CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2004 (CVSS score >= 6)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2042 Sql 2004-05-29 2017-07-11
7.5
 None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in e107 0.615 allow remote attackers to inject arbitrary SQL code and gain sensitive information via (1) content parameter to content.php, (2) content_id parameter to content.php, or (3) list parameter to news.php.
2 CVE-2004-2041 Exec Code File Inclusion 2004-05-29 2017-07-11
7.5
 None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in secure_img_render.php in e107 0.615 allows remote attackers to execute arbitrary PHP code by modifying the p parameter to reference a URL on a remote web server that contains the code.
3 CVE-2004-2036 Sql 2004-05-28 2017-07-11
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the art_print function in print.inc.php in unknown versions of jPortal before 2.3.1 allows remote attackers to inject arbitrary SQL commands via the id parameter.
4 CVE-2004-2032 Bypass 2004-05-24 2017-07-11
7.5
 None Remote Low Not required Partial Partial Partial
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
5 CVE-2004-2004 +Priv 2004-05-06 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
6 CVE-2004-2003 Exec Code Overflow 2004-05-06 2017-07-11
7.5
 None Remote Low Not required Partial Partial Partial
Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer name field.
7 CVE-2004-2000 Sql 2004-05-05 2018-10-19
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php.
8 CVE-2004-1993 Exec Code 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
9 CVE-2004-0386 Exec Code Overflow 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
10 CVE-2004-0383 2004-05-04 2017-07-11
7.2
 None Local Low Not required Complete Complete Complete
Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unknown impact, related to "the handling of HTML-formatted email."
11 CVE-2004-0382 2004-05-04 2017-07-11
7.2
 None Local Low Not required Complete Complete Complete
Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.
12 CVE-2004-0380 Exec Code Bypass 2004-05-04 2018-10-12
10.0
 None Remote Low Not required Complete Complete Complete
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
13 CVE-2004-0379 XSS 2004-05-04 2017-07-11
6.8
 None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft SharePoint Portal Server 2001 allow remote attackers to process arbitrary web content and steal cookies via certain server scripts.
14 CVE-2004-0377 Exec Code Overflow 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
15 CVE-2004-0374 2004-05-04 2017-07-11
6.4
 None Remote Low Not required Partial Partial None
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "__SQLUSER__" string.
16 CVE-2004-0368 119 Exec Code Overflow 2004-05-04 2017-10-11
10.0
 None Remote Low Not required Complete Complete Complete
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
17 CVE-2004-0366 Sql 2004-05-04 2017-07-11
7.5
 None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements.
18 CVE-2004-0220 119 DoS Overflow 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
19 CVE-2003-0782 DoS Exec Code Overflow 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
20 CVE-2003-0781 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
21 CVE-2003-0648 Exec Code Overflow 2004-05-04 2017-07-11
10.0
 None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
Total number of vulnerabilities : 21   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.