Security Vulnerabilities Published In November 2004 (CVSS score >= 1)

2004 : January February March April May June July August September October November December

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : CVE Number Descending CVE Number Ascending CVSS Score Descending Number Of Exploits Descending

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
151	CVE-2004-0245		DoS	2004-11-23	2017-07-11	5.0	None	Remote	Low	Not required	None	None	Partial
Web Crossing 4.x and 5.x allows remote attackers to cause a denial of service (crash) by sending a HTTP POST request with a large or negative Content-Length, which causes an integer divide-by-zero.
152	CVE-2004-0244	20	DoS	2004-11-23	2017-10-11	4.7	None	Local	Medium	Not required	None	None	Complete
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
153	CVE-2004-0243			2004-11-23	2017-07-11	5.0	None	Remote	Low	Not required	Partial	None	None
AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displays a different message if the password is correct, which allows remote attackers to guess the password via brute force methods.
154	CVE-2004-0242			2004-11-23	2017-07-11	5.0	None	Remote	Low	Not required	Partial	None	None
X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
155	CVE-2004-0241		Exec Code	2004-11-23	2017-07-11	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
156	CVE-2004-0240		Dir. Trav.	2004-11-23	2017-07-11	5.0	None	Remote	Low	Not required	Partial	None	None
Directory traversal vulnerability in X-Cart 3.4.3 allows remote attackers to view arbitrary files via a .. (dot dot) in the shop_closed_file argument to auth.php.
157	CVE-2004-0239		Sql	2004-11-23	2017-07-11	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 and earlier allows remote attackers to gain unauthorized access via the photo variable.
158	CVE-2004-0238		Exec Code Overflow	2004-11-23	2017-07-11	7.2	None	Local	Low	Not required	Complete	Complete	Complete
Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow local users to execute arbitrary code in the client via a long HOME environment variable in the (1) load_cfg and (2) save_cfg functions; possibly allow remote attackers to execute arbitrary code via long strings to (3) the send_message function; and, in the server, via (4) the parse_command_line function.
159	CVE-2004-0237		Dir. Trav.	2004-11-23	2017-07-11	5.0	None	Remote	Low	Not required	Partial	None	None
Directory traversal vulnerability in index.php in Aprox PHP Portal allows remote attackers to read arbitrary files via a full pathname in the show parameter.
160	CVE-2004-0236		Sql	2004-11-23	2017-07-11	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
SQL injection vulnerability in login.asp in thePHOTOtool allows remote attackers to gain unauthorized access via the password field.
161	CVE-2004-0216		Exec Code Overflow	2004-11-03	2021-07-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Integer overflow in the Install Engine (inseng.dll) for Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious website or HTML email with a long .CAB file name, which triggers the integer overflow when calculating a buffer length and leads to a heap-based buffer overflow.
162	CVE-2004-0214		DoS Exec Code Overflow	2004-11-03	2021-07-23	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Buffer overflow in Microsoft Internet Explorer and Explorer on Windows XP SP1, WIndows 2000, Windows 98, and Windows Me may allow remote malicious servers to cause a denial of service (application crash) and possibly execute arbitrary code via long share names, as demonstrated using Samba.
163	CVE-2004-0211		DoS	2004-11-03	2018-10-12	2.1	None	Local	Low	Not required	None	None	Partial
The kernel for Microsoft Windows Server 2003 does not reset certain values in CPU data structures, which allows local users to cause a denial of service (system crash) via a malicious program.
164	CVE-2004-0209		Exec Code	2004-11-03	2018-10-12	10.0	None	Remote	Low	Not required	Complete	Complete	Complete
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
165	CVE-2004-0208		+Priv	2004-11-03	2018-10-12	7.2	None	Local	Low	Not required	Complete	Complete	Complete
The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions.
166	CVE-2004-0207		+Priv	2004-11-03	2018-10-12	2.1	None	Local	Low	Not required	None	Partial	None
"Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions.
167	CVE-2004-0206		Exec Code Overflow +Priv	2004-11-03	2018-10-12	7.5	None	Remote	Low	Not required	Partial	Partial	Partial
Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow.
168	CVE-2004-0203	79	XSS	2004-11-23	2020-04-09	4.3	None	Remote	Medium	Not required	None	Partial	None
Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query.
169	CVE-2004-0112		DoS	2004-11-23	2021-11-08	5.0	None	Remote	Low	Not required	None	None	Partial
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
170	CVE-2004-0081		DoS	2004-11-23	2021-11-08	5.0	None	Remote	Low	Not required	None	None	Partial
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
171	CVE-2004-0079		DoS	2004-11-23	2021-11-08	5.0	None	Remote	Low	Not required	None	None	Partial
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
172	CVE-2003-0718		DoS	2004-11-03	2020-11-23	5.0	None	Remote	Low	Not required	None	None	Partial
The WebDAV Message Handler for Internet Information Services (IIS) 5.0, 5.1, and 6.0 allows remote attackers to cause a denial of service (memory and CPU exhaustion, application crash) via a PROPFIND request with an XML message containing XML elements with a large number of attributes.

Total number of vulnerabilities : 172 Page : 1 2 3 4 (This Page)