CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2004 (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-1774 Exec Code Overflow 2004-08-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
2 CVE-2004-1752 Exec Code Overflow 2004-08-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
3 CVE-2004-1751 DoS 2004-08-26 2017-07-11
5.0
None Remote Low Not required None None Partial
Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.
4 CVE-2004-1745 DoS Exec Code Overflow 2004-08-24 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
5 CVE-2004-1744 DoS 2004-08-24 2017-07-11
5.0
None Remote Low Not required None None Partial
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
6 CVE-2004-1743 2004-08-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
7 CVE-2004-1742 Dir. Trav. 2004-08-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
8 CVE-2004-1741 DoS 2004-08-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.
9 CVE-2004-1740 2004-08-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
10 CVE-2004-1739 DoS 2004-08-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
11 CVE-2004-1737 Exec Code Sql Bypass 2004-08-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
12 CVE-2004-1733 Dir. Trav. 2004-08-20 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
13 CVE-2004-1732 Exec Code Sql 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
14 CVE-2004-1731 2004-08-20 2017-07-11
5.0
None Remote Low Not required None None Partial
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
15 CVE-2004-1728 Exec Code Overflow 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.
16 CVE-2004-1727 DoS 2004-08-20 2017-07-11
5.0
None Remote Low Not required None None Partial
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
17 CVE-2004-1726 Exec Code Overflow 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
18 CVE-2004-1724 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
19 CVE-2004-1722 Sql 2004-08-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
20 CVE-2004-1721 2004-08-17 2017-07-11
5.0
None Remote Low Not required Partial None None
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
21 CVE-2004-1720 +Info 2004-08-17 2017-07-11
5.0
None Remote Low Not required Partial None None
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
22 CVE-2004-1717 Exec Code Overflow 2004-08-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
23 CVE-2004-1716 XSS 2004-08-16 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
24 CVE-2004-1715 Dir. Trav. 2004-08-11 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
25 CVE-2004-1710 Exec Code 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
26 CVE-2004-1708 DoS 2004-08-02 2017-07-11
5.0
None Remote Low Not required None None Partial
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.
27 CVE-2004-1706 DoS Exec Code 2004-08-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
28 CVE-2004-1702 DoS 2004-08-09 2017-07-11
5.0
None Remote Low Not required None None Partial
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
29 CVE-2004-1701 Exec Code Overflow 2004-08-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
30 CVE-2004-1682 +Priv 2004-08-15 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
31 CVE-2004-1681 Overflow +Priv 2004-08-26 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
32 CVE-2004-1679 Dir. Trav. 2004-08-04 2017-07-19
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
33 CVE-2004-1662 +Info 2004-08-25 2017-07-11
5.0
None Remote Low Not required Partial None None
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
34 CVE-2004-1660 Exec Code File Inclusion 2004-08-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.
35 CVE-2004-1653 2004-08-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
36 CVE-2004-1652 +Priv 2004-08-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
37 CVE-2004-1650 2004-08-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
38 CVE-2004-1649 Exec Code Overflow 2004-08-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
39 CVE-2004-1647 Sql Bypass 2004-08-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
40 CVE-2004-1646 Dir. Trav. 2004-08-30 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Xedus 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
41 CVE-2004-1644 DoS 2004-08-30 2017-07-11
5.0
None Remote Low Not required None None Partial
Xedus 1.0 allows remote attackers to cause a denial of service (refuse connections) by connecting multiple times from the same IP address.
42 CVE-2004-1643 DoS 2004-08-29 2019-08-13
5.0
None Remote Low Not required None None Partial
WS_FTP 5.0.2 allows remote authenticated users to cause a denial of service (CPU consumption) via a CD command that contains an invalid path with a "../" sequence.
43 CVE-2004-1642 DoS 2004-08-29 2017-07-11
5.0
None Remote Low Not required None None Partial
WFTPD Pro Server 3.21 allows remote authenticated users to cause a denial of service (crash) via a series of long MLIST commands.
44 CVE-2004-1641 DoS Overflow 2004-08-29 2017-07-11
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote attackers to cause a denial of service (crash) via a long FTP command such as (1) CWD, (2) STAT, or (3) LIST.
45 CVE-2004-1371 119 Exec Code Overflow 2004-08-04 2017-07-11
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
46 CVE-2004-1370 Exec Code +Priv Sql 2004-08-04 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.
47 CVE-2004-1369 DoS 2004-08-04 2017-07-11
5.0
None Remote Low Not required None None Partial
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
48 CVE-2004-1368 2004-08-04 2017-07-11
7.8
None Remote Low Not required Complete None None
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
49 CVE-2004-1364 22 Dir. Trav. 2004-08-04 2018-10-19
8.5
None Remote Medium ??? Complete Complete Complete
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
50 CVE-2004-1363 119 Exec Code Overflow 2004-08-04 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
Total number of vulnerabilities : 201   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.