CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2004-2670 XSS 2004-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewcat operation or (2) the query parameter in a search operation in the publisher module.
102 CVE-2004-2669 Exec Code Sql 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php.
103 CVE-2004-2668 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
104 CVE-2004-2667 XSS 2004-12-31 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before 6.0.4 and 6.5.x before 6.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
105 CVE-2004-2666 +Info 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Mantis before 20041016 provides a complete Issue History (Bug History) in the web interface regardless of view_history_threshold, which allows remote attackers to obtain sensitive information (private bug details) by visiting a bug's web page.
106 CVE-2004-2665 DoS 2004-12-31 2017-10-11
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
107 CVE-2004-2664 +Info 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message.
108 CVE-2004-2663 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
109 CVE-2004-2662 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.
110 CVE-2004-2661 +Info 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Soft3304 04WebServer before 1.41 does not properly check file names, which allows remote attackers to obtain sensitive information (CGI source code).
111 CVE-2004-2660 DoS 2004-12-31 2018-10-30
4.9
None Local Low Not required None None Complete
Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
112 CVE-2004-2659 362 2004-12-31 2022-02-28
4.0
None Remote High Not required Partial Partial None
Opera offers an Open button to verify that a user wishes to execute a downloaded file, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking Open via a request for a different mouse or keyboard action very shortly before the Open dialog appears. NOTE: this is a different issue than CVE-2005-2407.
113 CVE-2004-2658 2004-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
resmgr in SUSE CORE 9 does not properly identify terminal names, which allows local users to spoof terminals and login types.
114 CVE-2004-2657 2004-12-31 2018-10-19
1.7
None Local Low ??? Partial None None
** DISPUTED ** Mozilla Firefox 1.5.0.1, and possibly other versions, preserves some records of user activity even after uninstalling, which allows local users who share a Windows profile to view the records after a new installation of Firefox, as reported for the list of Passwords Never Saved web sites. NOTE: The vendor has disputed this issue, stating that "The uninstaller is primarily there to uninstall the application. It is not there to uninstall user data. For the moment I will stick by my module-owner decision."
115 CVE-2004-2656 XSS 2004-12-31 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like Automated Storytelling Homepage (Slash) (aka Slashcode) before R_2_5_0_41 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in search.pl and (2) the filter parameter in submit.pl.
116 CVE-2004-2655 2004-12-31 2018-10-03
5.4
None Remote High Not required Complete None None
rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, when running on Fedora and possibly other platforms, does not release the keyboard focus when xscreensaver starts, which causes the password to be entered into the active window when the user unlocks the screen.
117 CVE-2004-2654 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
118 CVE-2004-2653 +Priv 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
119 CVE-2004-2652 DoS 2004-12-31 2017-07-20
7.8
None Remote Low Not required None None Complete
The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
120 CVE-2004-2651 XSS 2004-12-31 2017-07-20
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the (1) urlmaskfilter parameter to index.html or the (2) page parameter to Wiki.html.
121 CVE-2004-2650 DoS 2004-12-31 2008-09-05
4.9
None Local Low Not required None None Complete
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
122 CVE-2004-2649 20 2004-12-31 2017-07-20
5.8
None Remote Medium Not required Partial Partial None
Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in the status bar by inserting a large number of characters (e.g. spaces coded as "&#32") in the middle of the URL.
123 CVE-2004-2648 DoS 2004-12-31 2017-07-20
1.0
None Local High ??? None None Partial
FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.
124 CVE-2004-2647 DoS 2004-12-31 2017-07-20
5.0
None Remote Low Not required None None Partial
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
125 CVE-2004-2646 DoS 2004-12-31 2017-07-20
5.0
None Remote Low Not required None None Partial
The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.
126 CVE-2004-2645 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."
127 CVE-2004-2644 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.
128 CVE-2004-2643 1 Dir. Trav. 2004-12-31 2017-07-20
3.7
None Local High Not required Partial Partial Partial
Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive.
129 CVE-2004-2642 2004-12-31 2017-07-20
6.4
None Remote Low Not required Partial Partial None
Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender.
130 CVE-2004-2641 DoS 2004-12-31 2017-07-20
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
131 CVE-2004-2640 Dir. Trav. 2004-12-31 2017-07-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter.
132 CVE-2004-2639 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.
133 CVE-2004-2638 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
134 CVE-2004-2637 Bypass 2004-12-31 2017-07-20
6.4
None Remote Low Not required None Partial Partial
The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions.
135 CVE-2004-2636 2004-12-31 2017-07-20
5.0
None Remote Low Not required Partial None None
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
136 CVE-2004-2635 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.
137 CVE-2004-2634 2004-12-31 2017-07-20
6.2
None Local High Not required Complete Complete Complete
The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors.
138 CVE-2004-2633 2004-12-31 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors.
139 CVE-2004-2632 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
140 CVE-2004-2631 Exec Code 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
141 CVE-2004-2630 Exec Code 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
142 CVE-2004-2629 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
143 CVE-2004-2628 Dir. Trav. 2004-12-31 2017-07-20
5.0
None Remote Low Not required Partial None None
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2) a drive letter (such as "C:").
144 CVE-2004-2627 Exec Code 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
145 CVE-2004-2626 2004-12-31 2017-07-20
3.7
None Local High Not required Partial Partial Partial
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
146 CVE-2004-2625 XSS 2004-12-31 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag.
147 CVE-2004-2624 XSS 2004-12-31 2017-07-20
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter.
148 CVE-2004-2623 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."
149 CVE-2004-2622 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
150 CVE-2004-2621 2004-12-31 2017-07-20
4.0
None Remote High Not required Partial Partial None
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack.
Total number of vulnerabilities : 2451   Page : 1 2 3 (This Page)4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.