CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2004-1854 Exec Code Overflow 2004-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet.
52 CVE-2004-1864 Exec Code Sql 2004-03-26 2021-04-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php.
53 CVE-2004-1868 Exec Code Overflow 2004-03-25 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allows remote attackers to execute arbitrary code via a long STREAMQUOTE tag.
54 CVE-2004-1870 Sql 2004-03-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comments.php, (3) credit parameter to comments.php, (4) cat parameter to index.php, (5) ppuser parameter to showgallery.php, (6) cat parameter to showgallery.php, (7) cat parameter to uploadphoto.php, (8) albumid parameter to useralbums.php, or (9) albumid parameter to useralbums.php.
55 CVE-2004-1884 2004-03-23 2019-08-13
7.5
None Remote Low Not required Partial Partial Partial
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access.
56 CVE-2004-2037 DoS Exec Code Overflow 2004-03-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
57 CVE-2003-0441 Overflow +Priv 2004-03-03 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges.
58 CVE-2003-1006 Exec Code Overflow 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
59 CVE-2003-1011 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
60 CVE-2003-1018 +Priv 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
61 CVE-2004-0010 Overflow +Priv 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
62 CVE-2004-0077 +Priv 2004-03-03 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
63 CVE-2004-0106 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
64 CVE-2004-0160 Exec Code 2004-03-29 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.
65 CVE-2004-0172 Exec Code Overflow 2004-03-15 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
66 CVE-2004-0186 +Priv 2004-03-15 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
67 CVE-2004-0188 Exec Code Overflow 2004-03-15 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
68 CVE-2003-1199 XSS 2004-03-11 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
69 CVE-2004-0191 XSS 2004-03-15 2017-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
70 CVE-2004-0192 XSS 2004-03-15 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.
71 CVE-2004-1818 XSS 2004-03-15 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.
72 CVE-2002-1575 2004-03-03 2017-07-11
5.0
None Remote Low Not required None Partial None
cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify the CC, BCC, and other header fields in the generated email message.
73 CVE-2003-0797 DoS 2004-03-29 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors.
74 CVE-2003-0991 DoS 2004-03-03 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
75 CVE-2003-1007 2004-03-29 2017-07-11
5.0
None Remote Low Not required None None Partial
AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not properly handle certain malformed requests, with unknown impact.
76 CVE-2004-0080 2004-03-03 2017-10-10
5.0
None Remote Low Not required Partial None None
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
77 CVE-2004-0085 2004-03-03 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.
78 CVE-2004-0086 2004-03-03 2008-09-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.
79 CVE-2004-0096 DoS 2004-03-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
80 CVE-2004-0113 DoS 2004-03-29 2021-06-06
5.0
None Remote Low Not required None None Partial
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
81 CVE-2004-0129 Dir. Trav. 2004-03-03 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
82 CVE-2004-0130 +Info 2004-03-03 2017-07-11
5.0
None Remote Low Not required Partial None None
login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.
83 CVE-2004-0131 DoS 2004-03-03 2017-10-10
5.0
None Remote Low Not required None None Partial
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
84 CVE-2004-0143 DoS Overflow 2004-03-03 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.
85 CVE-2004-0164 2004-03-03 2017-10-11
5.0
None Remote Low Not required None Partial None
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
86 CVE-2004-0165 +Priv 2004-03-15 2017-10-10
5.0
None Remote Low Not required Partial None None
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
87 CVE-2004-0166 2004-03-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
88 CVE-2004-0169 DoS 2004-03-15 2017-10-10
5.0
None Remote Low Not required None None Partial
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
89 CVE-2004-0171 DoS 2004-03-15 2017-10-10
5.0
None Remote Low Not required None None Partial
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
90 CVE-2004-1358 2004-03-12 2017-10-11
5.0
None Remote Low Not required None Partial None
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
91 CVE-2004-1815 DoS 2004-03-15 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
92 CVE-2004-1816 DoS 2004-03-15 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).
93 CVE-2004-1819 +Info 2004-03-15 2017-07-11
5.0
None Remote Low Not required Partial None None
4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to obtain sensitive information via a direct request to displaycategory.php, which reveals the path in an error message.
94 CVE-2004-1830 +Info 2004-03-18 2017-07-11
5.0
None Remote Low Not required Partial None None
error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.
95 CVE-2004-1838 Dir. Trav. 2004-03-22 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL.
96 CVE-2004-1839 +Info 2004-03-22 2016-10-18
5.0
None Remote Low Not required Partial None None
MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message.
97 CVE-2004-1850 DoS 2004-03-23 2017-07-11
5.0
None Remote Low Not required None None Partial
The Rage 1.01 and earlier allows remote attackers to cause a denial of service (infinite loop) via a TCP packet with the port and IP address set to zero.
98 CVE-2004-1852 2004-03-23 2017-07-11
5.0
None Remote Low Not required Partial None None
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information.
99 CVE-2004-1853 DoS Overflow 2004-03-19 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable.
100 CVE-2004-1855 2004-03-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack.
Total number of vulnerabilities : 141   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.