Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-2710 1 Phrozensmoke 1 Gyach Enhanced 2008-09-05 7.5
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat...
CVE-2004-2709 1 Phrozensmoke 1 Gyach Enhanced 2008-09-05 7.5
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.
CVE-2004-2708 1 Phrozensmoke 1 Gyach Enhanced 2008-09-05 5.0
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
CVE-2004-2682 1 Peersec Networks 1 Matrixssl 2008-09-05 5.8
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery...
CVE-2004-2672 1 Argosoft 1 Ftp Server 2008-09-05 7.5
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
CVE-2004-2668 2008-09-05 7.5
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
CVE-2004-2667 2008-09-05 6.8
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVE-2004-2666 1 Mantis 1 Mantis 2008-09-05 5.0
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
CVE-2004-2664 1 John Lim 1 Adodb 2008-09-05 5.0
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.
CVE-2004-2662 1 Soft3304 1 04webserver 2008-09-05 5.0
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.
CVE-2004-2661 1 Soft3304 1 04webserver 2008-09-05 5.0
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).
CVE-2004-2659 2 Opera Software, Mozilla 2 Opera, Mozilla 2008-09-05 4.0
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard...
CVE-2004-2658 1 Suse 1 Suse Linux 2008-09-05 2.1
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
CVE-2004-2654 1 Squid 1 Squid 2008-09-05 5.0
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup...
CVE-2004-2653 1 Pd9 Software 1 Megabbs 2008-09-05 7.5
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
CVE-2004-2650 1 Apache 1 James 2008-09-05 4.9
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
CVE-2004-2629 1 First Virtual Communications 4 V-gate, Conference Server, Click To Meet Premier and 1 more 2008-09-05 7.8
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to...
CVE-2004-2620 1 Paul L Daniels 1 Ripmime 2008-09-05 5.0
The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "\r" and "\n" characters in headers, which leads to a buffer underflow.
CVE-2004-2613 1 Vserver 1 Linux-vserver 2008-09-05 10.0
Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to...
CVE-2004-2598 2008-09-05 5.0
Quake II server before R1Q2, as used in multiple products, allows remote attackers to corrupt the server's client state data structure by exiting a session without a valid disconnect command, then reconnecting, which prevents a mod from being...