CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1701 CVE-2004-0665 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.
1702 CVE-2004-0664 Dir. Trav. 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in modules.php in PowerPortal 1.x allows remote attackers to list arbitrary directories via a .. (dot dot) in the files parameter.
1703 CVE-2004-0663 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal 1.x allows remote attackers to inject arbitrary script or HTML via the (1) id parameter to the (a) private_messages module; (2) search parameter to the (b) links and (c) content modules; and (3) files parameter to the gallery module.
1704 CVE-2004-0662 2004-08-06 2017-07-11
5.0
None Remote Low Not required Partial None None
PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.
1705 CVE-2004-0661 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
1706 CVE-2004-0660 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) show_news.php, and possibly other php files in CuteNews 1.3.1 allows remote attackers to inject arbitrary script or HTML via the id parameter.
1707 CVE-2004-0659 Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.
1708 CVE-2004-0658 DoS Exec Code Overflow 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket.
1709 CVE-2004-0657 190 Overflow 2004-08-06 2020-06-18
5.0
None Remote Low Not required None Partial None
Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP server to return the wrong date/time offset when a client requests a date/time that is more than 34 years away from the server's time.
1710 CVE-2004-0656 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections.
1711 CVE-2004-0655 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file.
1712 CVE-2004-0654 DoS 2004-08-06 2018-10-30
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Basic Security Module (BSM), when configured to audit either the Administrative (ad) or the System-Wide Administration (as) audit class in Solaris 7, 8, and 9, allows local users to cause a denial of service (kernel panic).
1713 CVE-2004-0653 2004-08-06 2017-10-11
2.1
None Local Low Not required Partial None None
Solaris 9, when configured as a Kerberos client with patch 112908-12 or 115168-03 and using pam_krb5 as an "auth" module with the debug feature enabled, records passwords in plaintext, which could allow local users to gain other user's passwords by reading log files.
1714 CVE-2004-0652 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods.
1715 CVE-2004-0651 DoS 2004-08-06 2018-10-30
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 through 1.4.2_03 allows remote attackers to cause a denial of service (virtual machine hang).
1716 CVE-2004-0650 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.
1717 CVE-2004-0649 Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.
1718 CVE-2004-0648 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol.
1719 CVE-2004-0647 2004-08-06 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file.
1720 CVE-2004-0646 Exec Code Overflow 2004-12-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields.
1721 CVE-2004-0645 Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.
1722 CVE-2004-0644 DoS 2004-09-28 2020-01-21
5.0
None Remote Low Not required None None Partial
The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
1723 CVE-2004-0643 415 Exec Code 2004-09-28 2021-02-02
4.6
None Local Low Not required Partial Partial Partial
Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
1724 CVE-2004-0642 415 Exec Code 2004-09-28 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
1725 CVE-2004-0641 2004-08-05 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
1726 CVE-2004-0640 Exec Code 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.
1727 CVE-2004-0639 XSS 2004-08-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
1728 CVE-2004-0638 119 Exec Code Overflow 2004-12-31 2017-07-11
8.5
None Remote Medium ??? Complete Complete Complete
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute arbitrary code via a long second argument.
1729 CVE-2004-0637 94 Exec Code 2004-09-02 2008-09-10
6.5
None Remote Low ??? Partial Partial Partial
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
1730 CVE-2004-0636 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.
1731 CVE-2004-0635 DoS 2004-12-06 2017-10-11
5.0
None Remote Low Not required None None Partial
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
1732 CVE-2004-0634 DoS 2004-12-06 2017-10-11
5.0
None Remote Low Not required None None Partial
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
1733 CVE-2004-0633 DoS Overflow 2004-12-06 2017-10-11
5.0
None Remote Low Not required None None Partial
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
1734 CVE-2004-0632 Exec Code Overflow 2004-07-27 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow.
1735 CVE-2004-0631 Exec Code Overflow 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command.
1736 CVE-2004-0630 Exec Code 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command.
1737 CVE-2004-0629 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.
1738 CVE-2004-0628 DoS Exec Code Overflow 2004-12-06 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
1739 CVE-2004-0627 Bypass 2004-12-06 2019-12-17
10.0
None Remote Low Not required Complete Complete Complete
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
1740 CVE-2004-0626 DoS 2004-12-06 2017-07-11
5.0
None Remote Low Not required None None Partial
The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.
1741 CVE-2004-0625 +Priv Sql Bypass 2004-12-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page.
1742 CVE-2004-0624 Exec Code File Inclusion 2004-12-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code.
1743 CVE-2004-0623 Exec Code 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog.
1744 CVE-2004-0622 +Info 2004-12-06 2018-10-19
2.1
None Local Low Not required Partial None None
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.
1745 CVE-2004-0621 +Priv 2004-12-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.
1746 CVE-2004-0620 XSS 2004-12-06 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
1747 CVE-2004-0619 DoS Exec Code Overflow 2004-12-06 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
1748 CVE-2004-0618 DoS 2004-12-06 2017-07-11
2.1
None Local Low Not required None None Partial
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
1749 CVE-2004-0617 XSS 2004-12-06 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter.
1750 CVE-2004-0616 +Info 2004-12-06 2017-07-11
5.0
None Remote Low Not required Partial None None
The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext.
Total number of vulnerabilities : 2451   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 (This Page)36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.