CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2003-0819 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
2 CVE-2003-0903 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
3 CVE-2003-0119 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
4 CVE-2003-0700 2004-02-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.
5 CVE-2003-0814 Exec Code Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
6 CVE-2003-0815 Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
7 CVE-2003-0816 Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
8 CVE-2003-0817 Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
9 CVE-2003-0823 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
10 CVE-2003-0902 Exec Code 2004-02-03 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands.
11 CVE-2003-0966 Exec Code Overflow 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
12 CVE-2003-0988 Exec Code Overflow 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
13 CVE-2003-0989 DoS 2004-02-17 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
14 CVE-2003-1030 Exec Code Overflow 2004-02-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
15 CVE-2003-1214 Bypass 2004-02-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions.
16 CVE-2004-0004 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
17 CVE-2004-0016 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
18 CVE-2004-0017 Sql 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
19 CVE-2004-0028 Exec Code 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
20 CVE-2004-0041 264 Bypass 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
21 CVE-2004-0043 DoS Exec Code Overflow 2004-02-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
22 CVE-2004-0044 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
23 CVE-2004-0045 Exec Code Overflow 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
24 CVE-2004-0054 DoS Exec Code 2004-02-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
25 CVE-2004-0056 DoS Exec Code 2004-02-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
26 CVE-2004-0061 Bypass 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
27 CVE-2004-0062 Overflow 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
28 CVE-2004-0063 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
29 CVE-2004-0065 Sql 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
30 CVE-2004-0068 Exec Code File Inclusion 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
31 CVE-2004-0069 Exec Code 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.
32 CVE-2004-0070 Exec Code File Inclusion 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
33 CVE-2004-0073 Exec Code File Inclusion 2004-02-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
34 CVE-2004-0324 Exec Code 2004-02-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
35 CVE-2004-1082 2004-02-03 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
36 CVE-2004-1244 Exec Code 2004-02-08 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
37 CVE-2004-2079 Bypass 2004-02-09 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
38 CVE-2004-2087 2004-02-08 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.
39 CVE-2003-0994 +Priv 2004-02-03 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
40 CVE-2004-0001 +Priv 2004-02-17 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
41 CVE-2004-0015 +Priv 2004-02-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.
42 CVE-2004-2073 +Priv 2004-02-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
43 CVE-2003-0965 XSS 2004-02-17 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
44 CVE-2004-0049 DoS 2004-02-17 2008-09-05
6.8
None Remote Low ??? None None Complete
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
45 CVE-2003-0368 20 DoS 2004-02-03 2017-07-11
5.0
None Remote Low Not required None None Partial
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
46 CVE-2003-1029 DoS 2004-02-17 2018-10-19
5.0
None Remote Low Not required None None Partial
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
47 CVE-2003-1032 DoS Overflow 2004-02-17 2016-12-20
5.0
None Remote Low Not required None None Partial
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
48 CVE-2003-1207 DoS 2004-02-01 2017-07-11
5.0
None Remote Low Not required None None Partial
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
49 CVE-2004-0013 DoS 2004-02-03 2017-10-10
5.0
None Remote Low Not required None None Partial
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).
50 CVE-2004-0042 2004-02-03 2008-09-10
5.0
None Remote Low Not required Partial None None
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.
Total number of vulnerabilities : 91   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.