CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2004 (CVSS score >= 2)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2004-1359 Exec Code Overflow 2004-03-04 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 allow local users to execute arbitrary code as the uucp user.
52 CVE-2004-1358 2004-03-12 2017-10-11
5.0
None Remote Low Not required None Partial None
The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable the auditing functionality of the Basic Security Module (BSM), which allows attackers to avoid having their activity logged.
53 CVE-2004-0194 Exec Code Overflow 2004-03-29 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
54 CVE-2004-0193 Exec Code Overflow 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
55 CVE-2004-0192 XSS 2004-03-15 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page.
56 CVE-2004-0191 XSS 2004-03-15 2017-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
57 CVE-2004-0190 +Priv 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
58 CVE-2004-0189 Bypass 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
59 CVE-2004-0188 Exec Code Overflow 2004-03-15 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
60 CVE-2004-0186 +Priv 2004-03-15 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
61 CVE-2004-0185 DoS Exec Code Overflow 2004-03-15 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
62 CVE-2004-0172 Exec Code Overflow 2004-03-15 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed.
63 CVE-2004-0171 DoS 2004-03-15 2017-10-10
5.0
None Remote Low Not required None None Partial
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
64 CVE-2004-0169 DoS 2004-03-15 2017-10-10
5.0
None Remote Low Not required None None Partial
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
65 CVE-2004-0168 2004-03-15 2018-09-26
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging."
66 CVE-2004-0167 2004-03-15 2018-09-26
7.5
None Remote Low Not required Partial Partial Partial
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
67 CVE-2004-0166 2004-03-15 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar."
68 CVE-2004-0165 +Priv 2004-03-15 2017-10-10
5.0
None Remote Low Not required Partial None None
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
69 CVE-2004-0164 2004-03-03 2017-10-11
5.0
None Remote Low Not required None Partial None
KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c.
70 CVE-2004-0160 Exec Code 2004-03-29 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.
71 CVE-2004-0159 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
72 CVE-2004-0158 Overflow +Priv 2004-03-29 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c.
73 CVE-2004-0143 DoS Overflow 2004-03-03 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows.
74 CVE-2004-0132 Exec Code File Inclusion 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php.
75 CVE-2004-0131 DoS 2004-03-03 2017-10-10
5.0
None Remote Low Not required None None Partial
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
76 CVE-2004-0130 +Info 2004-03-03 2017-07-11
5.0
None Remote Low Not required Partial None None
login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.
77 CVE-2004-0129 Dir. Trav. 2004-03-03 2017-10-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
78 CVE-2004-0128 Exec Code File Inclusion 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
79 CVE-2004-0127 Dir. Trav. 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter.
80 CVE-2004-0126 +Priv 2004-03-29 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
81 CVE-2004-0115 Exec Code 2004-03-03 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
82 CVE-2004-0114 +Priv 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
83 CVE-2004-0113 DoS 2004-03-29 2021-06-06
5.0
None Remote Low Not required None None Partial
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
84 CVE-2004-0110 Exec Code Overflow 2004-03-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
85 CVE-2004-0106 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
86 CVE-2004-0105 Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
87 CVE-2004-0104 Exec Code 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
88 CVE-2004-0103 Overflow +Priv 2004-03-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow.
89 CVE-2004-0099 Bypass 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
90 CVE-2004-0097 DoS Exec Code 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
91 CVE-2004-0096 DoS 2004-03-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
92 CVE-2004-0094 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
93 CVE-2004-0093 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
94 CVE-2004-0092 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
95 CVE-2004-0089 Overflow +Priv 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
96 CVE-2004-0088 2004-03-03 2008-09-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
97 CVE-2004-0087 2004-03-03 2017-07-11
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
98 CVE-2004-0086 2004-03-03 2008-09-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.
99 CVE-2004-0085 2004-03-03 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.
100 CVE-2004-0084 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
Total number of vulnerabilities : 141   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.