CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2004-0046 XSS 2004-02-03 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.
52 CVE-2004-0045 Exec Code Overflow 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
53 CVE-2004-0044 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
54 CVE-2004-0043 DoS Exec Code Overflow 2004-02-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
55 CVE-2004-0042 2004-02-03 2008-09-10
5.0
None Remote Low Not required Partial None None
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.
56 CVE-2004-0041 264 Bypass 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
57 CVE-2004-0028 Exec Code 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
58 CVE-2004-0017 Sql 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
59 CVE-2004-0016 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
60 CVE-2004-0015 +Priv 2004-02-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.
61 CVE-2004-0013 DoS 2004-02-03 2017-10-10
5.0
None Remote Low Not required None None Partial
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).
62 CVE-2004-0004 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
63 CVE-2004-0001 +Priv 2004-02-17 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
64 CVE-2003-1214 Bypass 2004-02-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions.
65 CVE-2003-1207 DoS 2004-02-01 2017-07-11
5.0
None Remote Low Not required None None Partial
Crob FTP Server 3.5.1 allows remote authenticated users to cause a denial of service (crash) via a dir command with a large number of "." characters followed by a "/*" string.
66 CVE-2003-1032 DoS Overflow 2004-02-17 2016-12-20
5.0
None Remote Low Not required None None Partial
Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to cause a denial of service (crash) via a malformed URL to the web server, possibly involving a buffer overflow.
67 CVE-2003-1031 XSS 2004-02-17 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography", or (3) "Occupation."
68 CVE-2003-1030 Exec Code Overflow 2004-02-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129.
69 CVE-2003-1029 DoS 2004-02-17 2018-10-19
5.0
None Remote Low Not required None None Partial
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which causes l2tp_avp_print to use a bad length value when calling print_octets.
70 CVE-2003-0994 +Priv 2004-02-03 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
71 CVE-2003-0992 XSS 2004-02-17 2017-10-11
4.3
None Remote Medium Not required Partial None None
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
72 CVE-2003-0989 DoS 2004-02-17 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
73 CVE-2003-0988 Exec Code Overflow 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
74 CVE-2003-0966 Exec Code Overflow 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
75 CVE-2003-0965 XSS 2004-02-17 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
76 CVE-2003-0949 Exec Code 2004-02-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
77 CVE-2003-0924 2004-02-17 2017-10-10
3.7
None Local High Not required Partial Partial Partial
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
78 CVE-2003-0903 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
79 CVE-2003-0902 Exec Code 2004-02-03 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands.
80 CVE-2003-0823 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
81 CVE-2003-0819 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
82 CVE-2003-0817 Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object.
83 CVE-2003-0816 Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
84 CVE-2003-0815 Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef, LinkillerJPU, and Linkiller, or (2) modifying the createRange method and using the FIND dialog to select text, as demonstrated using Findeath, aka the "Function Pointer Override Cross Domain" vulnerability.
85 CVE-2003-0814 Exec Code Bypass 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh the page, aka BodyRefreshLoadsJPU or the "ExecCommand Cross Domain" vulnerability.
86 CVE-2003-0700 2004-02-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.
87 CVE-2003-0368 20 DoS 2004-02-03 2017-07-11
5.0
None Remote Low Not required None None Partial
Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option.
88 CVE-2003-0175 DoS 2004-02-03 2017-07-11
2.1
None Local Low Not required None None Partial
SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl.
89 CVE-2003-0119 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct unauthorized activities.
90 CVE-2002-0712 2004-02-03 2017-07-11
2.1
None Local Low Not required None None Partial
Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations that require multiple authorizations.
91 CVE-2002-0034 2004-02-03 2019-04-30
4.6
None Local Low Not required Partial Partial Partial
The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the conversion to produce a file system with less secure permissions than expected.
Total number of vulnerabilities : 91   Page : 1 2 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.