CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2004 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2131 Exec Code Overflow 2004-01-27 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
2 CVE-2004-2034 Exec Code Overflow 2004-01-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.
3 CVE-2004-1785 Exec Code Sql 2004-01-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
4 CVE-2004-1784 Exec Code Overflow 2004-01-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.
5 CVE-2004-1764 Overflow +Priv 2004-01-14 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
6 CVE-2004-1760 287 +Priv 2004-01-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
7 CVE-2004-0037 Exec Code 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
8 CVE-2004-0035 Exec Code Sql 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
9 CVE-2004-0032 XSS 2004-01-20 2017-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
10 CVE-2004-0031 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
11 CVE-2004-0030 Exec Code File Inclusion 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
12 CVE-2004-0014 Exec Code Overflow 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.
13 CVE-2004-0011 Exec Code Overflow 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.
14 CVE-2003-1027 2004-01-20 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."
15 CVE-2003-1026 264 Bypass 2004-01-20 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."
16 CVE-2003-1024 +Priv 2004-01-20 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.
17 CVE-2003-1023 Exec Code Overflow 2004-01-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.
18 CVE-2003-1022 Dir. Trav. 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
19 CVE-2003-1003 20 DoS 2004-01-05 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
20 CVE-2003-0999 Exec Code 2004-01-05 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
21 CVE-2003-0995 DoS Overflow 2004-01-05 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
22 CVE-2003-0990 Exec Code 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
23 CVE-2003-0985 DoS +Priv 2004-01-20 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
24 CVE-2003-0983 2004-01-05 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
25 CVE-2003-0982 Exec Code Overflow 2004-01-05 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
26 CVE-2003-0978 DoS Exec Code 2004-01-05 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
27 CVE-2003-0977 2004-01-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
28 CVE-2003-0969 Exec Code 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
29 CVE-2003-0963 Exec Code Overflow 2004-01-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
30 CVE-2003-0904 200 +Info 2004-01-20 2020-04-09
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
Total number of vulnerabilities : 30   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.