CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
551 CVE-2004-2212 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter.
552 CVE-2004-2211 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) forum_id, (2) method, or (3) forum_title parameters to post.asp, (4) the forum_title parameter to forum.asp, or (5) the id parameter to post.asp.
553 CVE-2004-2210 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Content Management System (CMS) allow remote attackers to steal cookie-based authentication information and possibly perform other exploits via the (1) n, (2) b, (3) e, or (4) a parameters to default.asp, (5) the Referer header in an HTTP request to login.asp, or (6) the email parameter to subscribe/default.asp.
554 CVE-2004-2209 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
555 CVE-2004-2208 Http R.Spl. 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to conduct HTTP response splitting attacks via unknown vectors.
556 CVE-2004-2207 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
557 CVE-2004-2206 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
558 CVE-2004-2205 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors.
559 CVE-2004-2204 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT.
560 CVE-2004-2203 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories.
561 CVE-2004-2202 Exec Code Sql Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
562 CVE-2004-2201 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form.
563 CVE-2004-2200 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text.
564 CVE-2004-2199 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 allows remote attackers to inject arbitrary web script or HTML via the message text.
565 CVE-2004-2198 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attackers to change the passwords for arbitrary users by modifying the MM_recordId parameter on the "My Account" page.
566 CVE-2004-2197 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs.
567 CVE-2004-2196 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
568 CVE-2004-2195 Exec Code File Inclusion 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite 1.1 allows remote attackers to execute arbitrary PHP code via the inc parameter.
569 CVE-2004-2194 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
MailEnable Professional Edition before 1.53 and Enterprise Edition before 1.02 allows remote attackers to cause a denial of service (crash) via malformed (1) SMTP or (2) IMAP commands.
570 CVE-2004-2193 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the (1) tms[0] or (2) url parameters.
571 CVE-2004-2192 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter.
572 CVE-2004-2191 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) msg[0] or (2) siteurl parameters.
573 CVE-2004-2190 Dir. Trav. 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
574 CVE-2004-2189 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors.
575 CVE-2004-2188 XSS 2004-12-31 2008-09-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Manager allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
576 CVE-2004-2187 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "filename validation," has unknown impact and attack vectors.
577 CVE-2004-2186 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance.
578 CVE-2004-2185 Exec Code XSS 2004-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 allow remote attackers to execute arbitrary scripts and/or SQL queries via (1) the UnicodeConverter extension, (2) raw page views, (3) SpecialIpblocklist, (4) SpecialEmailuser, (5) SpecialMaintenance, and (6) ImagePage.
579 CVE-2004-2184 Dir. Trav. 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in Digicraft Yak! server 2.0 through 2.1.2 allows remote attackers to read or write arbitrary files via "../" or "..\" sequences in commands such as (1) dir or (2) put.
580 CVE-2004-2183 Exec Code 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string.
581 CVE-2004-2182 287 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server.
582 CVE-2004-2181 Exec Code Sql 2004-12-31 2009-06-25
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65.
583 CVE-2004-2180 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter to view_user.php, (4) highlight parameter to view_topic.php, (5) show parameter to index.php, (6) q parameter to search.php, (7) Referer header to admin.php, or the (8) user_email parameter to login.php.
584 CVE-2004-2179 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values.
585 CVE-2004-2178 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
586 CVE-2004-2177 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.
587 CVE-2004-2176 Bypass 2004-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
588 CVE-2004-2175 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php.
589 CVE-2004-2174 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter.
590 CVE-2004-2173 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter.
591 CVE-2004-2172 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.
592 CVE-2004-2171 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page.
593 CVE-2004-2170 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter.
594 CVE-2004-2169 DoS 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request.
595 CVE-2004-2168 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3).
596 CVE-2004-2167 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.
597 CVE-2004-2166 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to TCP port 25.
598 CVE-2004-2165 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname.
599 CVE-2004-2164 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption).
600 CVE-2004-2163 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
Total number of vulnerabilities : 1223   Page : 1 2 3 4 5 6 7 8 9 10 11 12 (This Page)13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.