CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1451 CVE-2004-0787 XSS 2004-10-20 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields.
1452 CVE-2004-0786 DoS 2004-10-20 2021-06-06
5.0
None Remote Low Not required None None Partial
The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
1453 CVE-2004-0785 DoS Exec Code Overflow 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder.
1454 CVE-2004-0784 Exec Code 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.
1455 CVE-2004-0783 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, may allow remote attackers to execute arbitrary code via a certain color string. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0688).
1456 CVE-2004-0782 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image decoder for gtk+ 2.4.4 (gtk2) and earlier, and gdk-pixbuf before 0.22, allows remote attackers to execute arbitrary code via certain n_col and cpp values that enable a heap-based buffer overflow. NOTE: this identifier is ONLY for gtk+. It was incorrectly referenced in an advisory for a different issue (CVE-2004-0687).
1457 CVE-2004-0781 XSS 2004-10-20 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.
1458 CVE-2004-0780 Exec Code Overflow 2004-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to execute arbitrary code via a long -S command line argument.
1459 CVE-2004-0779 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers do not properly verify that cached passwords for SSL encrypted sites are only sent via SSL encrypted sessions to the site, which allows a remote attacker to cause a cached password to be sent in cleartext to a spoofed site.
1460 CVE-2004-0778 2004-10-20 2017-10-11
5.0
None Remote Low Not required Partial None None
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages to be returned.
1461 CVE-2004-0777 134 Exec Code 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
1462 CVE-2004-0775 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests.
1463 CVE-2004-0774 DoS 2004-11-03 2017-07-11
7.8
None Remote Low Not required None None Complete
RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1.
1464 CVE-2004-0772 119 Exec Code Overflow 2004-10-20 2020-01-21
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
1465 CVE-2004-0771 Exec Code Overflow 2004-11-23 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the extract_one function from lhext.c in LHA may allow attackers to execute arbitrary code via a long w (working directory) command line option, a different issue than CVE-2004-0769. NOTE: this issue may be REJECTED if there are not any cases in which LHA is setuid or is otherwise used across security boundaries.
1466 CVE-2004-0769 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a different issue than CVE-2004-0771.
1467 CVE-2004-0768 Exec Code Overflow 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
1468 CVE-2004-0767 DoS 2004-08-18 2017-07-11
5.0
None Remote Low Not required None None Partial
NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions.
1469 CVE-2004-0766 DoS 2004-08-18 2017-07-11
5.0
None Remote Low Not required None None Partial
NGSEC StackDefender 2.0 allows attackers to cause a denial of service (system crash) via an invalid address for the BaseAddress parameter to the hooks for the (1) ZwAllocateVirtualMemory or (2) ZwProtectVirtualMemory functions.
1470 CVE-2004-0765 2004-08-18 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote attackers to spoof trusted certificates.
1471 CVE-2004-0764 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.
1472 CVE-2004-0763 2004-08-18 2017-10-11
5.0
None Remote Low Not required None Partial None
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
1473 CVE-2004-0762 2004-08-18 2017-10-11
5.0
None Remote Low Not required None Partial None
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to install arbitrary extensions by using interactive events to manipulate the XPInstall Security dialog box.
1474 CVE-2004-0761 2004-08-18 2017-10-11
5.0
None Remote Low Not required None Partial None
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.
1475 CVE-2004-0760 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Mozilla allows remote attackers to cause Mozilla to open a URI as a different MIME type than expected via a null character (%00) in an FTP URI.
1476 CVE-2004-0759 2004-08-18 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Mozilla before 1.7 allows remote web servers to read arbitrary files via Javascript that sets the value of an <input type="file"> tag.
1477 CVE-2004-0758 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
Mozilla 1.5 through 1.7 allows a CA certificate to be imported even when their DN is the same as that of the built-in CA root certificate, which allows remote attackers to cause a denial of service to SSL pages because the malicious certificate is treated as invalid.
1478 CVE-2004-0757 Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the SendUidl in the POP3 capability for Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, may allow remote POP3 mail servers to execute arbitrary code.
1479 CVE-2004-0754 DoS Exec Code Overflow 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
1480 CVE-2004-0753 DoS 2004-10-20 2018-10-19
5.0
None Remote Low Not required None None Partial
The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 before 2.2.4 allows remote attackers to cause a denial of service (infinite loop) via a crafted BMP file.
1481 CVE-2004-0751 DoS 2004-10-20 2021-06-06
5.0
None Remote Low Not required None None Partial
The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
1482 CVE-2004-0750 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares are exported to multiple hosts, can produce incorrect permissions and prevent the all_squash option from being applied.
1483 CVE-2004-0749 2004-12-23 2017-07-11
5.0
None Remote Low Not required Partial None None
The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames.
1484 CVE-2004-0748 DoS 2004-10-20 2021-06-06
5.0
None Remote Low Not required None None Partial
mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
1485 CVE-2004-0747 Overflow +Priv 2004-10-20 2021-06-06
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
1486 CVE-2004-0746 2004-10-20 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
1487 CVE-2004-0745 Exec Code 2004-09-28 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.
1488 CVE-2004-0744 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet.
1489 CVE-2004-0743 +Info 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak.
1490 CVE-2004-0742 2004-07-27 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.
1491 CVE-2004-0741 DoS Overflow 2004-07-27 2017-07-11
5.0
None Remote Low Not required None None Partial
LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow.
1492 CVE-2004-0740 DoS Overflow 2004-07-27 2017-07-11
5.0
None Remote Low Not required None None Partial
The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.
1493 CVE-2004-0739 DoS Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename.
1494 CVE-2004-0738 Sql 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
1495 CVE-2004-0737 XSS 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
1496 CVE-2004-0736 2004-07-27 2017-07-11
5.0
None Remote Low Not required Partial None None
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
1497 CVE-2004-0735 Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.
1498 CVE-2004-0734 Exec Code 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
1499 CVE-2004-0733 DoS Exec Code 2004-07-27 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
1500 CVE-2004-0732 Sql 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 (This Page)31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.