| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2005-1247 |
|
|
DoS |
2004-01-15 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability. |
|
2 |
CVE-2005-0441 |
|
|
Exec Code Overflow |
2004-12-22 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement. |
|
3 |
CVE-2005-0373 |
|
|
Exec Code Overflow |
2004-10-07 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code. |
|
4 |
CVE-2005-0189 |
|
|
Exec Code Overflow |
2004-10-06 |
2017-11-16 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument. |
|
5 |
CVE-2005-0188 |
|
|
Exec Code |
2004-10-06 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log. |
|
6 |
CVE-2005-0068 |
|
|
DoS |
2004-12-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
|
7 |
CVE-2005-0067 |
|
|
DoS |
2004-12-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
|
8 |
CVE-2005-0066 |
|
|
DoS |
2004-12-22 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities. |
|
9 |
CVE-2004-2760 |
16 |
|
|
2004-12-31 |
2009-01-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability. |
|
10 |
CVE-2004-2758 |
|
|
DoS |
2004-12-31 |
2017-08-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. |
|
11 |
CVE-2004-2754 |
89 |
|
Exec Code Sql |
2004-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. |
|
12 |
CVE-2004-2753 |
|
|
DoS |
2004-12-31 |
2017-07-29 |
5.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Complete |
|
Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner." |
|
13 |
CVE-2004-2751 |
89 |
|
Exec Code Sql |
2004-12-31 |
2017-07-29 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. |
|
14 |
CVE-2004-2750 |
22 |
|
Dir. Trav. |
2004-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
15 |
CVE-2004-2746 |
89 |
|
Exec Code Sql |
2004-12-31 |
2018-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. |
|
16 |
CVE-2004-2745 |
22 |
|
Dir. Trav. |
2004-12-31 |
2018-10-19 |
7.8 |
None |
Remote |
Low |
Not required |
Complete |
None |
None |
|
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. |
|
17 |
CVE-2004-2744 |
|
|
|
2004-12-31 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." |
|
18 |
CVE-2004-2743 |
264 |
|
|
2004-12-31 |
2017-07-29 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. |
|
19 |
CVE-2004-2739 |
264 |
|
|
2004-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors. |
|
20 |
CVE-2004-2737 |
89 |
|
Exec Code Sql |
2004-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter. |
|
21 |
CVE-2004-2736 |
287 |
|
Bypass |
2004-12-31 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie. |
|
22 |
CVE-2004-2734 |
287 |
|
Bypass |
2004-12-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder. |
|
23 |
CVE-2004-2733 |
264 |
|
|
2004-12-31 |
2017-07-29 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp. |
|
24 |
CVE-2004-2726 |
|
|
DoS |
2004-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348. |
|
25 |
CVE-2004-2724 |
287 |
|
DoS |
2004-12-31 |
2017-07-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character. |
|
26 |
CVE-2004-2719 |
119 |
|
Exec Code Overflow |
2004-12-31 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339. |
|
27 |
CVE-2004-2716 |
89 |
|
Exec Code Sql |
2004-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters. |
|
28 |
CVE-2004-2715 |
287 |
|
+Priv Bypass |
2004-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false. |
|
29 |
CVE-2004-2714 |
134 |
|
|
2004-12-31 |
2017-07-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability. |
|
30 |
CVE-2004-2712 |
119 |
|
DoS Overflow |
2004-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data." |
|
31 |
CVE-2004-2711 |
119 |
|
DoS Exec Code Overflow |
2004-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval." |
|
32 |
CVE-2004-2710 |
119 |
|
DoS Exec Code Overflow |
2004-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name. |
|
33 |
CVE-2004-2709 |
119 |
|
DoS Exec Code Overflow |
2004-12-31 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags. |
|
34 |
CVE-2004-2708 |
255 |
|
|
2004-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file. |
|
35 |
CVE-2004-2707 |
|
|
Overflow |
2004-12-31 |
2017-07-29 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses. |
|
36 |
CVE-2004-2706 |
20 |
|
DoS |
2004-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages. |
|
37 |
CVE-2004-2705 |
|
|
|
2004-12-31 |
2017-07-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets. |
|
38 |
CVE-2004-2700 |
264 |
|
|
2004-12-31 |
2008-09-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx. |
|
39 |
CVE-2004-2698 |
362 |
|
DoS |
2004-12-31 |
2017-07-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file. |
|
40 |
CVE-2004-2697 |
362 |
|
+Priv |
2004-12-31 |
2017-07-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002. |
|
41 |
CVE-2004-2696 |
255 |
|
|
2004-12-31 |
2017-07-29 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
|
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call. |
|
42 |
CVE-2004-2695 |
89 |
|
Exec Code Sql |
2004-12-31 |
2020-02-24 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267. |
|
43 |
CVE-2004-2694 |
264 |
|
Bypass |
2004-12-31 |
2016-10-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top". |
|
44 |
CVE-2004-2693 |
264 |
|
+Priv |
2004-12-31 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. |
|
45 |
CVE-2004-2692 |
264 |
|
Exec Code Bypass |
2004-12-31 |
2017-07-29 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function. |
|
46 |
CVE-2004-2691 |
|
|
DoS |
2004-12-31 |
2017-07-29 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports. |
|
47 |
CVE-2004-2690 |
|
|
Exec Code |
2004-12-31 |
2017-07-29 |
8.5 |
None |
Remote |
Medium |
??? |
Complete |
Complete |
Complete |
|
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files. |
|
48 |
CVE-2004-2689 |
264 |
|
|
2004-12-31 |
2017-07-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value. |
|
49 |
CVE-2004-2687 |
16 |
|
Exec Code |
2004-12-31 |
2008-09-05 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks. |
|
50 |
CVE-2004-2686 |
22 |
|
Dir. Trav. |
2004-12-31 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure. |
