National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 131,483 matching records.
Displaying matches 122961 through 122980.
Vuln ID Summary CVSS Severity
CVE-2004-0740

The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.

Published: July 27, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0741

LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow.

Published: July 27, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-0742

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.

Published: July 27, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2004-2061

RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.

Published: July 27, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-2051

The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.

Published: July 24, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-2053

PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.

Published: July 24, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-2047

Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.

Published: July 23, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-1749

Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.

Published: July 22, 2004; 12:00:00 AM -04:00
    V2: 5.0 MEDIUM
CVE-2004-2055

Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.

Published: July 19, 2004; 12:00:00 AM -04:00
    V2: 4.3 MEDIUM
CVE-2004-0397

Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0398

Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0399

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0400

Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0401

Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2004-0402

Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 4.6 MEDIUM
CVE-2004-0404

logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 1.2 LOW
CVE-2004-0411

The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properly filter "-" characters that begin a hostname in a (1) telnet, (2) rlogin, (3) ssh, or (4) mailto URI, which allows remote attackers to manipulate the options that are passed to the associated programs, possibly to read arbitrary files or execute arbitrary code.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 7.5 HIGH
CVE-2004-0420

The Windows Shell application in Windows 98, Windows ME, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by spoofing the type of a file via a CLSID specifier in the filename, as demonstrated using Internet Explorer 6.0.2800.1106 on Windows XP.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 10.0 HIGH
CVE-2004-0422

flim before 1.14.3 creates temporary files insecurely, which allows local users to overwrite arbitrary files of the Emacs user via a symlink attack.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW
CVE-2004-0423

The log_event function in ssmtp 2.50.6 and earlier allows local users to overwrite arbitrary files via a symlink attack on the ssmtp.log temporary log file.

Published: July 07, 2004; 12:00:00 AM -04:00
    V2: 2.1 LOW