CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1051 CVE-2004-1626 Exec Code Overflow 2004-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
1052 CVE-2004-1625 DoS 2004-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
pGina 1.7.6 and possibly older versions, when the Restart or Shutdown options are enabled on the login screen, allows remote attackers to cause a denial of service by connecting via Remote Desktop and clicking restart or shutdown.
1053 CVE-2004-1624 +Priv 2004-10-21 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
1054 CVE-2004-1623 DoS 2004-10-22 2017-07-11
5.0
None Remote Low Not required None None Partial
The WAV file property handler in Windows XP SP1 allows remote attackers to cause a denial of service (infinite loop in Explorer) via a WAV file with an invalid file header whose fmt chunk length is set to 0xFFFFFFFF.
1055 CVE-2004-1622 Sql 2004-10-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allows remote attackers to execute arbitrary SQL statements via the Name parameter.
1056 CVE-2004-1621 XSS 2004-10-18 2017-07-11
4.3
None Remote Medium Not required None Partial None
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in IBM Lotus Notes R6 and Domino R6, and possibly earlier versions, allows remote attackers to execute arbitrary web script or HTML via square brackets at the beginning and end of (1) computed for display, (2) computed when composed, or (3) computed text element fields. NOTE: the vendor has disputed this issue, saying that it is not a problem with Notes/Domino itself, but with the applications that do not properly handle this feature.
1057 CVE-2004-1620 Http R.Spl. 2004-10-21 2017-07-11
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in Serendipity before 0.7rc1 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the url parameter in (1) index.php and (2) exit.php, or (3) the HTTP Referer field in comment.php.
1058 CVE-2004-1619 Exec Code Overflow 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Privateer's Bounty: Age of Sail II allows remote attackers to execute arbitrary code via a long nickname.
1059 CVE-2004-1618 DoS 2004-10-19 2017-07-11
5.0
None Remote Low Not required None None Partial
Vypress Tonecast 1.3 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed mp2 stream.
1060 CVE-2004-1617 20 DoS 2004-10-18 2018-10-19
5.0
None Remote Low Not required None None Partial
Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers to cause a denial of service (infinite loop) via a web page or HTML email that contains invalid HTML including (1) a TEXTAREA tag with a large COLS value and (2) a large tag name in an element that is not terminated, as demonstrated by mangleme. NOTE: a followup suggests that the relevant trigger for this issue is the large COLS value.
1061 CVE-2004-1616 DoS 2004-10-18 2017-07-11
5.0
None Remote Low Not required None None Partial
Links allows remote attackers to cause a denial of service (memory consumption) via a web page or HTML email that contains a table with a td element and a large rowspan value,as demonstrated by mangleme.
1062 CVE-2004-1614 DoS 2004-10-18 2016-10-18
5.0
None Remote Low Not required None None Partial
Mozilla allows remote attackers to cause a denial of service (application crash from invalid memory access) via an "unusual combination of visual elements," including several large MARQUEE tags with large height parameters, as demonstrated by mangleme.
1063 CVE-2004-1613 DoS 2004-10-18 2017-10-11
5.0
None Remote Low Not required None None Partial
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
1064 CVE-2004-1612 Dir. Trav. 2004-10-18 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.
1065 CVE-2004-1611 Exec Code 2004-10-18 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
SalesLogix 6.1 does not verify if a user is authenticated before performing sensitive operations, which could allow remote attackers to (1) execute arbitrary SLX commands on the server or spoof the server via a man-in-the-middle (MITM) attack, or (2) obtain the database password via a GetConnection request to TCP port 1707.
1066 CVE-2004-1610 Exec Code 2004-10-18 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.
1067 CVE-2004-1609 2004-10-18 2017-07-11
5.0
None Remote Low Not required Partial None None
SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.
1068 CVE-2004-1608 Sql 2004-10-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SalesLogix 6.1 allows remote attackers to execute arbitrary SQL statements via the id parameter in a view operation.
1069 CVE-2004-1607 +Info 2004-10-18 2017-07-11
5.0
None Remote Low Not required Partial None None
slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensitive information via a (1) Library or (2) Attachment request with an invalid file parameter, which reveals the path in an error message.
