Security Vulnerabilities, CVEs, Published In May 2004 CVSS score >= 5
Buffer overflow in ibserver for Firebird Database 1.0 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows remote attackers to cause a denial of service (crash) via a long database name, as demonstrated using the gsec command.
Max CVSS
5.0
EPSS Score
23.10%
Published
2004-05-01
Updated
2017-07-11
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
Max CVSS
7.5
EPSS Score
1.24%
Published
2004-05-29
Updated
2017-07-11
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
Max CVSS
7.5
EPSS Score
2.34%
Published
2004-05-29
Updated
2017-07-11
e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.75%
Published
2004-05-29
Updated
2017-07-11
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.88%
Published
2004-05-28
Updated
2017-07-11
MiniShare 1.3.2 allows remote attackers to cause a denial of service (crash) via a malformed HTTP GET or HEAD request without the proper number of trailing CRLF sequences.
Max CVSS
5.0
EPSS Score
6.81%
Published
2004-05-26
Updated
2017-07-11
Orenosv 0.5.9f allows remote attackers to cause a denial of service (crash) via a long HTTP GET request.
Max CVSS
5.0
EPSS Score
7.07%
Published
2004-05-26
Updated
2017-07-11
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
Max CVSS
7.5
EPSS Score
2.18%
Published
2004-05-24
Updated
2017-07-11
The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 Release 2 and earlier allows remote attackers to cause a denial of service (crash) via a Basic Authorization HTTP request with a "A==" value.
Max CVSS
5.0
EPSS Score
10.26%
Published
2004-05-22
Updated
2017-07-11
Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.
Max CVSS
5.0
EPSS Score
2.35%
Published
2004-05-10
Updated
2017-07-11
NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.54%
Published
2004-05-08
Updated
2017-07-11
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
Max CVSS
5.1
EPSS Score
16.71%
Published
2004-05-06
Updated
2017-07-11
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
Max CVSS
10.0
EPSS Score
0.88%
Published
2004-05-06
Updated
2017-07-11
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.
Max CVSS
7.5
EPSS Score
14.28%
Published
2004-05-06
Updated
2017-07-11
Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet.
Max CVSS
5.0
EPSS Score
0.93%
Published
2004-05-05
Updated
2017-07-11
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
Max CVSS
7.5
EPSS Score
1.02%
Published
2004-05-05
Updated
2018-10-19
The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message.
Max CVSS
5.0
EPSS Score
0.50%
Published
2004-05-05
Updated
2016-10-18
FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm.
Max CVSS
5.0
EPSS Score
1.42%
Published
2004-05-05
Updated
2017-07-11
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
Max CVSS
10.0
EPSS Score
18.31%
Published
2004-05-04
Updated
2017-07-11
Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request.
Max CVSS
5.0
EPSS Score
0.48%
Published
2004-05-03
Updated
2020-12-08
Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php, which reveal the full path in a PHP error message.
Max CVSS
5.0
EPSS Score
1.01%
Published
2004-05-02
Updated
2017-07-11
Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board's .txt file via carriage return characters in the subject field.
Max CVSS
5.0
EPSS Score
1.33%
Published
2004-05-03
Updated
2017-07-11
The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image file folder.
Max CVSS
5.0
EPSS Score
1.12%
Published
2004-05-02
Updated
2017-07-11
The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates different 404 error messages when a file does not exist versus when a file exists but is otherwise inaccessible, which could allow remote attackers to obtain sensitive information in conjunction with a directory traversal (..) attack.
Max CVSS
5.0
EPSS Score
1.22%
Published
2004-05-14
Updated
2018-10-30
Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact.
Max CVSS
5.0
EPSS Score
0.35%
Published
2004-05-03
Updated
2017-07-11