Vulnerabilities (CVE)

Filter

130145 total CVE
CVE Vendors Products Updated CVSS
CVE-2004-2577 1 Phpgroupware 1 Phpgroupware 2008-09-05 5.0
The acl_check function in phpGroupWare 0.9.16RC2 always returns True, even when mkdir does not behave as expected, which could allow remote attackers to obtain sensitive information via WebDAV from users' home directories that lack .htaccess...
CVE-2004-2573 1 Phpgroupware 1 Phpgroupware 2008-09-05 7.5
PHP remote file inclusion vulnerability in tables_update.inc.php in phpGroupWare 0.9.14.005 and earlier allows remote attackers to execute arbitrary PHP code via an external URL in the appdir parameter.
CVE-2004-2545 1 Securecomputing 1 Sidewinder G2 2008-09-05 5.0
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the...
CVE-2004-2459 1 Gnu 1 Gnubiff 2008-09-05 2.1
Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users to obtain passwords, related to the password table.
CVE-2004-2427 1 Axis 14 2411 Video Server, 2130 Ptz Network Camera, 2401 Video Server and 11 more 2008-09-05 10.0
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4)...
CVE-2004-2410 1 Samhain Labs 1 Samhain 2008-09-05 2.1
Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2.0.1 might allow attackers to cause a denial of service (null pointer dereference).
CVE-2004-2407 1 Phpgroupware 1 Phpgroupware 2008-09-05 10.0
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
CVE-2004-2406 1 Phpgroupware 1 Phpgroupware 2008-09-05 10.0
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
CVE-2004-2399 1 Securecomputing 1 Sidewinder G2 2008-09-05 5.0
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
CVE-2004-2364 1 Phpx 1 Phpx 2008-09-05 5.0
Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3.2.6 allows remote attackers to execute arbitrary commands via URLs that are automatically executed on behalf of the administrator, as demonstrated using (1) admin/page.php, (2)...
CVE-2004-2338 1 Openbsd 1 Openbsd 2008-09-05 7.5
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
CVE-2004-2317 1 Mbedthis Software 1 Mbedthis Appweb Http Server 2008-09-05 5.0
Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allows remote attackers to obtain sensitive information via a user message that is generated when Mbedthis denies access.
CVE-2004-2298 1 Novell 2 Netmail, Internet Messaging System 2008-09-05 6.4
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the...
CVE-2004-2294 1 Francisco Burzi 1 Php-nuke 2008-09-05 4.3
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for...
CVE-2004-2291 1 Microsoft 1 Ie 2008-09-05 7.5
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
CVE-2004-2288 1 Jelsoft 1 Vbulletin 2008-09-05 4.3
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
CVE-2004-2287 1 Dsm 1 Light Web File Browser 2008-09-05 5.0
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
CVE-2004-2283 1 Daniel Barron 1 Dansguardian 2008-09-05 5.0
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
CVE-2004-2282 1 Daniel Barron 1 Dansguardian 2008-09-05 5.0
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
CVE-2004-2281 1 Ibm 1 Lotus Notes 2008-09-05 10.0
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.