1070 CVE-2004-1606 +Info 2004-10-18 2017-07-11
6.4
None Remote Low Not required Partial None Partial
slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial service (application crash) via an invalid HTTP request, which might also leak sensitive information in the ErrorLogMsg cookie.
1071 CVE-2004-1605 Bypass 2004-10-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SalesLogix 6.1 allows remote attackers to bypass authentication by modifying the slxweb cookie to set user=Admin, teams=ADMIN!, and usertype=Administrator.
1072 CVE-2004-1604 2004-09-30 2016-10-18
5.0
None Remote Low Not required None Partial None
cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled.
1073 CVE-2004-1603 2004-10-18 2017-07-11
5.0
None Remote Low Not required Partial None None
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.
1074 CVE-2004-1602 2004-10-15 2017-07-11
5.0
None Remote Low Not required Partial None None
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
1075 CVE-2004-1601 Dir. Trav. 2004-10-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter.
1076 CVE-2004-1600 2004-10-16 2017-07-11
5.0
None Remote Low Not required Partial None None
index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message.
1077 CVE-2004-1599 XSS 2004-10-16 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters.
1078 CVE-2004-1598 2004-10-12 2017-07-11
5.0
None Remote Low Not required Partial None None
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory.
1079 CVE-2004-1597 DoS 2004-10-13 2017-07-11
5.0
None Remote Low Not required None None Partial
RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which triggers a watchdog while the message is being stored.
1080 CVE-2004-1596 2004-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm.
1081 CVE-2004-1595 Exec Code Overflow 2004-10-13 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
1082 CVE-2004-1594 XSS 2004-10-13 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag.
1083 CVE-2004-1593 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter.
1084 CVE-2004-1592 Exec Code File Inclusion 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server that contains a malicious funcs.php script.
1085 CVE-2004-1591 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain access.
1086 CVE-2004-1590 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Clientexec allows remote attackers to gain sensitive information via an HTTP request to phpinfo.php, which calls the phpinfo function.
1087 CVE-2004-1589 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the (1) Category parameter to Forum.asp or (2) MainMessageID parameter to ReplyToQuestion.asp.
1088 CVE-2004-1588 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in GoSmart Message Board allows remote attackers to execute arbitrary SQL code via the (1) QuestionNumber and Category parameters to Forum.asp or (2) Username and Password parameter to Login_Exec.asp.
1089 CVE-2004-1587 DoS Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Monolith games including (1) Alien versus Predator 2 1.0.9.6 and earlier, (2) Blood 2 2.1 and earlier, (3) No one lives forever 1.004 and earlier and (4) Shogo 2.2 and earlier allows remote attackers to cause a denial of service (application crash) via a long secure Gamespy query.
1090 CVE-2004-1585 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers to cause a denial of service (application crash) via certain wide characters.
1091 CVE-2004-1584 Http R.Spl. 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the text parameter.
1092 CVE-2004-1583 Dir. Trav. 2004-12-31 2017-07-19
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in the FTP server in TriDComm 1.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in FTP commands such as (1) DIR, (2) GET, or (3) PUT.
1093 CVE-2004-1582 Exec Code File Inclusion 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows remote attackers to execute arbitrary PHP code by modifying the libpath parameter (incorrectly called "libpach") to reference a URL on a remote web server that contains _more.php, as demonstrated using checkdb.inc.php.
1094 CVE-2004-1581 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
BlackBoard 1.5.1 allows remote attackers to gain sensitive information via a direct request to (1) checkdb.inc.php, (2) admin.inc.php or (3) cp.inc.php, which reveals the path in a PHP error message.
1095 CVE-2004-1580 1 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
1096 CVE-2004-1579 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive information via an HTTP request with an invalid cat_id parameter, which reveals the full path in a PHP error message.
1097 CVE-2004-1578 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Invision Power Board 2.0.0 allows remote attackers to execute arbitrary web script or HTML via the Referer field in the HTTP header.
1098 CVE-2004-1577 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
index.php in PHP Links allows remote attackers to gain sensitive information via an invalid show parameter, which reveals the full path in an error message.
1099 CVE-2004-1576 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a chat message.
1100 CVE-2004-1575 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a denial of service (CPU consumption) via XML attributes in a crafted XML document.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 (This Page)23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.