CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2002-1582 Exec Code 2004-12-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
2 CVE-2003-0170 +Priv 2004-03-29 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
3 CVE-2003-0648 Exec Code Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
4 CVE-2003-0781 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
5 CVE-2003-0782 DoS Exec Code Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
6 CVE-2003-0819 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
7 CVE-2003-0903 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
8 CVE-2003-1009 +Priv 2004-03-29 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
9 CVE-2003-1027 2004-01-20 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
10 CVE-2003-1042 Sql 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
11 CVE-2003-1043 Sql 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
12 CVE-2003-1048 119 DoS Overflow 2004-07-27 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
13 CVE-2003-1208 Exec Code Overflow 2004-12-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
14 CVE-2004-0002 DoS 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.
15 CVE-2004-0039 Exec Code 2004-03-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
16 CVE-2004-0040 Exec Code Overflow 2004-03-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
17 CVE-2004-0083 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
18 CVE-2004-0084 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
19 CVE-2004-0090 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
20 CVE-2004-0092 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
21 CVE-2004-0097 DoS Exec Code 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
22 CVE-2004-0168 2004-03-15 2018-09-26
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
23 CVE-2004-0185 DoS Exec Code Overflow 2004-03-15 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
24 CVE-2004-0201 Exec Code Overflow 2004-08-06 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041.
25 CVE-2004-0209 Exec Code 2004-11-03 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
26 CVE-2004-0212 Exec Code Overflow 2004-08-06 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
27 CVE-2004-0214 DoS Exec Code Overflow 2004-11-03 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
28 CVE-2004-0216 Exec Code Overflow 2004-11-03 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
29 CVE-2004-0220 119 DoS Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
30 CVE-2004-0226 DoS Exec Code Overflow 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
31 CVE-2004-0234 119 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
32 CVE-2004-0236 Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.
33 CVE-2004-0239 Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
34 CVE-2004-0241 Exec Code 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
35 CVE-2004-0246 Exec Code File Inclusion 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.lib.php, (2) derniers_commentaires.php, and (3) admin.php in Les Commentaires 2.0 allow remote attackers to execute arbitrary PHP code via the rep parameter.
36 CVE-2004-0249 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other accounts by modifying the cookie's PXL variable to reference another userID.
37 CVE-2004-0250 +Priv Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.
38 CVE-2004-0253 DoS Exec Code Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.
39 CVE-2004-0261 Bypass 2004-11-23 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.
40 CVE-2004-0262 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.
41 CVE-2004-0277 DoS Exec Code 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.
42 CVE-2004-0286 DoS Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.
43 CVE-2004-0288 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.
44 CVE-2004-0290 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.
45 CVE-2004-0292 DoS Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
46 CVE-2004-0297 DoS Exec Code Overflow 2004-11-23 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
47 CVE-2004-0300 Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
48 CVE-2004-0304 Exec Code Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter.
49 CVE-2004-0308 2004-11-24 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.
50 CVE-2004-0309 Exec Code Overflow 2004-11-23 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.
Total number of vulnerabilities : 2243   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.