Latest CVE Feed
-
9.0
HIGHCVE-2004-1371
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.... Read more
- EPSS Score: %32.44
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-1366
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.... Read more
- EPSS Score: %0.30
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-1365
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.... Read more
- EPSS Score: %0.40
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
8.5
HIGHCVE-2004-1364
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.... Read more
- EPSS Score: %15.17
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1679
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.... Read more
- EPSS Score: %3.89
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.... Read more
- EPSS Score: %27.66
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1709
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.... Read more
Affected Products : rainbow_ikey2032_usb_token- EPSS Score: %0.06
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1362
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedures v... Read more
- EPSS Score: %4.00
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.4
MEDIUMCVE-2004-1367
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local use... Read more
- EPSS Score: %0.38
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1370
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_... Read more
- EPSS Score: %1.81
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1706
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.... Read more
Affected Products : usr808054- EPSS Score: %2.96
- Published: Aug. 02, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1708
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.... Read more
Affected Products : webbsyte_chat- EPSS Score: %0.65
- Published: Aug. 02, 2004
- Modified: Apr. 03, 2025
-
8.8
HIGHCVE-2004-1703
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page... Read more
Affected Products : fusion_news- EPSS Score: %0.57
- Published: Jul. 30, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-1707
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privi... Read more
Affected Products : application_server database_server_lite oracle8i oracle9i application_server_portal- EPSS Score: %12.30
- Published: Jul. 30, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1704
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.... Read more
Affected Products : wpquiz- EPSS Score: %0.72
- Published: Jul. 30, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1705
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.... Read more
Affected Products : ux- EPSS Score: %24.08
- Published: Jul. 30, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2066
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.... Read more
Affected Products : linpha- EPSS Score: %0.97
- Published: Jul. 29, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-2064
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.... Read more
Affected Products : lostbook- EPSS Score: %0.68
- Published: Jul. 29, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2067
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.... Read more
Affected Products : jaws- EPSS Score: %1.91
- Published: Jul. 29, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0736
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.... Read more
Affected Products : php-nuke- EPSS Score: %0.02
- Published: Jul. 27, 2004
- Modified: Apr. 03, 2025