CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In October 2004 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0373 Exec Code Overflow 2004-10-07 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
2 CVE-2005-0189 Exec Code Overflow 2004-10-06 2017-11-16
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.
3 CVE-2005-0188 Exec Code 2004-10-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.
4 CVE-2004-1674 2004-10-12 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to (1) delete arbitrary files via the originalfolder parameter or (2) move arbitrary files via the messageid parameter.
5 CVE-2004-1673 2004-10-12 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allow remote attackers to create text files with arbitrary content via the accountid parameter.
6 CVE-2004-1672 2004-10-12 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other versions allows remote attackers to view other users' attachments by specifying the username and message ID in an HTTP request.
7 CVE-2004-1638 Exec Code Overflow 2004-10-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
8 CVE-2004-1637 +Info 2004-10-26 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Hawking Technologies HAR11A modem/router allows remote attackers to obtain sensitive information by connecting to port 254, which displays a management interface and information on established connections.
9 CVE-2004-1636 Exec Code Overflow 2004-10-26 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
10 CVE-2004-1629 Sql 2004-10-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier allow remote attackers to execute arbitrary SQL statements.
11 CVE-2004-1628 134 Exec Code 2004-10-23 2020-12-08
9.0
None Remote Low ??? Complete Complete Complete
Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.
12 CVE-2004-1627 Exec Code Overflow 2004-10-22 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long APPE command.
13 CVE-2004-1624 +Priv 2004-10-21 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
14 CVE-2004-1622 Sql 2004-10-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
15 CVE-2004-1619 Exec Code Overflow 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname.
16 CVE-2004-1610 Exec Code 2004-10-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
17 CVE-2004-1608 Sql 2004-10-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
18 CVE-2004-1605 Bypass 2004-10-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
19 CVE-2004-1601 Dir. Trav. 2004-10-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
20 CVE-2004-1596 2004-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
21 CVE-2004-1595 Exec Code Overflow 2004-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
22 CVE-2004-1353 Exec Code 2004-10-19 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
23 CVE-2004-1350 Exec Code Overflow 2004-10-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
24 CVE-2004-0798 Exec Code Overflow 2004-10-20 2017-10-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
25 CVE-2004-0795 Exec Code +Priv 2004-10-20 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
26 CVE-2004-0793 264 Exec Code 2004-10-20 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop root privileges when executed with the -a flag, which allows attackers to execute arbitrary commands via a calendar event file.
27 CVE-2004-0785 DoS Exec Code Overflow 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder.
28 CVE-2004-0784 Exec Code 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.
29 CVE-2004-0783 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
30 CVE-2004-0782 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
31 CVE-2004-0777 134 Exec Code 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
32 CVE-2004-0775 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests.
33 CVE-2004-0772 119 Exec Code Overflow 2004-10-20 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
34 CVE-2004-0768 Exec Code Overflow 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
35 CVE-2004-0754 DoS Exec Code Overflow 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
36 CVE-2004-0750 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
37 CVE-2004-0746 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
38 CVE-2004-0688 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
39 CVE-2004-0687 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
40 CVE-2004-0162 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients.
41 CVE-2004-0161 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients.
42 CVE-2004-0053 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.
43 CVE-2004-0052 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.
44 CVE-2004-0051 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients.
45 CVE-2003-1016 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use malformed quoting in MIME headers, parameters, and values, including (1) fields that should not be quoted, (2) duplicate quotes, or (3) missing leading or trailing quote characters, which may be interpreted differently by mail clients.
46 CVE-2003-1015 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use whitespace in an unusual fashion, which may be interpreted differently by mail clients.
47 CVE-2003-1014 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use multiple MIME fields with the same name, which may be interpreted differently by mail clients.
Total number of vulnerabilities : 47   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.