CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1351 CVE-2004-1121 2004-11-01 2017-07-11
5.0
None Remote Low Not required None Partial None
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.
1352 CVE-2004-1104 2004-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL.
1353 CVE-2004-1089 2004-12-02 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerberos authentication and Cyrus IMAP allows local users to access mailboxes of other users.
1354 CVE-2004-1088 2004-12-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows remote attackers to send mail without authentication by replaying authentication information.
1355 CVE-2004-1086 Exec Code Overflow 2004-12-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remote attackers to execute arbitrary code via a crafted PostScript input file.
1356 CVE-2004-1084 Bypass 2004-12-02 2017-07-11
5.0
None Remote Low Not required Partial None None
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
1357 CVE-2004-1083 2004-12-03 2017-07-11
5.0
None Remote Low Not required Partial None None
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning with ".ht" using alternate capitalization.
1358 CVE-2004-1082 2004-02-03 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
1359 CVE-2004-1078 Exec Code Overflow 2004-04-26 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via a long cached icon filename in the InName XML element.
1360 CVE-2004-1077 2004-04-26 2008-09-05
5.0
None Remote Low Not required None Partial None
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in the AppInStartmenu directive.
1361 CVE-2004-1062 XSS 2004-12-28 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages.
1362 CVE-2004-1060 DoS 2004-04-12 2018-10-19
5.0
None Remote Low Not required None None Partial
Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) discovery (PMTUD), allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via forged ICMP ("Fragmentation Needed and Don't Fragment was Set") packets with a low next-hop MTU value, aka the "Path MTU discovery attack." NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
1363 CVE-2004-1059 XSS 2004-12-10 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) next and (2) prev result search pages, and the (3) extended and (4) simple search forms.
1364 CVE-2004-1050 Exec Code Overflow 2004-12-31 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
1365 CVE-2004-1049 Exec Code Overflow 2004-12-31 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in the LoadImage API of the USER32 Lib for Microsoft Windows allows remote attackers to execute arbitrary code via a .bmp, .cur, .ico or .ani file with a large image size field, which leads to a buffer overflow, aka the "Cursor and Icon Format Handling Vulnerability."
1366 CVE-2004-1043 Exec Code 2004-12-31 2021-07-23
5.0
None Remote Low Not required None Partial None
Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to execute arbitrary code by using the "Related Topics" command in the Help ActiveX Control (hhctrl.ocx) to open a Help popup window containing the PCHealth tools.htm file in the local zone and injecting Javascript to be executed, as demonstrated using "writehta.txt" and the ADODB recordset, which saves a .HTA file to the local system, aka the "HTML Help ActiveX control Cross Domain Vulnerability."
1367 CVE-2004-1017 Overflow 2004-12-31 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x have unknown impact and unknown attack vectors.
1368 CVE-2004-0998 Exec Code 2004-12-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code.
1369 CVE-2004-0997 +Priv 2004-12-31 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the ptrace MIPS assembly code in Linux kernel 2.4 before 2.4.17 allows local users to gain privileges via unknown vectors.
1370 CVE-2004-0985 Exec Code 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.
1371 CVE-2004-0984 +Priv 2004-12-31 2008-09-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges.
1372 CVE-2004-0979 2004-12-31 2021-07-23
4.6
None Local Low Not required Partial Partial Partial
Internet Explorer on Windows XP does not properly modify the "Drag and Drop or copy and paste files" setting when the user sets it to "Disable" or "Prompt," which may enable security-sensitive operations that are inconsistent with the user's intended configuration.
1373 CVE-2004-0958 2004-11-03 2017-10-11
5.0
None Remote Low Not required Partial None None
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
1374 CVE-2004-0952 2004-12-31 2017-10-11
6.4
None Remote Low Not required None Partial Partial
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption.
1375 CVE-2004-0951 +Info 2004-12-31 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The make_recovery command for the TFTP server in HP Ignite-UX before C.6.2.241 makes a copy of the password file in the TFTP directory tree, which allows remote attackers to obtain sensitive information.
1376 CVE-2004-0944 2004-02-28 2008-09-05
5.0
None Remote Low Not required Partial None None
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
1377 CVE-2004-0938 DoS 2004-11-03 2017-10-11
5.0
None Remote Low Not required None None Partial
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (server crash) by sending an Ascend-Send-Secret attribute without the required leading packet.
1378 CVE-2004-0931 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial of service (crash) via an HTTP request to webdbm with high ASCII values in the Server field, which triggers an assert error in the IsAscii7 function.
1379 CVE-2004-0928 Bypass 2004-10-05 2017-07-11
5.0
None Remote Low Not required Partial None None
The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm".
1380 CVE-2004-0920 DoS 2004-11-03 2017-07-11
5.0
None Remote Low Not required None None Partial
Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name.
1381 CVE-2004-0919 2004-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to read arbitrary kernel memory via (1) negative coordinates or (2) large coordinates.
1382 CVE-2004-0913 +Priv 2004-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration.
1383 CVE-2004-0911 DoS 2004-11-03 2017-07-11
5.0
None Remote Low Not required None None Partial
telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554.
1384 CVE-2004-0909 2004-12-31 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
1385 CVE-2004-0908 +Info 2004-12-31 2017-10-11
4.0
None Remote High Not required Partial Partial None
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
1386 CVE-2004-0907 Exec Code 2004-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
1387 CVE-2004-0906 Exec Code 2004-12-31 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
1388 CVE-2004-0905 Exec Code 2004-09-14 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
1389 CVE-2004-0904 Exec Code Overflow 2004-12-31 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
1390 CVE-2004-0885 Bypass 2004-11-03 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
1391 CVE-2004-0875 XSS 2004-12-23 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.
1392 CVE-2004-0873 2004-12-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.
1393 CVE-2004-0872 669 2004-09-16 2022-02-28
5.0
None Remote Low Not required Partial None None
Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
1394 CVE-2004-0871 2004-09-16 2017-07-11
5.0
None Remote Low Not required Partial None None
Mozilla does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
1395 CVE-2004-0870 2004-09-16 2017-07-11
5.0
None Remote Low Not required Partial None None
KDE Konqueror does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
1396 CVE-2004-0869 2004-09-16 2017-07-11
5.0
None Remote Low Not required Partial None None
Internet Explorer does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection."
1397 CVE-2004-0867 264 2004-12-23 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected.
1398 CVE-2004-0866 2004-09-16 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
1399 CVE-2004-0852 Exec Code Overflow 2004-12-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in htget 0.93 allows remote attackers to execute arbitrary code via a crafted URL.
1400 CVE-2004-0850 +Priv 2004-12-23 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Star before 1.5_alpha46 does not drop the effective user ID (euid) before calling external programs, which could allow local users to gain privileges by modifying the RSH environment variable to reference a malicious program.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 (This Page)29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.