
| CVE-2004-0307 | 1 Cisco | 1 Optical Networking Systems Software | 2025-04-03 | N/A |
| Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead. | ||||
| CVE-2004-0329 | 1 Freechat | 1 Freechat | 2025-04-03 | N/A |
| FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa". | ||||
| CVE-2004-0331 | 1 Dell | 1 Openmanage | 2025-04-03 | N/A |
| Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows remote attackers to cause a denial of service (crash) via a HTTP POST with a long application variable. | ||||
| CVE-2004-0332 | 1 Extremail | 1 Extremail | 2025-04-03 | N/A |
| Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges. | ||||
| CVE-2004-0334 | 1 Innomedia | 1 Innomedia Videophone | 2025-04-03 | N/A |
| InnoMedia VideoPhone allows remote attackers to bypass Basic Authorization via an HTTP request to (1) videophone_admindetail.asp, (2) videophone_syscfg.asp, (3) videophone_upgrade.asp, or (4) videophone_sysctrl.asp that contains a trailing / (slash). NOTE: the original report mentioned AXIS 2100 Network Camera, but this was likely a cut-and-paste error. | ||||
| CVE-2004-0335 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | N/A |
| LAN SUITE Web Mail 602Pro, when configured to use the "Directory browsing" feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/. | ||||
| CVE-2004-0336 | 1 Software602 | 1 602pro Lan Suite | 2025-04-03 | N/A |
| LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. | ||||
| CVE-2004-0360 | 1 Sun | 2 Solaris, Sunos | 2025-04-03 | N/A |
| Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local users to gain privileges via unknown attack vectors. | ||||
| CVE-2004-0361 | 1 Apple | 1 Safari | 2025-04-03 | N/A |
| The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array. | ||||
| CVE-2004-0363 | 1 Symantec | 1 Norton Antispam | 2025-04-03 | N/A |
| Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method. | ||||
| CVE-2004-0364 | 1 Symantec | 1 Norton Internet Security | 2025-04-03 | N/A |
| The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method. | ||||