CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1851 CVE-2004-0304 Exec Code Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in browse_items.asp in WebCortex WebStores 2000 6.0 allows remote attackers to gain unauthorized access and execute arbitrary commands via the Search_Text parameter.
1852 CVE-2004-0303 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in /multiplechoice/resultsignore.php, as demonstrated using /etc/passwd.
1853 CVE-2004-0302 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the (1) file parameter in index.php, (2) editfile in glossary.php, or (3) editfile in newmultiplechoice.php.
1854 CVE-2004-0301 XSS 2004-11-23 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in more.php for Online Store Kit 3.0 allows remote attackers to inject arbitrary HTML via the id parameter.
1855 CVE-2004-0300 Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in Online Store Kit 3.0 allows remote attackers to inject arbitrary SQL and gain unauthorized access via (1) the cat parameter in shop.php, (2) the id parameter in more.php, (3) the cat_manufacturer parameter in shop_by_brand.php, or (4) the id parameter in listing.php.
1856 CVE-2004-0298 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
CesarFTP 0.99e allows remote attackers to cause a denial of service (CPU consumption) via a long RETR parameter.
1857 CVE-2004-0297 DoS Exec Code Overflow 2004-11-23 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
1858 CVE-2004-0296 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a TsFtpSrv.exe to exit with an exception by opening and immediately closing a connection.
1859 CVE-2004-0295 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a denial of service (CPU consumption) via an open idle connection.
1860 CVE-2004-0294 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
YaBB 1 SP 1.3.1 displays different error messages when a user exists or not, which makes it easier for remote attackers to identify valid users and conduct a brute force password guessing attack.
1861 CVE-2004-0293 Dir. Trav. 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ShopCartCGI 2.3 allows remote attackers to retrieve arbitrary files via a .. (dot dot) in a HTTP request to (1) gotopage.cgi or (2) genindexpage.cgi.
1862 CVE-2004-0292 DoS Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
1863 CVE-2004-0291 Sql 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 allows remote attackers to obtain hashed passwords via the quote parameter.
1864 CVE-2004-0290 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.
1865 CVE-2004-0288 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 through 3.2.15 could allow remote attackers to execute arbitrary code by indexing a large document.
1866 CVE-2004-0287 DoS Overflow 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Xlight FTP server 1.52 allows remote authenticated users to cause a denial of service (crash) via a RETR command with a long argument containing a large number of / (slash) characters, possibly triggering a buffer overflow.
1867 CVE-2004-0286 DoS Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long username.
1868 CVE-2004-0285 94 Exec Code File Inclusion 2004-11-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter.
1869 CVE-2004-0284 DoS 2004-11-23 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow remote attackers to cause a denial of service (CPU consumption), if "Do not save encrypted pages to disk" is disabled, via a web site or HTML e-mail that contains two null characters (%00) after the host name.
1870 CVE-2004-0282 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of service (crash) by repeatedly connecting to and disconnecting from the server.
1871 CVE-2004-0281 2004-11-23 2019-06-12
5.0
None Remote Low Not required Partial None None
Caucho Technology Resin 2.1.12 allows remote attackers to gain sensitive information and view the contents of the /WEB-INF/ directory via an HTTP request for "WEB-INF..", which is equivalent to "WEB-INF" in Windows.
1872 CVE-2004-0280 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
Caucho Technology Resin 2.1.12 allows remote attackers to view JSP source via an HTTP request to a .jsp file that ends in a "%20" (encoded space character), e.g. index.jsp%20.
1873 CVE-2004-0279 2004-11-23 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary files via a symlink attack on /tmp/AS.log.
1874 CVE-2004-0278 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.
1875 CVE-2004-0277 DoS Exec Code 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Dream FTP 1.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the username.
1876 CVE-2004-0276 20 DoS 2004-11-23 2020-03-26
5.0
None Remote Low Not required None None Partial
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
1877 CVE-2004-0275 Sql +Info 2004-11-23 2017-07-11
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in calendar_download.php in BosDates 3.2 and earlier allows remote attackers to obtain sensitive information and gain access via the calendar parameter.
