CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
601 CVE-2004-0775 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests.
602 CVE-2004-0774 DoS 2004-11-03 2017-07-11
7.8
None Remote Low Not required None None Complete
RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
603 CVE-2004-0772 119 Exec Code Overflow 2004-10-20 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
604 CVE-2004-0771 Exec Code Overflow 2004-11-23 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
605 CVE-2004-0769 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.
606 CVE-2004-0768 Exec Code Overflow 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
607 CVE-2004-0765 2004-08-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
608 CVE-2004-0764 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
609 CVE-2004-0760 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
610 CVE-2004-0759 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
611 CVE-2004-0757 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
612 CVE-2004-0754 DoS Exec Code Overflow 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
613 CVE-2004-0750 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
614 CVE-2004-0746 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
615 CVE-2004-0745 Exec Code 2004-09-28 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.
616 CVE-2004-0742 2004-07-27 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.
617 CVE-2004-0739 DoS Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename.
618 CVE-2004-0738 Sql 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
619 CVE-2004-0737 XSS 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
620 CVE-2004-0735 Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.
621 CVE-2004-0734 Exec Code 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
622 CVE-2004-0733 DoS Exec Code 2004-07-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
623 CVE-2004-0732 Sql 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
624 CVE-2004-0731 XSS 2004-07-27 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
625 CVE-2004-0730 XSS 2004-07-27 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
626 CVE-2004-0727 Exec Code Bypass 2004-07-27 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
627 CVE-2004-0726 2004-07-27 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
628 CVE-2004-0725 XSS 2004-07-27 2020-12-01
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
629 CVE-2004-0723 Bypass 2004-07-27 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."
630 CVE-2004-0722 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.
631 CVE-2004-0721 2004-07-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
632 CVE-2004-0720 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
633 CVE-2004-0719 2004-07-27 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
634 CVE-2004-0718 2004-07-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
635 CVE-2004-0717 2004-07-27 2022-02-28
7.5
None Remote Low Not required Partial Partial Partial
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
636 CVE-2004-0716 Exec Code Overflow 2004-08-06 2008-10-24
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
637 CVE-2004-0713 2004-07-27 2017-07-11
6.4
None Remote Low Not required None Partial Partial
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
638 CVE-2004-0711 Bypass 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
639 CVE-2004-0709 Bypass 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
640 CVE-2004-0708 +Priv 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
641 CVE-2004-0707 Sql 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
642 CVE-2004-0705 XSS 2004-07-27 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.
643 CVE-2004-0703 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
644 CVE-2004-0700 1 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
645 CVE-2004-0699 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
646 CVE-2004-0695 Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
647 CVE-2004-0691 DoS Exec Code Overflow 2004-09-28 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
648 CVE-2004-0688 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
649 CVE-2004-0687 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
650 CVE-2004-0682 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.
Total number of vulnerabilities : 1077   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 (This Page)14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.