CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2004 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2037 DoS Exec Code Overflow 2004-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
2 CVE-2004-1884 2004-03-23 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
3 CVE-2004-1875 79 XSS 2004-03-30 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter to erredit.html, (3) dns parameter to dnslook.html, (4) account parameter to ignorelist.html, (5) account parameter to showlog.html, (6) db parameter to repairdb.html, (7) login parameter to doaddftp.html (8) account parameter to editmsg.htm, or (9) ip parameter to del.html. NOTE: the dnslook.html vector was later reported to exist in cPanel 10.
4 CVE-2004-1870 Sql 2004-03-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
5 CVE-2004-1868 Exec Code Overflow 2004-03-25 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
6 CVE-2004-1864 Exec Code Sql 2004-03-26 2021-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
7 CVE-2004-1854 Exec Code Overflow 2004-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet.
8 CVE-2004-1851 +Info 2004-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data to create the encryption key, which makes it easier for remote attackers to obtain sensitive information via brute force guessing.
9 CVE-2004-1847 +Priv Bypass 2004-03-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
10 CVE-2004-1846 Exec Code Sql 2004-03-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow remote attackers to execute arbitrary SQL code via the (1) ID parameter to more.asp, (2) ID parameter to category_news.asp, or (3) filter parameter to news_sort.asp.
11 CVE-2004-1843 Sql 2004-03-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Member Management System 2.1 allows remote attackers to execute arbitrary SQL via the ID parameter to (1) resend.asp or (2) news_view.asp.
12 CVE-2004-1833 +Priv 2004-03-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
13 CVE-2004-1826 Exec Code Sql 2004-03-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
14 CVE-2004-1821 +Priv Sql 2004-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.
15 CVE-2004-1820 Exec Code File Inclusion 2004-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
16 CVE-2004-1770 Exec Code 2004-03-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
17 CVE-2004-1769 Exec Code 2004-03-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
18 CVE-2004-0194 Exec Code Overflow 2004-03-29 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
19 CVE-2004-0193 Exec Code Overflow 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
20 CVE-2004-0190 +Priv 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
21 CVE-2004-0189 Bypass 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
22 CVE-2004-0188 Exec Code Overflow 2004-03-15 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
23 CVE-2004-0186 +Priv 2004-03-15 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
24 CVE-2004-0185 DoS Exec Code Overflow 2004-03-15 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
25 CVE-2004-0172 Exec Code Overflow 2004-03-15 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
26 CVE-2004-0168 2004-03-15 2018-09-26
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
27 CVE-2004-0167 2004-03-15 2018-09-26
7.5
None Remote Low Not required Partial Partial Partial
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
28 CVE-2004-0160 Exec Code 2004-03-29 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.
29 CVE-2004-0159 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
30 CVE-2004-0132 Exec Code File Inclusion 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
31 CVE-2004-0128 Exec Code File Inclusion 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
32 CVE-2004-0127 Dir. Trav. 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
33 CVE-2004-0110 Exec Code Overflow 2004-03-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
34 CVE-2004-0106 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
35 CVE-2004-0105 Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
36 CVE-2004-0104 Exec Code 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
37 CVE-2004-0097 DoS Exec Code 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
38 CVE-2004-0094 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
39 CVE-2004-0093 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
40 CVE-2004-0092 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
41 CVE-2004-0084 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
42 CVE-2004-0083 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
43 CVE-2004-0082 2004-03-03 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
44 CVE-2004-0078 DoS Exec Code Overflow 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
45 CVE-2004-0077 +Priv 2004-03-03 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
46 CVE-2004-0040 Exec Code Overflow 2004-03-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
47 CVE-2004-0039 Exec Code 2004-03-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
48 CVE-2004-0010 Overflow +Priv 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
49 CVE-2004-0009 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
50 CVE-2004-0008 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
Total number of vulnerabilities : 67   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.