Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-2207 1 Ideal Science 1 Idealbb 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-2194 1 Mailenable 2 Mailenable Professional, Mailenable Enterprise 2008-09-05 5.0
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
CVE-2004-2190 1 Unzoo 1 Unzoo 2008-09-05 5.0
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
CVE-2004-2189 1 Dmxready 1 Dmxready Site Chassis Manager 2008-09-05 7.5
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2187 1 Mediawiki 1 Mediawiki 2008-09-05 5.0
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
CVE-2004-2186 1 Mediawiki 1 Mediawiki 2008-09-05 7.5
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
CVE-2004-2185 1 Mediawiki 1 Mediawiki 2008-09-05 6.8
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4)...
CVE-2004-2183 1 Wehelpbus 1 Wehelpbus 2008-09-05 7.5
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.
CVE-2004-2180 1 Wowbb 1 Wowbb Web Forum 2008-09-05 4.3
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to...
CVE-2004-2179 1 Microsoft 2 Ie, Frontpage 2008-09-05 5.0
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
CVE-2004-2178 1 Devoybb 1 Devoybb Web Forum 2008-09-05 7.5
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2177 1 Devoybb 1 Devoybb Web Forum 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
CVE-2004-2176 1 Microsoft 1 Windows Xp 2008-09-05 4.6
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
CVE-2004-2160 1 Xmlstarlet 1 Command Line Xml Toolkit 2008-09-05 6.4
Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.
CVE-2004-2147 1 Symantec 1 Norton Antivirus 2008-09-05 5.0
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("\n") separating the headers from the body.
CVE-2004-2091 1 Microsoft 1 Baseline Security Analyzer 2008-09-05 5.0
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
CVE-2004-2070 2008-09-05 7.2
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability than CVE-2005-1590.
CVE-2004-2025 1 Zen Cart 1 Zen Cart 2008-09-05 7.5
SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 before patch 2 may allow remote attackers to execute arbitrary SQL commands via the products_id parameter.
CVE-2004-2024 1 Zen Cart 1 Zen Cart 2008-09-05 7.5
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
CVE-2004-2001 1 Sgi 1 Irix 2008-09-05 4.6
ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received.