CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2201 CVE-2004-0119 476 DoS Exec Code 2004-06-01 2020-11-13
7.5
None Remote Low Not required Partial Partial Partial
The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection.
2202 CVE-2004-0118 Exec Code 2004-06-01 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code.
2203 CVE-2004-0117 Exec Code 2004-06-01 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
2204 CVE-2004-0116 DoS 2004-06-01 2018-10-12
5.0
None Remote Low Not required None None Partial
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
2205 CVE-2004-0115 Exec Code 2004-03-03 2018-10-12
4.6
None Local Low Not required Partial Partial Partial
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
2206 CVE-2004-0114 +Priv 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
2207 CVE-2004-0113 DoS 2004-03-29 2021-06-06
5.0
None Remote Low Not required None None Partial
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
2208 CVE-2004-0112 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
2209 CVE-2004-0111 DoS 2004-04-15 2017-10-10
5.0
None Remote Low Not required None None Partial
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
2210 CVE-2004-0110 Exec Code Overflow 2004-03-15 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
2211 CVE-2004-0109 Exec Code Overflow 2004-06-01 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry.
2212 CVE-2004-0108 2004-04-15 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
2213 CVE-2004-0107 2004-04-15 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.
2214 CVE-2004-0106 2004-03-03 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084.
2215 CVE-2004-0105 Exec Code Overflow 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
2216 CVE-2004-0104 Exec Code 2004-03-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
2217 CVE-2004-0103 Overflow +Priv 2004-03-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow.
2218 CVE-2004-0099 Bypass 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
2219 CVE-2004-0097 DoS Exec Code 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
2220 CVE-2004-0096 DoS 2004-03-03 2008-09-05
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
2221 CVE-2004-0095 DoS Exec Code Overflow 2004-02-17 2017-10-10
5.0
None Remote Low Not required None None Partial
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
2222 CVE-2004-0094 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
2223 CVE-2004-0093 DoS Exec Code 2004-03-15 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
2224 CVE-2004-0092 2004-03-03 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.
2225 CVE-2004-0091 XSS 2004-02-17 2016-10-18
4.3
None Remote Medium Not required None Partial None
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
2226 CVE-2004-0090 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors.
2227 CVE-2004-0089 Overflow +Priv 2004-03-03 2017-10-10
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
2228 CVE-2004-0088 2004-03-03 2008-09-10
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087.
2229 CVE-2004-0087 2004-03-03 2017-07-11
2.1
None Local Low Not required None Partial None
The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088.
2230 CVE-2004-0086 2004-03-03 2008-09-10
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085.
2231 CVE-2004-0085 2004-03-03 2017-07-11
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086.
2232 CVE-2004-0084 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106.
2233 CVE-2004-0083 Exec Code Overflow 2004-03-03 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
2234 CVE-2004-0082 2004-03-03 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
2235 CVE-2004-0081 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
2236 CVE-2004-0080 2004-03-03 2017-10-10
5.0
None Remote Low Not required Partial None None
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
2237 CVE-2004-0079 DoS 2004-11-23 2021-11-08
5.0
None Remote Low Not required None None Partial
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
2238 CVE-2004-0078 DoS Exec Code Overflow 2004-03-03 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
2239 CVE-2004-0077 +Priv 2004-03-03 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
2240 CVE-2004-0075 DoS 2004-03-15 2017-10-10
2.1
None Local Low Not required None None Partial
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
2241 CVE-2004-0074 Overflow +Priv 2004-02-17 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
2242 CVE-2004-0073 Exec Code File Inclusion 2004-02-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
2243 CVE-2004-0072 Dir. Trav. 2004-02-17 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.
2244 CVE-2004-0071 Dir. Trav. 2004-02-17 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.
2245 CVE-2004-0070 Exec Code File Inclusion 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
2246 CVE-2004-0069 Exec Code 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.
2247 CVE-2004-0068 Exec Code File Inclusion 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
2248 CVE-2004-0067 79 XSS 2004-02-17 2018-10-19
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
2249 CVE-2004-0066 2004-02-17 2017-07-11
5.0
None Remote Low Not required Partial None None
phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.
2250 CVE-2004-0065 Sql 2004-02-17 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
Total number of vulnerabilities : 2451   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 (This Page)46 47 48 49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.