Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.
Max CVSS
10.0
EPSS Score
14.18%
Published
2004-12-22
Updated
2017-07-11
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
3.46%
Published
2004-10-07
Updated
2017-07-11
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
Max CVSS
7.5
EPSS Score
10.81%
Published
2004-10-06
Updated
2017-11-16
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.
Max CVSS
7.5
EPSS Score
3.75%
Published
2004-10-06
Updated
2017-07-11
Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Max CVSS
7.5
EPSS Score
3.53%
Published
2004-12-31
Updated
2017-08-08
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
Max CVSS
7.5
EPSS Score
0.19%
Published
2004-12-31
Updated
2008-09-05
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Max CVSS
7.5
EPSS Score
1.51%
Published
2004-12-31
Updated
2018-10-19
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
Max CVSS
7.8
EPSS Score
1.03%
Published
2004-12-31
Updated
2018-10-19
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
Max CVSS
7.5
EPSS Score
1.83%
Published
2004-12-31
Updated
2017-07-29
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
Max CVSS
7.5
EPSS Score
0.08%
Published
2004-12-31
Updated
2017-07-29
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
Max CVSS
10.0
EPSS Score
1.99%
Published
2004-12-31
Updated
2017-07-29
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
Max CVSS
7.1
EPSS Score
2.67%
Published
2004-12-31
Updated
2017-07-29
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
Max CVSS
7.5
EPSS Score
0.10%
Published
2004-12-31
Updated
2017-07-29
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
Max CVSS
7.5
EPSS Score
8.47%
Published
2004-12-31
Updated
2017-07-29
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval."
Max CVSS
7.5
EPSS Score
0.54%
Published
2004-12-31
Updated
2008-09-05
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name.
Max CVSS
7.5
EPSS Score
1.35%
Published
2004-12-31
Updated
2008-09-05
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.
Max CVSS
7.5
EPSS Score
0.54%
Published
2004-12-31
Updated
2008-09-05
Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.
Max CVSS
7.5
EPSS Score
0.44%
Published
2004-12-31
Updated
2017-07-29
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.
Max CVSS
9.0
EPSS Score
0.25%
Published
2004-12-31
Updated
2008-09-05
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
Max CVSS
7.5
EPSS Score
0.40%
Published
2004-12-31
Updated
2020-02-24
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-10-11
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
Max CVSS
9.3
EPSS Score
5.46%
Published
2004-12-31
Updated
2017-07-29

CVE-2004-2691

Public exploit
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
Max CVSS
7.1
EPSS Score
96.41%
Published
2004-12-31
Updated
2017-07-29
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
Max CVSS
8.5
EPSS Score
0.57%
Published
2004-12-31
Updated
2017-07-29
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
Max CVSS
10.0
EPSS Score
0.63%
Published
2004-12-31
Updated
2017-07-29
984 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!