Vulnerabilities (CVE)

Filter

127277 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-1891 1 Sgi 1 Irix 2008-09-05 5.0
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged.
CVE-2004-1795 2008-09-05 2.1
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a 'file://' URI.
CVE-2004-1791 1 Edimax 1 Full Rate Adsl Router 2008-09-05 7.5
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.
CVE-2004-1788 1 Asp-nuke 1 Asp-nuke 2008-09-05 5.0
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb.
CVE-2004-1785 1 Invision Power Services 1 Invision Board 2008-09-05 7.5
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
CVE-2004-1783 2008-09-05 7.5
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
CVE-2004-1781 1 Info Touch 1 Surfnet 2008-09-05 4.6
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
CVE-2004-1780 1 Info Touch 1 Surfnet 2008-09-05 4.6
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
CVE-2004-1777 1 Skype Technologies 1 Skype 2008-09-05 5.0
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
CVE-2004-1754 1 Symantec 2 Enterprise Firewall, Gateway Security 2008-09-05 5.0
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
CVE-2004-1489 1 Opera Software 1 Opera Web Browser 2008-09-05 2.6
Opera 7.54 and earlier does not properly limit an applet's access to internal Java packages from Sun, which allows remote attackers to gain sensitive information, such as user names and the installation directory.
CVE-2004-1451 1 Mozilla 1 Mozilla 2008-09-05 2.6
Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.
CVE-2004-1450 1 Mozilla 1 Mozilla 2008-09-05 5.0
Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
CVE-2004-1449 2 Firebirdsql, Mozilla 3 Mozilla, Thunderbird, Firebird 2008-09-05 2.6
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 allows remote attackers to determine the location of files on a user's hard drive by obscuring a file upload control and tricking the user into dragging text into that control.
CVE-2004-1374 1 Netbsd 1 Netbsd 2008-09-05 7.2
Multiple buffer overflows in NetBSD kernel may allow local users to execute arbitrary code and gain privileges.
CVE-2004-1343 1 Cvs 1 Cvs 2008-09-05 5.0
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
CVE-2004-1342 1 Cvs 1 Cvs 2008-09-05 7.5
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
CVE-2004-1312 1 Gfi 2 Mailessentials, Mailsecurity 2008-09-05 10.0
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI...
CVE-2004-1160 1 Netscape 1 Navigator 2008-09-05 7.5
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up...
CVE-2004-1157 1 Opera Software 1 Opera Web Browser 2008-09-05 7.5
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a...