CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
951 CVE-2004-0062 Overflow 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
952 CVE-2004-0061 Bypass 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
953 CVE-2004-0056 DoS Exec Code 2004-02-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
954 CVE-2004-0054 DoS Exec Code 2004-02-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
955 CVE-2004-0053 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.
956 CVE-2004-0052 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.
957 CVE-2004-0051 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients.
958 CVE-2004-0049 DoS 2004-02-17 2008-09-05
6.8
None Remote Low ??? None None Complete
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
959 CVE-2004-0045 Exec Code Overflow 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
960 CVE-2004-0044 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
961 CVE-2004-0043 DoS Exec Code Overflow 2004-02-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
962 CVE-2004-0041 264 Bypass 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
963 CVE-2004-0040 Exec Code Overflow 2004-03-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
964 CVE-2004-0039 Exec Code 2004-03-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
965 CVE-2004-0038 Exec Code 2004-06-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.
966 CVE-2004-0037 Exec Code 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
967 CVE-2004-0035 Exec Code Sql 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
968 CVE-2004-0032 XSS 2004-01-20 2017-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
969 CVE-2004-0031 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
970 CVE-2004-0030 Exec Code File Inclusion 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
971 CVE-2004-0028 Exec Code 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
972 CVE-2004-0017 Sql 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
973 CVE-2004-0016 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
974 CVE-2004-0015 +Priv 2004-02-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.
975 CVE-2004-0014 Exec Code Overflow 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.
976 CVE-2004-0011 Exec Code Overflow 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.
977 CVE-2004-0010 Overflow +Priv 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
978 CVE-2004-0009 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
979 CVE-2004-0008 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
980 CVE-2004-0007 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
981 CVE-2004-0006 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
982 CVE-2004-0005 DoS Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
983 CVE-2004-0004 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
984 CVE-2004-0002 DoS 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.
985 CVE-2004-0001 +Priv 2004-02-17 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
986 CVE-2003-1214 Bypass 2004-02-11 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the server login for VisualShapers ezContents 2.02 and earlier allows remote attackers to bypass access restrictions and gain access to restricted functions.
987 CVE-2003-1208 Exec Code Overflow 2004-12-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local users to execute arbitrary code by (1) setting the TIME_ZONE session parameter to a long value, or providing long parameters to the (2) NUMTOYMINTERVAL, (3) NUMTODSINTERVAL or (4) FROM_TZ functions.
988 CVE-2003-1199 XSS 2004-03-11 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
989 CVE-2003-1052 +Priv 2004-09-28 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
990 CVE-2003-1051 Exec Code 2004-09-28 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
991 CVE-2003-1050 Exec Code Overflow 2004-09-28 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
992 CVE-2003-1048 119 DoS Overflow 2004-07-27 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in mshtml.dll for certain versions of Internet Explorer 6.x allows remote attackers to cause a denial of service (application crash) via a malformed GIF image.
993 CVE-2003-1046 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.
994 CVE-2003-1044 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions to the next group that is assigned with the original group ID.
995 CVE-2003-1043 Sql 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi.
996 CVE-2003-1042 Sql 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name.
997 CVE-2003-1041 Dir. Trav. 2004-06-14 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." (dot dot) sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug may overlap CVE-2004-0475.
998 CVE-2003-1039 Exec Code Overflow 2004-04-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the mySAP.com architecture for SAP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) Message Server, (2) Web Dispatcher, or (3) Application Server.
999 CVE-2003-1037 Exec Code 2004-04-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
1000 CVE-2003-1036 Exec Code Overflow 2004-04-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the AGate component for SAP Internet Transaction Server (ITS) allow remote attackers to execute arbitrary code via long (1) ~command, (2) ~runtimemode, or (3) ~session parameters, or (4) a long HTTP Content-Type header.
Total number of vulnerabilities : 1077   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 (This Page)21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.