CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1651 CVE-2004-0716 Exec Code Overflow 2004-08-06 2008-10-24
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large amount of data.
1652 CVE-2004-0715 +Priv 2004-07-27 2017-07-11
5.1
None Remote High Not required Partial Partial Partial
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
1653 CVE-2004-0714 DoS Mem. Corr. 2004-07-27 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
1654 CVE-2004-0713 2004-07-27 2017-07-11
6.4
None Remote Low Not required None Partial Partial
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
1655 CVE-2004-0712 +Priv 2004-07-27 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
1656 CVE-2004-0711 Bypass 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
1657 CVE-2004-0710 DoS 2004-07-27 2017-10-11
5.0
None Remote Low Not required None None Partial
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
1658 CVE-2004-0709 Bypass 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
1659 CVE-2004-0708 +Priv 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
1660 CVE-2004-0707 Sql 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
1661 CVE-2004-0706 2004-07-27 2017-07-11
2.1
None Local Low Not required Partial None None
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
1662 CVE-2004-0705 XSS 2004-07-27 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.
1663 CVE-2004-0704 2004-07-27 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products.
1664 CVE-2004-0703 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.
1665 CVE-2004-0702 2004-07-27 2017-07-11
5.0
None Remote Low Not required Partial None None
DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password in an error message when the SQL server is not running, which could allow remote attackers to gain sensitive information.
1666 CVE-2004-0701 2004-07-27 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 does not properly detect a smartcard removal when the card is quickly removed, reinserted, and removed again, which could cause a user session to stay logged in and allow local users to gain unauthorized access.
1667 CVE-2004-0700 1 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the mod_proxy hook functions function in ssl_engine_log.c in mod_ssl before 2.8.19 for Apache before 1.3.31 may allow remote attackers to execute arbitrary messages via format string specifiers in certain log messages for HTTPS that are handled by the ssl_log function.
1668 CVE-2004-0699 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
1669 CVE-2004-0698 2004-07-27 2017-07-11
3.6
None Local Low Not required Partial Partial None
4D WebSTAR 5.3.2 and earlier allows local users to read and modify arbitrary files via a symlink attack.
1670 CVE-2004-0697 +Info 2004-07-27 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote attackers to read the php.ini configuration file and possibly obtain sensitive information.
1671 CVE-2004-0696 2004-07-27 2017-07-11
5.0
None Remote Low Not required Partial None None
The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows remote attackers to list arbitrary directories via a URL with the desired path and a "*" (asterisk) character.
1672 CVE-2004-0695 Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
1673 CVE-2004-0693 DoS 2004-09-28 2017-10-11
5.0
None Remote Low Not required None None Partial
The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
1674 CVE-2004-0692 DoS 2004-09-28 2017-10-11
5.0
None Remote Low Not required None None Partial
The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
1675 CVE-2004-0691 DoS Exec Code Overflow 2004-09-28 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
1676 CVE-2004-0690 2004-09-28 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory.
1677 CVE-2004-0689 2004-09-28 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
1678 CVE-2004-0688 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a malformed XPM image file.
1679 CVE-2004-0687 Exec Code Overflow 2004-10-20 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
1680 CVE-2004-0686 Overflow 2004-07-27 2018-10-30
5.0
None Remote Low Not required None Partial None
Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.
1681 CVE-2004-0685 +Info 2004-12-23 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
1682 CVE-2004-0684 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, with the JunctionRewrite directive enabled, allows remote attackers to cause a denial of service via an HTTP GET request without any parameters.
1683 CVE-2004-0683 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cause a denial of service (CPU consumption) via a compressed archive that contains a large number of directories.
1684 CVE-2004-0682 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other versions before 5.098, allows remote attackers to change the prices of items by directly modifying them in the URL.
1685 CVE-2004-0681 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_customerAuthenticateForm.asp, (2) comersus_backoffice_message.asp, (3) comersus_supportError.asp, or (4) comersus_message.asp in Comersus Cart 5.09 allow remote attackers to execute web script as other users via the message parameter.
1686 CVE-2004-0680 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Zoom X3 ADSL modem has a terminal running on port 254 that can be accessed using the default HTML management password, even if the password has been changed for the HTTP interface, which could allow remote attackers to gain unauthorized access.
1687 CVE-2004-0679 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly other versions, uses a weak hashing scheme to hide IP addresses, which could allow remote attackers to use brute force methods to gain other user's IP addresses.
1688 CVE-2004-0678 79 XSS 2004-08-06 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.
1689 CVE-2004-0677 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attackers to cause a denial of service (temporary hang) via the cd command with an unusual argument, possibly due to multiple leading slashes and/or an access to the floppy drive ("A").
1690 CVE-2004-0676 Dir. Trav. 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6.7.2.1085 and earlier allows remote attackers to create or delete arbitrary files via .. (dot dot) and // (double slash) sequences in the filename parameter.
1691 CVE-2004-0675 Exec Code XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32web.exe in Cart32 shopping cart allows remote attackers to execute arbitrary web script via the cart32 parameter to a GetLatestBuilds command.
1692 CVE-2004-0674 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.
1693 CVE-2004-0673 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4.9 allows remote attackers to execute arbitrary web script as other users via an invalid request that is echoed in the resulting error message.
1694 CVE-2004-0672 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in the primary and management web interfaces in Netegrity IdentityMinder Web Edition 5.6 allows remote attackers to execute script as other users via (1) script that starts with %00 in the numOfExpressions parameter or (2) the mobjtype parameter.
1695 CVE-2004-0671 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Brightmail Spamfilter 6.0 and earlier beta releases allows remote attackers to read mail from other users by modifying the id parameter in a viewMsgDetails.do request.
1696 CVE-2004-0670 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Prestige 650HW-31 running Rompager 4.7 software allows remote attackers to cause a denial of service (device reboot) via a long password.
1697 CVE-2004-0669 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authenticated users to change their quota by using the IMAP setquota command.
1698 CVE-2004-0668 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.
1699 CVE-2004-0667 +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges.
1700 CVE-2004-0666 DoS Overflow 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allows remote attackers to cause a denial of service (application crash) via an e-mail message with a certain line length, which leads to a buffer overflow.
Total number of vulnerabilities : 2451   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 (This Page)35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.