CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1301 CVE-2004-1353 Exec Code 2004-10-19 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role Based Access Control (RBAC), allows local users to execute certain commands with additional privileges.
1302 CVE-2004-1352 Exec Code Overflow 2004-12-01 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.
1303 CVE-2004-1351 Exec Code 2004-12-07 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.
1304 CVE-2004-1350 Exec Code Overflow 2004-10-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests.
1305 CVE-2004-1348 DoS 2004-09-06 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in in.named on Solaris 8 allows remote attackers to cause a denial of service (process crash).
1306 CVE-2004-1347 DoS 2004-08-10 2018-10-30
5.0
None Remote Low Not required None None Partial
X Display Manager (XDM) on Solaris 8 allows remote attackers to cause a denial of service (XDM crash) via an invalid X Display Manager Control Protocol (XDMCP) request.
1307 CVE-2004-1345 2004-06-21 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
1308 CVE-2004-1343 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
1309 CVE-2004-1339 89 Exec Code Sql 2004-12-23 2017-07-11
6.5
None Remote Low ??? Partial Partial Partial
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
1310 CVE-2004-1338 264 +Priv 2004-12-23 2017-07-11
6.5
None Remote Low ??? Partial Partial Partial
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
1311 CVE-2004-1337 +Priv 2004-12-23 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
1312 CVE-2004-1332 Exec Code Overflow 2004-12-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
1313 CVE-2004-1330 Exec Code Overflow 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
1314 CVE-2004-1329 Exec Code 2004-12-20 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
1315 CVE-2004-1328 +Priv 2004-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
1316 CVE-2004-1327 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.
1317 CVE-2004-1326 Exec Code Overflow 2004-12-20 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute arbitrary code via a long -setup parameter.
1318 CVE-2004-1325 2004-12-18 2017-07-11
5.0
None Remote Low Not required Partial None None
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
1319 CVE-2004-1322 2004-12-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail messages.
1320 CVE-2004-1321 2004-12-15 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access.
1321 CVE-2004-1320 2004-12-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access.
1322 CVE-2004-1319 2004-12-15 2019-04-30
5.0
None Remote Low Not required None Partial None
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180.
1323 CVE-2004-1317 Exec Code Overflow 2004-12-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
1324 CVE-2004-1316 DoS Overflow 2004-12-29 2018-05-03
5.0
None Remote Low Not required None None Partial
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing '\' (backslash) character, which prevents a string from being NULL terminated.
1325 CVE-2004-1315 Exec Code 2004-11-12 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
1326 CVE-2004-1307 Exec Code Overflow 2004-12-21 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
1327 CVE-2004-1306 Exec Code Overflow 2004-12-31 2019-04-30
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 through SP4, Windows XP through SP2, and Windows 2003 allows remote attackers to execute arbitrary code via a crafted .hlp file.
1328 CVE-2004-1305 DoS 2004-12-23 2019-04-30
5.0
None Remote Low Not required None None Partial
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
1329 CVE-2004-1244 Exec Code 2004-02-08 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
1330 CVE-2004-1236 Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.
1331 CVE-2004-1200 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Firefox and Mozilla allow remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
1332 CVE-2004-1198 DoS 2004-12-31 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash from memory consumption), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
1333 CVE-2004-1189 787 Exec Code Overflow 2004-12-31 2021-02-02
7.2
None Local Low Not required Complete Complete Complete
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
1334 CVE-2004-1186 DoS Overflow 2004-12-31 2018-10-19
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
1335 CVE-2004-1182 Bypass 2004-12-31 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password.
1336 CVE-2004-1180 DoS 2004-02-16 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
1337 CVE-2004-1173 Bypass 2004-12-31 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog.
1338 CVE-2004-1166 94 Exec Code 2004-12-31 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
1339 CVE-2004-1156 2004-12-31 2017-10-11
4.3
None Remote Medium Not required None Partial None
Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
1340 CVE-2004-1155 2004-12-31 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. NOTE: later research shows that Internet Explorer 7 on Windows XP SP2 is also vulnerable.
1341 CVE-2004-1150 Exec Code Overflow 2004-12-31 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 through 5.08c allows attackers to execute arbitrary code via a cda:// URL with a long (1) device name or (2) sound track number, as demonstrated with a .m3u or .pls playlist file.
1342 CVE-2004-1146 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script.
1343 CVE-2004-1145 Bypass 2004-12-15 2017-10-11
5.0
None Remote Low Not required None Partial None
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
1344 CVE-2004-1144 +Priv 2004-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges.
1345 CVE-2004-1143 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack.
1346 CVE-2004-1142 DoS 2004-12-15 2017-10-11
5.0
None Remote Low Not required None None Partial
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
1347 CVE-2004-1141 DoS 2004-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory.
1348 CVE-2004-1140 DoS 2004-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp.
1349 CVE-2004-1139 DoS 2004-12-15 2017-10-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).
1350 CVE-2004-1124 2004-01-14 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 (This Page)28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.