CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1582 Exec Code 2004-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
2 CVE-2003-1208 Exec Code Overflow 2004-12-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
3 CVE-2004-0090 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
4 CVE-2004-0393 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.
5 CVE-2004-0429 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors.
6 CVE-2004-0448 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.
7 CVE-2004-0451 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog.
8 CVE-2004-0477 Bypass 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.
9 CVE-2004-0480 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe.
10 CVE-2004-0590 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject.
11 CVE-2004-0603 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332.
12 CVE-2004-0607 Bypass 2004-12-06 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.
13 CVE-2004-0608 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory.
14 CVE-2004-0621 +Priv 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
15 CVE-2004-0623 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
16 CVE-2004-0627 Bypass 2004-12-06 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
17 CVE-2004-0628 DoS Exec Code Overflow 2004-12-06 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
18 CVE-2004-0646 Exec Code Overflow 2004-12-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
19 CVE-2004-0904 Exec Code Overflow 2004-12-31 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
20 CVE-2004-0985 Exec Code 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
21 CVE-2004-1017 Overflow 2004-12-31 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
22 CVE-2004-1050 Exec Code Overflow 2004-12-31 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
23 CVE-2004-1236 Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.
24 CVE-2004-1351 Exec Code 2004-12-07 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
25 CVE-2004-1390 Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.
26 CVE-2004-1402 Exec Code Sql 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page.
27 CVE-2004-1463 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, related to Access Control Lists (ACL), has unknown impact.
28 CVE-2004-1483 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in the ActiveX and HTML file browsers in Symantec Clientless VPN Gateway 4400 Series 5.0 have unknown attack vectors and unknown impact.
29 CVE-2004-1486 +Priv 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and Cluster Object Manager A.01.03 and B.01.04 through B.03.00.01 on HP-UX, Serviceguard A.11.14.04 and A.11.15.04 and Cluster Object Manager B.02.01.02 and B.02.02.02 on HP Linux, allow remote attackers to gain privileges via unknown attack vectors.
30 CVE-2004-1763 DoS Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.
31 CVE-2004-1812 Exec Code Overflow 2004-12-31 2021-04-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.
32 CVE-2004-1898 Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
33 CVE-2004-1903 Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.
34 CVE-2004-2048 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier starts a process port 25072 that can be accessed with a default "jstwo" password, which allows remote attackers to gain access.
35 CVE-2004-2114 Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.
36 CVE-2004-2142 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the remote tape support (remote.c) in the RMT client for Jorg Schilling sdd 1.28 and 1.31 has unknown impact and attack vectors.
37 CVE-2004-2153 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors.
38 CVE-2004-2156 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors.
39 CVE-2004-2159 Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c.
40 CVE-2004-2233 2004-12-31 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
41 CVE-2004-2235 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
42 CVE-2004-2236 2004-12-31 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
43 CVE-2004-2237 2004-12-31 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
44 CVE-2004-2247 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
45 CVE-2004-2248 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."
46 CVE-2004-2275 Exec Code 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
47 CVE-2004-2281 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
48 CVE-2004-2284 Exec Code 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
49 CVE-2004-2289 Exec Code 2004-12-31 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
50 CVE-2004-2359 +Priv 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality.
Total number of vulnerabilities : 1223   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.