Latest CVE Feed
-
6.8
MEDIUMCVE-2004-2185
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) Spe... Read more
Affected Products : mediawiki- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1427
PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2-cvs and earlier allows remote attackers to execute arbitrary PHP code by modifying the G_PATH parameter to reference a URL on a remote web server that contains the code, as demonstrate... Read more
Affected Products : korweblog- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
3.5
LOWCVE-2004-2728
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.... Read more
Affected Products : connectivity- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1422
WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sensitive information via phpinfo, which reveals php settings.... Read more
Affected Products : whm_autopilot- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1405
MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code.... Read more
Affected Products : mediawiki- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1402
SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.... Read more
Affected Products : iwebnegar- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-2225
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.... Read more
Affected Products : firefox- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.6
LOWCVE-2004-1396
Winamp 5.07 and possibly other versions, allows remote attackers to cause a denial of service (application crash or CPU consumption) via (1) an mp4 or m4a playlist file that contains invalid tag data or (2) an invalid .nsv or .nsa file.... Read more
Affected Products : winamp- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2232
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.... Read more
Affected Products : moodle- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
5.3
MEDIUMCVE-2004-2257
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.... Read more
Affected Products : phpmyfaq- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2632
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.... Read more
Affected Products : phpmyadmin- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-2628
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:... Read more
Affected Products : thttpd- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2299
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.... Read more
Affected Products : omnihttpd- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-2308
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.... Read more
Affected Products : cpanel- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1506
Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar allow remote attackers to inject arbitrary web script via (1) view_entry.php, (2) view_d.php, (3) usersel.php, (4) datesel.php, (5) trailer.php, or (6) styles.php, as demonstrated using im... Read more
Affected Products : webcalendar- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-2395
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.... Read more
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
6.0
MEDIUMCVE-2004-2553
The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remote authenticated users with local IRC operator privileges to obtain global IRC operator privileges by using the unofficial umode command with the +ORD argument.... Read more
Affected Products : ignitionserver- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-1883
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow remote FTP administrators to execute arbitrary c... Read more
Affected Products : ws_ftp_server- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2416
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.... Read more
Affected Products : ccproxy- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1146
Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.... Read more
Affected Products : cvstrac- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025