1878 CVE-2004-0274 2004-11-23 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.
1879 CVE-2004-0273 22 Dir. Trav. 2004-11-23 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
1880 CVE-2004-0272 Sql 2004-11-23 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MaxWebPortal allows remote attackers to inject arbitrary SQL code and gain sensitive information via the SendTo parameter in Personal Messages.
1881 CVE-2004-0271 XSS 2004-11-23 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal allow remote attackers to execute arbitrary web script as other users via (1) the sub_name parameter of dl_showall.asp, (2) the SendTo parameter in Personal Messages, (3) the HTTP_REFERER for down.asp, or (4) the image name of an Avatar in the register form.
1882 CVE-2004-0270 DoS 2004-11-23 2017-10-10
5.0
None Remote Low Not required None None Partial
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
1883 CVE-2004-0269 Sql 2004-11-23 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly 7.x, allows remote attackers to inject arbitrary SQL code and gain sensitive information via (1) the category variable in the Search module or (2) the admin variable in the Web_Links module.
1884 CVE-2004-0268 DoS Overflow 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote attackers to cause a denial of service (hang) via (1) a long cd command to the FTP server, or (2) a long dir command to the telnet server.
1885 CVE-2004-0266 Sql 2004-11-23 2017-07-19
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in the "public message" capability (public_message) for Php-Nuke 6.x to 7.1.0 allows remote attackers to obtain the administrator password via the c_mid parameter.
1886 CVE-2004-0265 Exec Code XSS 2004-11-23 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded (1) title or (2) fname parameters in the News or Reviews modules.
1887 CVE-2004-0264 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
palmhttpd for PalmOS allows remote attackers to cause a denial of service (crash) by establishing two simultaneous HTTP connections, which exceeds the PalmOS accept queue.
1888 CVE-2004-0263 +Info 2004-11-23 2017-10-10
5.0
None Remote Low Not required Partial None None
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
1889 CVE-2004-0262 Exec Code Overflow 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in The Palace 3.5 and earlier client allows remote attackers to execute arbitrary code via a link to a palace:// url followed by a long server address string.
1890 CVE-2004-0261 Bypass 2004-11-23 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.
1891 CVE-2004-0260 2004-11-23 2017-07-11
5.0
None Remote Low Not required None Partial None
The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains a backdoor that allows remote attackers to delete arbitrary files via an email address that starts with |||.
1892 CVE-2004-0259 XSS Bypass 2004-11-23 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The check_referer() function in Formmail.php 5.0 and earlier allows remote attackers to bypass access restrictions via an empty or spoofed HTTP Referer, as demonstrated using an application on the same web server that contains a cross-site scripting (XSS) issue.
1893 CVE-2004-0258 Exec Code Overflow 2004-11-23 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealOne Enterprise Desktop, and RealPlayer Enterprise allow remote attackers to execute arbitrary code via malformed (1) .RP, (2) .RT, (3) .RAM, (4) .RPM or (5) .SMIL files.
1894 CVE-2004-0257 DoS 2004-11-23 2017-10-10
5.0
None Remote Low Not required None None Partial
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
1895 CVE-2004-0255 DoS Overflow 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
Xlight 1.52, with log to screen enabled, allows remote attackers to cause a denial of service by requesting a long directory consisting of . (dot) and / (slash) characters, which causes the server to crash when the administrator views the log file, possibly triggering a buffer overflow.
1896 CVE-2004-0254 XSS 2004-11-23 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
1897 CVE-2004-0253 DoS Exec Code Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to execute arbitrary programs or cause a denial of service via certain SQL code, possibly due to a SQL injection vulnerability.
1898 CVE-2004-0252 DoS 2004-11-23 2017-07-11
5.0
None Remote Low Not required None None Partial
TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of service (CPU consumption) via an empty USER name.
1899 CVE-2004-0251 XSS 2004-11-23 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote attackers to execute arbitrary script as other users via the query parameter.
1900 CVE-2004-0250 +Priv Sql 2004-11-23 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain privileges via (1) the product parameter in showproduct.php or (2) the cat parameter in showcat.php.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 (This Page)39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.