Latest CVE Feed
-
5.0
MEDIUMCVE-2004-0112
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a craft... Read more
Affected Products : enterprise_linux enterprise_linux_desktop ios openssl hp-ux freebsd mac_os_x mac_os_x_server imanager bsafe_ssl-j +55 more products- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0311
American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 through 3.0.3 and 3.21 are shipped with a default password of TENmanUFactOryPOWER, which allows remote attackers to gain unauthorized access.... Read more
Affected Products : ap9606- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-0203
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.... Read more
Affected Products : exchange_server- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0256
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.... Read more
Affected Products : libtool- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0298
CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter.... Read more
Affected Products : cesarftp- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0361
The Javascript engine in Safari 1.2 and earlier allows remote attackers to cause a denial of service (segmentation fault) by creating a new Array object with a large size value, then writing into that array.... Read more
Affected Products : safari- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0266
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.... Read more
Affected Products : php-nuke- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0332
Extremail 1.5.9 does not check passwords correctly when they are all digits or begin with a digit, which allows remote attackers to gain privileges.... Read more
Affected Products : extremail- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0270
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling progr... Read more
- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0743
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.... Read more
- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0280
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.... Read more
Affected Products : resin- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0297
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag len... Read more
Affected Products : imail- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0275
SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.... Read more
Affected Products : bosdates- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0286
Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.... Read more
Affected Products : robotftp_server- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0337
Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bu... Read more
Affected Products : 602pro_lan_suite- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0310
Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 allows remote attackers to execute Javascript as other users via the stylesheet, which does not strip the semicolon or parentheses, as demonstrated using a background:url.... Read more
Affected Products : livejournal- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0771
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any... Read more
Affected Products : lha- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0352
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.... Read more
- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0349
Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remote attackers to view arbitrary files via a .. (dot dot) in the URL.... Read more
Affected Products : gweb_http_server- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0351
Spider Sales shopping cart stores the private key in the same database and table as the public key, which allows local users with access to the database to decrypt data.... Read more
Affected Products : spidersales- Published: Nov. 23, 2004
- Modified: Apr. 03, 2025