CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2351 CVE-2003-1004 DoS 2004-01-05 2018-10-30
5.0
None Remote Low Not required None None Partial
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
2352 CVE-2003-1003 20 DoS 2004-01-05 2018-10-30
7.8
None Remote Low Not required None None Complete
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
2353 CVE-2003-1002 DoS 2004-01-05 2008-09-10
5.0
None Remote Low Not required None None Partial
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
2354 CVE-2003-1001 DoS Overflow 2004-01-05 2008-09-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
2355 CVE-2003-1000 DoS 2004-01-05 2016-10-18
5.0
None Remote Low Not required None None Partial
xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.
2356 CVE-2003-0999 Exec Code 2004-01-05 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.
2357 CVE-2003-0998 +Priv 2004-01-05 2021-04-13
4.6
None Local Low Not required Partial Partial Partial
Unknown "potential system security vulnerability" in Computer Associates (CA) Unicenter Remote Control 5.0 through 5.2, and ControlIT 5.0 and 5.1, may allow attackers to gain privileges to the local system account.
2358 CVE-2003-0997 DoS 2004-01-05 2021-04-13
5.0
None Remote Low Not required None None Partial
Unknown "Denial of Service Attack" vulnerability in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to cause a denial of service (CPU consumption in URC host service).
2359 CVE-2003-0996 +Priv 2004-01-05 2021-04-13
4.6
None Local Low Not required Partial Partial Partial
Unknown "System Security Vulnerability" in Computer Associates (CA) Unicenter Remote Control (URC) 6.0 allows attackers to gain privileges via the help interface.
2360 CVE-2003-0995 DoS Overflow 2004-01-05 2019-04-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.
2361 CVE-2003-0994 +Priv 2004-02-03 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
2362 CVE-2003-0993 Bypass 2004-03-29 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
2363 CVE-2003-0992 XSS 2004-02-17 2017-10-11
4.3
None Remote Medium Not required Partial None None
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users.
2364 CVE-2003-0991 DoS 2004-03-03 2017-10-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
2365 CVE-2003-0990 Exec Code 2004-01-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
2366 CVE-2003-0989 DoS 2004-02-17 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
2367 CVE-2003-0988 Exec Code Overflow 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
2368 CVE-2003-0987 2004-03-03 2021-06-06
7.5
None Remote Low Not required Partial Partial Partial
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
2369 CVE-2003-0985 DoS +Priv 2004-01-20 2018-05-03
7.2
None Local Low Not required Complete Complete Complete
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
2370 CVE-2003-0984 2004-01-05 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do not properly initialize their structures, which could leak kernel data to user space.
2371 CVE-2003-0983 2004-01-05 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Cisco Unity on IBM servers is shipped with default settings that should have been disabled by the manufacturer, which allows local or remote attackers to conduct unauthorized activities via (1) a "bubba" local user account, (2) an open TCP port 34571, or (3) when a local DHCP server is unavailable, a DHCP server on the manufacturer's test network.
2372 CVE-2003-0982 Exec Code Overflow 2004-01-05 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the authentication module for Cisco ACNS 4.x before 4.2.11, and 5.x before 5.0.5, allows remote attackers to execute arbitrary code via a long password.
2373 CVE-2003-0981 XSS 2004-01-05 2016-10-18
4.3
None Remote Medium Not required None Partial None
FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.
2374 CVE-2003-0980 XSS 2004-01-05 2016-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE (visitorbook.pl) allows remote attackers to inject arbitrary HTML or web script via (1) the "do" parameter, (2) via the "user" parameter from a host with a malicious reverse DNS name, (3) via quote marks or ampersands in other parameters.
2375 CVE-2003-0979 2004-01-05 2016-10-18
5.0
None Remote Low Not required None Partial None
FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape line breaks in input, which allows remote attackers to (1) use VisitorBook as an open mail relay, when $mailuser is 1, via extra headers in the email field, or (2) cause the guestbook database to be deleted via a large number of line breaks that exceeds the $max_posts variable.
