CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2004-2714 134 2004-12-31 2017-07-29
6.0
None Remote Medium ??? Partial Partial Partial
Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability.
52 CVE-2004-2713 264 DoS 2004-12-31 2017-07-29
1.9
None Local Medium Not required None None Partial
** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file.
53 CVE-2004-2712 119 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data."
54 CVE-2004-2711 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval."
55 CVE-2004-2710 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name.
56 CVE-2004-2709 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.
57 CVE-2004-2708 255 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file.
58 CVE-2004-2707 Overflow 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.
59 CVE-2004-2706 20 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
60 CVE-2004-2705 2004-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN) before 1.6.4 allows remote attackers to obtain attributes of arbitrary accounts, including the password hash, via certain statsreq packets.
61 CVE-2004-2704 79 XSS 2004-12-31 2021-07-23
4.3
None Remote Medium Not required None Partial None
Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) does not send the "attachment" parameter in the Content-Disposition field for attachments, which causes the attachment to be rendered inline by Internet Explorer when the victim clicks the download link, which facilitates cross-site scripting (XSS) and possibly other attacks.
62 CVE-2004-2703 310 Bypass 2004-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
63 CVE-2004-2702 79 XSS 2004-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 and 7.1 Reloaded allows remote attackers to inject arbitrary web script or HTML via the login_name parameter. NOTE: this might be the same vector as CVE-2006-6451.
64 CVE-2004-2701 79 XSS 2004-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
65 CVE-2004-2700 264 2004-12-31 2008-09-05
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.
66 CVE-2004-2699 264 2004-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to delete arbitrary product images via a modified ProductID parameter.
67 CVE-2004-2698 362 DoS 2004-12-31 2017-07-29
6.9
None Local Medium Not required Complete Complete Complete
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.
68 CVE-2004-2697 362 +Priv 2004-12-31 2017-07-29
6.9
None Local Medium Not required Complete Complete Complete
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
69 CVE-2004-2696 255 2004-12-31 2017-07-29
5.5
None Remote Low ??? Partial Partial None
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using Remote Method Invocation (RMI) over Internet Inter-ORB Protocol (IIOP), does not properly handle when multiple logins for different users coming from the same client, which could cause an "unexpected user identity" to be used in an RMI call.
70 CVE-2004-2695 89 Exec Code Sql 2004-12-31 2020-02-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
71 CVE-2004-2694 264 Bypass 2004-12-31 2016-10-18
5.8
None Remote Medium Not required Partial Partial None
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
72 CVE-2004-2693 264 +Priv 2004-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
73 CVE-2004-2692 264 Exec Code Bypass 2004-12-31 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
74 CVE-2004-2691 DoS 2004-12-31 2017-07-29
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
75 CVE-2004-2690 Exec Code 2004-12-31 2017-07-29
8.5
None Remote Medium ??? Complete Complete Complete
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
76 CVE-2004-2689 264 2004-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
77 CVE-2004-2688 79 XSS 2004-12-31 2017-07-29
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. NOTE: this issue might overlap vector 3 in CVE-2006-3358.
78 CVE-2004-2687 16 Exec Code 2004-12-31 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
79 CVE-2004-2686 22 Dir. Trav. 2004-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
80 CVE-2004-2685 119 Exec Code Overflow 2004-12-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.
81 CVE-2004-2684 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the %template package in InterSystems Cache' 5.0 allows attackers to access certain files on a server, including (1) cache.key and (2) cache.dat, related to .csp files under (a) Dev\studio\templates and (b) Devuser\studio\templates.
82 CVE-2004-2683 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Unspecified vulnerability in the %XML.Utils.SchemaServer class in InterSystems Cache' 5.0 allows attackers to access arbitrary files on a server.
83 CVE-2004-2682 XSS 2004-12-31 2008-09-05
5.8
None Remote Medium Not required Partial Partial None
PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which allows context-dependent attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal), a related issue to CVE-2003-0147.
84 CVE-2004-2681 XSS 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.
85 CVE-2004-2680 2004-12-31 2018-10-19
5.0
None Remote Low Not required Partial None None
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
86 CVE-2004-2679 +Info 2004-12-31 2017-07-29
7.8
None Remote Low Not required Complete None None
Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.
87 CVE-2004-2678 +Priv 2004-12-31 2017-07-29
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.
88 CVE-2004-2677 Exec Code 2004-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
89 CVE-2004-2676 +Priv 2004-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
90 CVE-2004-2675 DoS 2004-12-31 2017-07-29
6.8
None Remote Low ??? None None Complete
ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.
91 CVE-2004-2674 Dir. Trav. 2004-12-31 2017-07-29
6.8
None Remote Low ??? Complete None None
Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.
92 CVE-2004-2673 DoS Exec Code Overflow 2004-12-31 2017-07-29
9.0
None Remote Low ??? Complete Complete Complete
Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.
93 CVE-2004-2672 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
94 CVE-2004-2671 +Info 2004-12-31 2017-07-29
5.0
None Remote Low Not required Partial None None
mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters.
95 CVE-2004-2670 XSS 2004-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.
96 CVE-2004-2669 Exec Code Sql 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php.
97 CVE-2004-2668 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
98 CVE-2004-2667 XSS 2004-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
99 CVE-2004-2666 +Info 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
100 CVE-2004-2665 DoS 2004-12-31 2017-10-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
Total number of vulnerabilities : 1223   Page : 1 2 (This Page)3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.