CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2051 CVE-2004-0063 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
2052 CVE-2004-0062 Overflow 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
2053 CVE-2004-0061 Bypass 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
2054 CVE-2004-0060 DoS 2004-02-17 2016-10-18
5.0
None Remote Low Not required None None Partial
WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.
2055 CVE-2004-0059 Dir. Trav. 2004-02-17 2016-10-18
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.
2056 CVE-2004-0057 DoS 2004-02-17 2018-10-19
5.0
None Remote Low Not required None None Partial
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
2057 CVE-2004-0056 DoS Exec Code 2004-02-17 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
2058 CVE-2004-0055 DoS 2004-02-17 2017-10-11
5.0
None Remote Low Not required None None Partial
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
2059 CVE-2004-0054 DoS Exec Code 2004-02-17 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
2060 CVE-2004-0053 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.
2061 CVE-2004-0052 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients.
2062 CVE-2004-0051 Bypass 2004-10-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients.
2063 CVE-2004-0050 2004-06-14 2017-07-11
5.0
None Remote Low Not required Partial None None
Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others.
2064 CVE-2004-0049 DoS 2004-02-17 2008-09-05
6.8
None Remote Low ??? None None Complete
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
2065 CVE-2004-0047 +Priv 2004-03-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges.
2066 CVE-2004-0046 XSS 2004-02-03 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.
2067 CVE-2004-0045 Exec Code Overflow 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
2068 CVE-2004-0044 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
2069 CVE-2004-0043 DoS Exec Code Overflow 2004-02-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature.
2070 CVE-2004-0042 2004-02-03 2008-09-10
5.0
None Remote Low Not required Partial None None
vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames.
2071 CVE-2004-0041 264 Bypass 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions.
2072 CVE-2004-0040 Exec Code Overflow 2004-03-03 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
2073 CVE-2004-0039 Exec Code 2004-03-03 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI.
2074 CVE-2004-0038 Exec Code 2004-06-14 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.
2075 CVE-2004-0037 Exec Code 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.
2076 CVE-2004-0036 Sql 2004-01-20 2017-10-10
5.0
None Remote Low Not required Partial None None
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
2077 CVE-2004-0035 Exec Code Sql 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
2078 CVE-2004-0034 XSS 2004-01-20 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
2079 CVE-2004-0033 +Info 2004-01-20 2017-10-10
5.0
None Remote Low Not required Partial None None
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.
2080 CVE-2004-0032 XSS 2004-01-20 2017-10-10
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
2081 CVE-2004-0031 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
2082 CVE-2004-0030 Exec Code File Inclusion 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.
2083 CVE-2004-0029 +Priv 2004-01-20 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges.
2084 CVE-2004-0028 Exec Code 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
2085 CVE-2004-0017 Sql 2004-02-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations.
2086 CVE-2004-0016 2004-02-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
2087 CVE-2004-0015 +Priv 2004-02-03 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.
2088 CVE-2004-0014 Exec Code Overflow 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.
2089 CVE-2004-0013 DoS 2004-02-03 2017-10-10
5.0
None Remote Low Not required None None Partial
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).
2090 CVE-2004-0011 Exec Code Overflow 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.
2091 CVE-2004-0010 Overflow +Priv 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges.
2092 CVE-2004-0009 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
2093 CVE-2004-0008 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
2094 CVE-2004-0007 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
2095 CVE-2004-0006 DoS Exec Code Overflow 2004-03-03 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect.
2096 CVE-2004-0005 DoS Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte.
2097 CVE-2004-0004 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
2098 CVE-2004-0003 +Priv 2004-03-03 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking."
2099 CVE-2004-0002 DoS 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function.
2100 CVE-2004-0001 +Priv 2004-02-17 2017-10-10
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 (This Page)43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.