Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
3.46%
Published
2004-10-07
Updated
2017-07-11
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
Max CVSS
7.5
EPSS Score
10.81%
Published
2004-10-06
Updated
2017-11-16
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.
Max CVSS
7.5
EPSS Score
3.75%
Published
2004-10-06
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message.
Max CVSS
4.3
EPSS Score
0.26%
Published
2004-10-14
Updated
2017-07-11
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11
Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to gain sensitive information via a direct request to (1) accountsettings_add.html or (2) topmenu.html.
Max CVSS
5.0
EPSS Score
0.50%
Published
2004-10-12
Updated
2017-07-11
Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows remote attackers to cause a denial of service (application crash or memory consumption) via a large binary file with a .html extension.
Max CVSS
5.0
EPSS Score
1.21%
Published
2004-10-26
Updated
2017-07-11

CVE-2004-1638

Public exploit
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
Max CVSS
7.5
EPSS Score
51.13%
Published
2004-10-16
Updated
2017-07-11
The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections.
Max CVSS
7.5
EPSS Score
1.01%
Published
2004-10-26
Updated
2017-07-11
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
Max CVSS
10.0
EPSS Score
8.18%
Published
2004-10-26
Updated
2017-07-11
Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insidergroup feature, does not sufficiently protect private attachments when there are changes to the metadata, such as filename, description, MIME type, or review flags, which allows remote authenticated users to obtain sensitive information when (1) viewing the bug activity log or (2) receiving bug change notification mails.
Max CVSS
5.0
EPSS Score
0.71%
Published
2004-10-24
Updated
2017-07-11
show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, when using the insidergroup feature and exporting a bug to XML, shows comments and attachment summaries which are marked as private, which allows remote attackers to gain sensitive information.
Max CVSS
5.0
EPSS Score
0.25%
Published
2004-10-25
Updated
2017-07-11
process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does not check edit permissions on the keywords field, which allows remote authenticated users to modify the keywords in a bug via the keywordaction parameter.
Max CVSS
5.0
EPSS Score
0.29%
Published
2004-10-25
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the arguments to wiki.php.
Max CVSS
4.3
EPSS Score
0.35%
Published
2004-10-25
Updated
2017-07-11
Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduct port scans of remote hosts by specifying the target in an rmi:// Worklist URL, then using the response times to infer the results.
Max CVSS
5.0
EPSS Score
0.50%
Published
2004-10-25
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in the login form in Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to execute arbitrary web script or HTML via the url parameter.
Max CVSS
4.3
EPSS Score
0.35%
Published
2004-10-25
Updated
2017-07-11
Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements.
Max CVSS
7.5
EPSS Score
0.23%
Published
2004-10-23
Updated
2017-07-11
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
Max CVSS
9.0
EPSS Score
0.56%
Published
2004-10-23
Updated
2020-12-08
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
Max CVSS
7.5
EPSS Score
25.85%
Published
2004-10-22
Updated
2017-07-11

CVE-2004-1626

Public exploit
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
Max CVSS
5.0
EPSS Score
17.49%
Published
2004-10-22
Updated
2017-07-11
pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown.
Max CVSS
5.0
EPSS Score
1.12%
Published
2004-10-22
Updated
2017-07-11
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-10-21
Updated
2017-07-11
The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
Max CVSS
5.0
EPSS Score
5.52%
Published
2004-10-22
Updated
2017-07-11
94 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!