CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1551 CVE-2004-0678 79 XSS 2004-08-06 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.
1552 CVE-2004-0677 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A").
1553 CVE-2004-0676 Dir. Trav. 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
1554 CVE-2004-0675 Exec Code XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
1555 CVE-2004-0674 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.
1556 CVE-2004-0673 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.
1557 CVE-2004-0672 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
1558 CVE-2004-0671 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request.
1559 CVE-2004-0670 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password.
1560 CVE-2004-0669 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
1561 CVE-2004-0668 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
1562 CVE-2004-0667 +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
1563 CVE-2004-0666 DoS Overflow 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow.
1564 CVE-2004-0665 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.
1565 CVE-2004-0664 Dir. Trav. 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter.
1566 CVE-2004-0663 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module.
1567 CVE-2004-0662 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.
1568 CVE-2004-0661 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
1569 CVE-2004-0660 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
1570 CVE-2004-0659 Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.
1571 CVE-2004-0658 DoS Exec Code Overflow 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.
1572 CVE-2004-0657 190 Overflow 2004-08-06 2020-06-18
5.0
None Remote Low Not required None Partial None
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
1573 CVE-2004-0656 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
1574 CVE-2004-0655 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file.
1575 CVE-2004-0652 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
1576 CVE-2004-0651 DoS 2004-08-06 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
1577 CVE-2004-0650 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.
1578 CVE-2004-0649 Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
1579 CVE-2004-0648 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
1580 CVE-2004-0647 2004-08-06 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.
1581 CVE-2004-0646 Exec Code Overflow 2004-12-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
1582 CVE-2004-0645 Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
1583 CVE-2004-0644 DoS 2004-09-28 2020-01-21
5.0
None Remote Low Not required None None Partial
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
1584 CVE-2004-0643 415 Exec Code 2004-09-28 2021-02-02
4.6
None Local Low Not required Partial Partial Partial
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
1585 CVE-2004-0642 415 Exec Code 2004-09-28 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
1586 CVE-2004-0641 2004-08-05 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
1587 CVE-2004-0640 Exec Code 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
1588 CVE-2004-0639 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
1589 CVE-2004-0638 119 Exec Code Overflow 2004-12-31 2017-07-11
8.5
None Remote Medium ??? Complete Complete Complete
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
1590 CVE-2004-0637 94 Exec Code 2004-09-02 2008-09-10
6.5
None Remote Low ??? Partial Partial Partial
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
1591 CVE-2004-0636 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.
1592 CVE-2004-0635 DoS 2004-12-06 2017-10-11
5.0
None Remote Low Not required None None Partial
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
1593 CVE-2004-0634 DoS 2004-12-06 2017-10-11
5.0
None Remote Low Not required None None Partial
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
1594 CVE-2004-0633 DoS Overflow 2004-12-06 2017-10-11
5.0
None Remote Low Not required None None Partial
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
1595 CVE-2004-0632 Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.
1596 CVE-2004-0631 Exec Code Overflow 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.
1597 CVE-2004-0630 Exec Code 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.
1598 CVE-2004-0629 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.
1599 CVE-2004-0628 DoS Exec Code Overflow 2004-12-06 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
1600 CVE-2004-0627 Bypass 2004-12-06 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 (This Page)33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.