SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.
Max CVSS
5.0
EPSS Score
4.07%
Published
2004-09-21
Updated
2017-07-11
The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash.
Max CVSS
5.0
EPSS Score
4.88%
Published
2004-09-24
Updated
2017-07-11
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-09-21
Updated
2017-07-11
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
Max CVSS
5.0
EPSS Score
5.26%
Published
2004-09-21
Updated
2017-07-11
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
Max CVSS
10.0
EPSS Score
1.99%
Published
2004-09-20
Updated
2017-07-11
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
Max CVSS
7.5
EPSS Score
0.28%
Published
2004-09-21
Updated
2017-07-11
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
5.56%
Published
2004-09-18
Updated
2017-07-11
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
Max CVSS
5.0
EPSS Score
8.67%
Published
2004-09-18
Updated
2017-07-11
Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.
Max CVSS
5.0
EPSS Score
4.06%
Published
2004-09-16
Updated
2017-07-11
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
Max CVSS
5.0
EPSS Score
1.51%
Published
2004-09-16
Updated
2017-07-11
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
Max CVSS
5.0
EPSS Score
0.32%
Published
2004-09-15
Updated
2017-07-11
SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.
Max CVSS
7.5
EPSS Score
0.48%
Published
2004-09-15
Updated
2017-07-11
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.
Max CVSS
5.0
EPSS Score
0.61%
Published
2004-09-13
Updated
2017-07-11
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
Max CVSS
5.0
EPSS Score
1.14%
Published
2004-09-13
Updated
2017-07-11
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
Max CVSS
5.0
EPSS Score
1.85%
Published
2004-09-13
Updated
2017-07-11
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.
Max CVSS
5.0
EPSS Score
0.54%
Published
2004-09-12
Updated
2017-07-11
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
Max CVSS
7.5
EPSS Score
3.41%
Published
2004-09-12
Updated
2017-07-11
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
Max CVSS
5.0
EPSS Score
4.65%
Published
2004-09-11
Updated
2020-07-28
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
Max CVSS
7.5
EPSS Score
0.61%
Published
2004-09-10
Updated
2017-07-11
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.
Max CVSS
7.5
EPSS Score
0.28%
Published
2004-09-10
Updated
2017-07-11
Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote attackers to cause a denial of service (server crash) via a long client response.
Max CVSS
5.0
EPSS Score
1.80%
Published
2004-09-09
Updated
2017-07-11
Call of Duty 1.4 and earlier allows remote attackers to cause a denial of service (game end) via a large (1) query or (2) reply packet, which is not properly handled by the buffer overflow protection mechanism. NOTE: this issue might overlap CVE-2005-0430.
Max CVSS
5.0
EPSS Score
4.33%
Published
2004-09-05
Updated
2017-07-11
Engenio/LSI Logic storage controllers, as used in products such as Storagetek D280, and IBM DS4100 (formerly FastT 100) and Brocade SilkWorm Switches, allow remote attackers to cause a denial of service (freeze and possible data corruption) via crafted TCP packets.
Max CVSS
5.0
EPSS Score
1.58%
Published
2004-09-04
Updated
2021-06-22
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
Max CVSS
7.5
EPSS Score
3.27%
Published
2004-09-02
Updated
2017-07-11
CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the redirecturl parameter.
Max CVSS
5.0
EPSS Score
1.72%
Published
2004-09-01
Updated
2017-07-11
71 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!