CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2004-1785 Exec Code Sql 2004-01-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
902 CVE-2004-1784 Exec Code Overflow 2004-01-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.
903 CVE-2004-1783 Dir. Trav. 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
904 CVE-2004-1782 Exec Code 2004-12-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.
905 CVE-2004-1781 2004-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command.
906 CVE-2004-1780 2004-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Info Touch Surfnet kiosk allows local users to deposit extra time into Internet kiosk accounts via repeated authentication attempts.
907 CVE-2004-1779 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in board.php for ThWboard before beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the lastvisited parameter.
908 CVE-2004-1778 276 2004-12-22 2022-02-07
4.6
None Local Low Not required Partial Partial Partial
Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, creates the /usr/share/skype/lang directory with world-writable permissions, which allows local users to modify language files and possibly conduct social engineering or other attacks.
909 CVE-2004-1777 20 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114.
910 CVE-2004-1775 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
911 CVE-2004-1774 Exec Code Overflow 2004-08-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
912 CVE-2004-1773 Exec Code Overflow 2004-12-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
913 CVE-2004-1772 Exec Code Overflow 2004-12-31 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows local users to execute arbitrary code via a long -o command line argument.
914 CVE-2004-1771 Bypass 2004-11-30 2017-07-11
5.0
None Remote Low Not required Partial None None
Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass intended permissions and view private appointments of other users.
915 CVE-2004-1770 Exec Code 2004-03-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
916 CVE-2004-1769 Exec Code 2004-03-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
917 CVE-2004-1768 DoS 2004-12-17 2017-07-11
5.0
None Remote Low Not required None None Partial
The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized by the converters.
918 CVE-2004-1767 264 +Priv 2004-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
919 CVE-2004-1766 +Info 2004-01-20 2017-07-11
5.0
None Remote Low Not required Partial None None
The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing.
920 CVE-2004-1765 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
921 CVE-2004-1764 Overflow +Priv 2004-01-14 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
922 CVE-2004-1763 DoS Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.
923 CVE-2004-1762 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.
924 CVE-2004-1761 DoS 2004-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to cause a denial of service (segmentation fault) via a malformed color filter file.
925 CVE-2004-1760 287 +Priv 2004-01-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
926 CVE-2004-1759 399 DoS 2004-01-21 2017-07-11
5.0
None Remote Low Not required None None Partial
Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning.
927 CVE-2004-1758 +Priv 2004-04-13 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
928 CVE-2004-1757 +Priv 2004-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
929 CVE-2004-1756 2004-04-13 2017-07-11
5.0
None Remote Low Not required None Partial None
BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 SP4 and earlier, when using 2-way SSL with a custom trust manager, may accept a certificate chain even if the trust manager rejects it, which allows remote attackers to spoof other users or servers.
930 CVE-2004-1755 +Priv 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
931 CVE-2004-1754 2004-06-15 2008-09-05
5.0
None Remote Low Not required None Partial None
The DNS proxy (DNSd) for multiple Symantec Gateway Security products allows remote attackers to poison the DNS cache via a malicious DNS server query response that contains authoritative or additional records.
932 CVE-2004-1752 Exec Code Overflow 2004-08-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
933 CVE-2004-1751 DoS 2004-08-26 2017-07-11
5.0
None Remote Low Not required None None Partial
Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.
934 CVE-2004-1750 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
RealVNC 4.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of connections to port 5900.
935 CVE-2004-1749 DoS 2004-07-22 2017-07-11
5.0
None Remote Low Not required None None Partial
Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.
936 CVE-2004-1747 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 running firmware 1.2 Release 03 allows remote attackers to inject arbitrary web script or HTML via the DHCP HOSTNAME option.
937 CVE-2004-1746 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the (1) cat_select or (2) show parameters.
938 CVE-2004-1745 DoS Exec Code Overflow 2004-08-24 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
939 CVE-2004-1744 DoS 2004-08-24 2017-07-11
5.0
None Remote Low Not required None None Partial
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
940 CVE-2004-1743 2004-08-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
941 CVE-2004-1742 Dir. Trav. 2004-08-24 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
942 CVE-2004-1741 DoS 2004-08-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.
943 CVE-2004-1740 2004-08-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
944 CVE-2004-1739 DoS 2004-08-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
945 CVE-2004-1738 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter.
946 CVE-2004-1737 Exec Code Sql Bypass 2004-08-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
947 CVE-2004-1736 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error message.
948 CVE-2004-1735 XSS 2004-08-21 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
949 CVE-2004-1734 Exec Code File Inclusion 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
950 CVE-2004-1733 Dir. Trav. 2004-08-20 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.