Latest CVE Feed
-
5.0
MEDIUMCVE-2004-1474
Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running firmware before 1.63 and Gateway Security 320, 360, and 360R running firmware before 622 uses a default read/write SNMP community string, which allows remote attackers to alter the fir... Read more
Affected Products : firewall_vpn_appliance_100 firewall_vpn_appliance_200 firewall_vpn_appliance_200r gateway_security_360 nexland_isb_soho_firewall_appliance nexland_pro100_firewall_appliance nexland_pro400_firewall_appliance nexland_pro800_firewall_appliance nexland_pro800turbo_firewall_appliance nexland_wavebase_firewall_appliance +2 more products- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2695
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be rel... Read more
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2004-2629
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a deni... Read more
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-2207
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.... Read more
Affected Products : idealbb- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1486
Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow rem... Read more
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1532
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.... Read more
Affected Products : appserv- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-2381
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.... Read more
Affected Products : jetty_http_server- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-2394
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.... Read more
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1734
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote we... Read more
Affected Products : mantis- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2425
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.... Read more
- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1806
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters.... Read more
Affected Products : cfwebstore- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-1885
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe.... Read more
Affected Products : ws_ftp_server- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2057
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements.... Read more
Affected Products : asprunner- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2631
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.... Read more
Affected Products : phpmyadmin- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2155
Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php.... Read more
Affected Products : web_based_bookmark_application- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-2550
Multiple cross-site scripting (XSS) vulnerabilities in unspecified Perl scripts in SandSurfer before 1.7.1 allow remote attackers to inject arbitrary web script or HTML, which is later executed by a target who views reports containing the injected data.... Read more
Affected Products : sandsurfer- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-2511
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in in... Read more
Affected Products : dcp-portal- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-2175
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.... Read more
Affected Products : reviewpost_php_pro- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-2193
Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.... Read more
Affected Products : cjoverkill- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-2275
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.... Read more
Affected Products : i-mall.cgi- Published: Dec. 31, 2004
- Modified: Apr. 03, 2025