CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1801 CVE-2004-0560 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow.
1802 CVE-2004-0559 2004-10-20 2017-07-11
2.1
None Local Low Not required None Partial None
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
1803 CVE-2004-0558 DoS 2004-09-28 2018-03-13
5.0
None Remote Low Not required None None Partial
The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.
1804 CVE-2004-0557 Exec Code Overflow 2004-08-06 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
1805 CVE-2004-0555 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code.
1806 CVE-2004-0554 DoS 2004-08-06 2017-10-11
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
1807 CVE-2004-0552 Exec Code Bypass 2004-11-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed.
1808 CVE-2004-0551 DoS 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
1809 CVE-2004-0550 Exec Code Overflow 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
1810 CVE-2004-0549 Exec Code 2004-08-06 2021-07-23
10.0
None Remote Low Not required Complete Complete Complete
The WebBrowser ActiveX control, or the Internet Explorer HTML rendering engine (MSHTML), as used in Internet Explorer 6, allows remote attackers to execute arbitrary code in the Local Security context by using the showModalDialog method and modifying the location to execute code such as Javascript, as demonstrated using (1) delayed HTTP redirect operations, and an HTTP response with a Location: header containing a "URL:" prepended to a "ms-its" protocol URI, or (2) modifying the location attribute of the window, as exploited by the Download.ject (aka Scob aka Toofer) using the ADODB.Stream object.
1811 CVE-2004-0548 Exec Code Overflow 2004-08-06 2016-11-28
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the word-list-compress functionality in compress.c for Aspell allow local users to execute arbitrary code via a long entry in the wordlist that is not properly handled when using the (1) "c" compress option or (2) "d" decompress option.
1812 CVE-2004-0547 DoS Overflow 2004-08-06 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash).
1813 CVE-2004-0545 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.
1814 CVE-2004-0544 Overflow +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.
1815 CVE-2004-0543 Sql 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.
1816 CVE-2004-0542 Exec Code 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
1817 CVE-2004-0541 Exec Code Overflow 2004-08-06 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
1818 CVE-2004-0540 2004-08-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
1819 CVE-2004-0539 Exec Code 2004-08-06 2017-10-12
10.0
None Remote Low Not required Complete Complete Complete
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
1820 CVE-2004-0538 Exec Code 2004-08-06 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
1821 CVE-2004-0537 2004-08-06 2022-02-28
5.0
None Remote Low Not required None Partial None
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
1822 CVE-2004-0536 +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
1823 CVE-2004-0535 Overflow 2004-08-06 2017-10-11
2.1
None Local Low Not required Partial None None
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
1824 CVE-2004-0534 XSS 2004-09-17 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Business Objects InfoView 5.1.4 through 5.1.8 for WebIntelligence 2.7.0 through 2.7.4 allows remote attackers to inject arbitrary web script or HTML via document names when uploading a document.
1825 CVE-2004-0533 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces access controls on the client, which allows remote authenticated users to delete arbitrary files on the server via a crafted delete request using the InfoView web client.
1826 CVE-2004-0530 Exec Code 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path.
1827 CVE-2004-0529 +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
1828 CVE-2004-0528 2004-08-06 2017-07-11
5.0
None Remote Low Not required None Partial None
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
1829 CVE-2004-0527 2004-08-06 2017-07-11
5.0
None Remote Low Not required None Partial None
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
1830 CVE-2004-0526 2004-08-06 2021-07-23
5.0
None Remote Low Not required None Partial None
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
1831 CVE-2004-0525 DoS 2004-08-06 2018-10-30
5.0
None Remote Low Not required None None Partial
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.
1832 CVE-2004-0524 Overflow +Priv 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
1833 CVE-2004-0523 Exec Code Overflow 2004-08-18 2020-01-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
1834 CVE-2004-0522 Bypass 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
1835 CVE-2004-0521 Sql 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
1836 CVE-2004-0520 XSS 2004-08-18 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
1837 CVE-2004-0519 XSS 2004-08-18 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
1838 CVE-2004-0518 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
1839 CVE-2004-0517 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
1840 CVE-2004-0516 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
1841 CVE-2004-0515 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
1842 CVE-2004-0514 2004-08-18 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
1843 CVE-2004-0513 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
1844 CVE-2004-0512 DoS 2004-12-23 2017-07-11
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump.
1845 CVE-2004-0511 DoS 2004-12-23 2017-07-11
2.1
None Local Low Not required None None Partial
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
1846 CVE-2004-0510 Exec Code Overflow 2004-12-23 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
1847 CVE-2004-0507 DoS Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
1848 CVE-2004-0506 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
1849 CVE-2004-0505 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
1850 CVE-2004-0504 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
Total number of vulnerabilities : 2451   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 (This Page)38 39 40 41 42 43 44 45 46 47 48 49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.