Latest CVE Feed
-
7.5
HIGHCVE-2004-1942
The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 through 114342-05, prevent ypserv and ypxfrd from properly restricting access to secure NIS maps, which allows local users to use ypcat or ypmatch to extract the contents of a secure map suc... Read more
- EPSS Score: %0.48
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1941
Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to cause a denial of service via a username that does not exist.... Read more
Affected Products : netfile_ftp_web_server- EPSS Score: %1.43
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1943
PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.... Read more
Affected Products : phpbb- EPSS Score: %1.68
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1938
SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to lis... Read more
Affected Products : phorum- EPSS Score: %1.09
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1947
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an... Read more
Affected Products : bitdefender- EPSS Score: %14.50
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-1946
Format string vulnerability in the PRINT_ERROR function in common.c for Cherokee Web Server 0.4.16 and earlier allows local users to execute arbitrary code via format string specifiers in the -C command line argument. NOTE: it is not clear whether this i... Read more
Affected Products : cherokee_httpd- EPSS Score: %0.08
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1950
phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwarded-For in the HTTP header, which allows remote attackers to spoof IP addresses.... Read more
Affected Products : phpbb- EPSS Score: %0.62
- Published: Apr. 19, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2002-1578
The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is no... Read more
Affected Products : sap_r_3- EPSS Score: %1.26
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1935
Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment.... Read more
Affected Products : campus_pipeline- EPSS Score: %0.56
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2003-0513
Microsoft Internet Explorer allows remote attackers to bypass intended cookie access restrictions on a web application via "%2e%2e" (encoded dot dot) directory traversal sequences in a URL, which causes Internet Explorer to send the cookie outside the spe... Read more
- EPSS Score: %4.64
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0153
Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages.... Read more
Affected Products : emil- EPSS Score: %2.05
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-0107
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.... Read more
- EPSS Score: %0.07
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0121
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execut... Read more
- EPSS Score: %51.47
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0224
Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Courier-IMAP before 3.0.0, Courier before 0.45, and SqWebMail before 4.0.0 may allow remote attackers to execute arbitrary code "when Unicode character is out of BMP range."... Read more
- EPSS Score: %3.68
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0148
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.... Read more
- EPSS Score: %0.03
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0364
The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method.... Read more
Affected Products : norton_internet_security- EPSS Score: %2.88
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2003-0257
Format string vulnerability in the printer capability for IBM AIX .3, 5.1, and 5.2 allows local users to gain printq or root privileges.... Read more
Affected Products : aix- EPSS Score: %0.05
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0362
Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module (PAM) component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRV_MULTI respon... Read more
- EPSS Score: %83.40
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0363
Stack-based buffer overflow in the SymSpamHelper ActiveX component (symspam.dll) in Norton AntiSpam 2004, as used in Norton Internet Security 2004, allows remote attackers to execute arbitrary code via a long parameter to the LaunchCustomRuleWizard method... Read more
Affected Products : norton_antispam- EPSS Score: %72.68
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2003-0905
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.... Read more
- EPSS Score: %27.22
- Published: Apr. 15, 2004
- Modified: Apr. 03, 2025