CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2004 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2004-0010 Overflow +Priv 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
52 CVE-2004-0009 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
53 CVE-2004-0008 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
54 CVE-2004-0007 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
55 CVE-2004-0006 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
56 CVE-2004-0005 DoS Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
57 CVE-2004-0002 DoS 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.
58 CVE-2003-1199 XSS 2004-03-11 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
59 CVE-2003-1018 +Priv 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 allows local users with rintq group privileges to gain privileges via unknown attack vectors.
60 CVE-2003-1011 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keyboard to gain unauthorized access by holding down the CTRL and C keys when the system is booting, which crashes the init process and leaves the user in a root shell.
61 CVE-2003-1009 +Priv 2004-03-29 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 and Apple Mac OS X Server 10.2 through 10.3.2 accepts authentication server information from unknown LDAP or NetInfo sources as provided by a malicious DHCP server, which allows remote attackers to gain privileges.
62 CVE-2003-1006 Exec Code Overflow 2004-03-29 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 and Apple Mac OS X Server 10.0 through 10.3.2 may allow local users to execute arbitrary code via a long command line parameter.
63 CVE-2003-0993 Bypass 2004-03-29 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
64 CVE-2003-0987 2004-03-03 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
65 CVE-2003-0825 20 DoS Exec Code 2004-03-03 2019-04-30
9.3
None Remote Medium Not required Complete Complete Complete
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
66 CVE-2003-0818 Exec Code Overflow 2004-03-03 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
67 CVE-2003-0796 2004-03-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled.
68 CVE-2003-0601 2004-03-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows remote attackers to gain unauthorized access via the new account before it is saved.
69 CVE-2003-0444 Exec Code Overflow 2004-03-29 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths.
70 CVE-2003-0441 Overflow +Priv 2004-03-03 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges.
71 CVE-2003-0170 +Priv 2004-03-29 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors.
Total number of vulnerabilities : 71   Page : 1 2 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.