Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
3.46%
Published
2004-10-07
Updated
2017-07-11
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
Max CVSS
7.5
EPSS Score
10.81%
Published
2004-10-06
Updated
2017-11-16
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.
Max CVSS
7.5
EPSS Score
3.75%
Published
2004-10-06
Updated
2017-07-11
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
Max CVSS
7.5
EPSS Score
0.89%
Published
2004-10-12
Updated
2017-07-11

CVE-2004-1638

Public exploit
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
Max CVSS
7.5
EPSS Score
51.13%
Published
2004-10-16
Updated
2017-07-11
The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections.
Max CVSS
7.5
EPSS Score
1.01%
Published
2004-10-26
Updated
2017-07-11
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
Max CVSS
10.0
EPSS Score
8.18%
Published
2004-10-26
Updated
2017-07-11
Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements.
Max CVSS
7.5
EPSS Score
0.23%
Published
2004-10-23
Updated
2017-07-11
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
Max CVSS
9.0
EPSS Score
0.56%
Published
2004-10-23
Updated
2020-12-08
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
Max CVSS
7.5
EPSS Score
25.85%
Published
2004-10-22
Updated
2017-07-11
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-10-21
Updated
2017-07-11
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
Max CVSS
7.5
EPSS Score
0.25%
Published
2004-10-21
Updated
2017-07-11
Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname.
Max CVSS
7.5
EPSS Score
8.18%
Published
2004-10-20
Updated
2017-07-11
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
Max CVSS
7.5
EPSS Score
0.83%
Published
2004-10-18
Updated
2016-10-18
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
Max CVSS
7.5
EPSS Score
2.69%
Published
2004-10-18
Updated
2017-07-11
slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
Max CVSS
6.4
EPSS Score
1.98%
Published
2004-10-18
Updated
2017-07-11
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
Max CVSS
7.5
EPSS Score
1.88%
Published
2004-10-14
Updated
2017-07-11
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
Max CVSS
7.5
EPSS Score
2.85%
Published
2004-10-16
Updated
2017-07-11
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
Max CVSS
7.5
EPSS Score
4.75%
Published
2004-10-13
Updated
2017-07-11

CVE-2004-1595

Public exploit
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
Max CVSS
7.5
EPSS Score
51.13%
Published
2004-10-13
Updated
2017-07-11
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
Max CVSS
7.2
EPSS Score
0.06%
Published
2004-10-19
Updated
2018-10-30
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
Max CVSS
7.5
EPSS Score
12.78%
Published
2004-10-30
Updated
2017-07-11

CVE-2004-0798

Public exploit
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
Max CVSS
7.5
EPSS Score
93.13%
Published
2004-10-20
Updated
2017-10-05
50 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!