CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2004-1732 Exec Code Sql 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
952 CVE-2004-1731 2004-08-20 2017-07-11
5.0
None Remote Low Not required None None Partial
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
953 CVE-2004-1730 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php, or (4) hide_status parameter to view_all_set.php.
954 CVE-2004-1729 XSS 2004-08-20 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
955 CVE-2004-1728 Exec Code Overflow 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.
956 CVE-2004-1727 DoS 2004-08-20 2017-07-11
5.0
None Remote Low Not required None None Partial
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
957 CVE-2004-1726 Exec Code Overflow 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
958 CVE-2004-1725 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file.
959 CVE-2004-1724 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
960 CVE-2004-1723 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
961 CVE-2004-1722 Sql 2004-08-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
962 CVE-2004-1721 2004-08-17 2017-07-11
5.0
None Remote Low Not required Partial None None
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
963 CVE-2004-1720 +Info 2004-08-17 2017-07-11
5.0
None Remote Low Not required Partial None None
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
964 CVE-2004-1719 XSS 2004-08-17 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
965 CVE-2004-1717 Exec Code Overflow 2004-08-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
966 CVE-2004-1716 XSS 2004-08-16 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
967 CVE-2004-1715 Dir. Trav. 2004-08-11 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
968 CVE-2004-1712 XSS 2004-08-06 2017-07-19
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.
969 CVE-2004-1711 XSS 2004-08-06 2020-12-01
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
970 CVE-2004-1710 Exec Code 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
971 CVE-2004-1708 DoS 2004-08-02 2017-07-11
5.0
None Remote Low Not required None None Partial
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.
972 CVE-2004-1707 +Priv 2004-07-30 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
973 CVE-2004-1706 DoS Exec Code 2004-08-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
974 CVE-2004-1705 DoS Overflow 2004-07-30 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
975 CVE-2004-1704 +Priv 2004-07-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
976 CVE-2004-1703 Exec Code 2004-07-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
977 CVE-2004-1702 DoS 2004-08-09 2017-07-11
5.0
None Remote Low Not required None None Partial
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
978 CVE-2004-1701 Exec Code Overflow 2004-08-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
979 CVE-2004-1700 XSS 2004-10-14 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnacle ShowCenter 1.51 build 121 allows remote attackers to inject arbitrary HTML or web script via the Skin parameter, which is echoed in an error message.
980 CVE-2004-1699 DoS 2004-09-21 2017-07-11
5.0
None Remote Low Not required None None Partial
SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers to cause a denial of service (web interface errors) via an invalid Skin parameter.
981 CVE-2004-1698 DoS 2004-09-24 2017-07-11
5.0
None Remote Low Not required None None Partial
The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earlier allows remote attackers to cause a denial of service (application crash) via invalid characters in a message, which causes several alert dialogs to be displayed and leads to a crash.
982 CVE-2004-1697 2004-09-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
983 CVE-2004-1696 DoS 2004-09-21 2017-07-11
5.0
None Remote Low Not required None None Partial
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to cause a denial of service (application crash) via a sequence of carriage returns sent to TCP port 66.
984 CVE-2004-1695 Bypass 2004-09-20 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
985 CVE-2004-1694 2004-09-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
986 CVE-2004-1693 Exec Code File Inclusion 2004-09-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
987 CVE-2004-1692 XSS 2004-09-18 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
988 CVE-2004-1691 DoS 2004-09-18 2017-07-11
5.0
None Remote Low Not required None None Partial
The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a denial of service (CPU consumption and crash) via a large amount of data.
989 CVE-2004-1690 XSS 2004-09-18 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3.0.0.4 allows remote attackers to execute arbitrary web script or HTML via the URL.
990 CVE-2004-1688 DoS 2004-09-16 2017-07-11
5.0
None Remote Low Not required None None Partial
Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a long login name sent to port 3103.
991 CVE-2004-1687 Http R.Spl. 2004-09-16 2017-07-11
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the location parameter.
992 CVE-2004-1686 Bypass 2004-09-15 2017-07-11
5.0
None Remote Low Not required None Partial None
Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to bypass the Information Bar prompt for ActiveX and Javascript via an XHTML page that contains an Internet Explorer formatted comment between the DOCTYPE tag and the HTML tag, as demonstrated using the DesignScience MathPlayer ActiveX plugin.
993 CVE-2004-1685 Bypass 2004-09-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.
994 CVE-2004-1684 +Info 2004-09-13 2017-07-11
5.0
None Remote Low Not required Partial None None
Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ARP request, which allows remote attackers to obtain sensitive information by sniffing the network.
995 CVE-2004-1682 +Priv 2004-08-15 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
996 CVE-2004-1681 Overflow +Priv 2004-08-26 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
997 CVE-2004-1680 DoS Overflow 2004-09-13 2017-07-11
5.0
None Remote Low Not required None None Partial
application.cgi in the Pingtel Xpressa handset running firmware 2.1.11.24 allows remote authenticated users to cause a denial of service (VxWorks OS crash) via a long HTTP GET request, possibly triggering a buffer overflow.
998 CVE-2004-1679 Dir. Trav. 2004-08-04 2017-07-19
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
999 CVE-2004-1678 Dir. Trav. 2004-09-13 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remote attackers to read portions of arbitrary files and possibly execute arbitrary Perl modules via ".." sequences terminated by a %00 (null) character in the lang parameter, which can leak portions of the requested files if a compilation error message occurs.
1000 CVE-2004-1677 2004-09-12 2017-07-11
5.0
None Remote Low Not required Partial None None
pdesk.cgi in PerlDesk allows remote attackers to gain sensitive information via an invalid lang parameter, which includes pathname information in an error message.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.