2376 CVE-2003-0978 DoS Exec Code 2004-01-05 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in gpgkeys_hkp (experimental HKP interface) for the GnuPG (gpg) client 1.2.3 and earlier, and 1.3.3 and earlier, allows remote attackers or a malicious keyserver to cause a denial of service (crash) and possibly execute arbitrary code during key retrieval.
2377 CVE-2003-0977 2004-01-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
CVS server before 1.11.10 may allow attackers to cause the CVS server to create directories and files in the file system root directory via malformed module requests.
2378 CVE-2003-0969 Exec Code 2004-01-20 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
2379 CVE-2003-0966 Exec Code Overflow 2004-02-17 2017-10-10
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
2380 CVE-2003-0965 XSS 2004-02-17 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities.
2381 CVE-2003-0963 Exec Code Overflow 2004-01-05 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for lftp 2.6.9 and earlier allow remote HTTP servers to execute arbitrary code via long directory names that are processed by the ls or rels commands.
2382 CVE-2003-0949 Exec Code 2004-02-03 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands.
2383 CVE-2003-0931 DoS 2004-09-28 2017-07-11
5.0
None Remote Low Not required None None Partial
Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999.
2384 CVE-2003-0930 Bypass 2004-09-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.
2385 CVE-2003-0929 Bypass 2004-09-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
2386 CVE-2003-0928 Bypass 2004-09-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
2387 CVE-2003-0924 2004-02-17 2017-10-10
3.7
None Local High Not required Partial Partial Partial
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
2388 CVE-2003-0910 Exec Code 2004-06-01 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The NtSetLdtEntries function in the programming interface for the Local Descriptor Table (LDT) in Windows NT 4.0 and Windows 2000 allows local attackers to gain access to kernel memory and execute arbitrary code via an expand-down data segment descriptor descriptor that points to protected memory.
2389 CVE-2003-0909 Exec Code 2004-06-01 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
Windows XP allows local users to execute arbitrary programs by creating a task at an elevated privilege level through the eventtriggers.exe command-line tool or the Task Scheduler service, aka "Windows Management Vulnerability."
2390 CVE-2003-0908 Exec Code 2004-06-01 2018-10-12
7.2
None Local Low Not required Complete Complete Complete
The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe with system privileges, which allows local users to execute arbitrary code via a "Shatter" style attack using a Windows message that accesses the context sensitive help button in the GUI, as demonstrated using the File Open dialog in the Help window, a different vulnerability than CVE-2004-0213.
2391 CVE-2003-0907 Exec Code 2004-06-01 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Help and Support Center in Microsoft Windows XP SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code via quotation marks in an hcp:// URL, which are not quoted when constructing the argument list to HelpCtr.exe.
2392 CVE-2003-0906 Exec Code Overflow 2004-06-01 2018-10-12
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, and XP SP1 allows remote attackers to execute arbitrary code via a malformed WMF or EMF image.
2393 CVE-2003-0905 DoS 2004-04-15 2018-10-12
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.
2394 CVE-2003-0904 200 +Info 2004-01-20 2020-04-09
6.0
None Remote Medium ??? Partial Partial Partial
Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other users when Kerberos has been disabled as an authentication method for IIS 6.0, e.g. when SharePoint Services 2.0 is installed.
2395 CVE-2003-0903 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
2396 CVE-2003-0902 Exec Code 2004-02-03 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands.
2397 CVE-2003-0828 Overflow +Priv 2004-03-29 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables.
2398 CVE-2003-0825 20 DoS Exec Code 2004-03-03 2019-04-30
9.3
None Remote Medium Not required Complete Complete Complete
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
2399 CVE-2003-0823 2004-02-03 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick, a different vulnerability than CVE-2003-1027.
2400 CVE-2003-0819 119 Exec Code Overflow 2004-02-17 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Total number of vulnerabilities : 2451   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 (This Page)49 50
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.