CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
201 CVE-2004-2548 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attackers to inject arbitrary web script or HTML via (a) a URI containing the script, or (b) the username field in the login form. NOTE: it is possible that the first attack vector is resultant from the error message issue (CVE-2004-2547).
202 CVE-2004-2546 DoS 2004-12-31 2018-10-30
6.4
None Remote Low Not required Partial None Partial
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
203 CVE-2004-2545 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.
204 CVE-2004-2543 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.
205 CVE-2004-2542 DoS Exec Code Sql Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.
206 CVE-2004-2541 119 Exec Code Overflow 2004-12-31 2017-10-11
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.
207 CVE-2004-2540 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
208 CVE-2004-2539 DoS 2004-12-31 2017-07-11
7.8
None Remote Low Not required None None Complete
Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vectors, possibly related to unspecified worms, as identified by bug ID
209 CVE-2004-2538 Exec Code 2004-12-31 2017-07-11
6.5
None Remote Low ??? Partial Partial Partial
Direct static code injection vulnerability in the PCG simple application generation in phpCodeGenie before 3.0.2 allows remote authenticated users to execute arbitrary code via the (1) header or (2) footer.
210 CVE-2004-2537 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
211 CVE-2004-2536 +Priv 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
212 CVE-2004-2535 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.
213 CVE-2004-2534 DoS 2004-12-31 2017-07-11
7.8
None Remote Low Not required None None Complete
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests.
214 CVE-2004-2533 20 DoS Mem. Corr. 2004-12-31 2020-07-28
5.0
None Remote Low Not required None None Partial
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
215 CVE-2004-2532 255 Exec Code 2004-12-31 2020-07-28
10.0
None Remote Low Not required Complete Complete Complete
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
216 CVE-2004-2531 DoS 2004-12-31 2017-07-11
7.8
None Remote Low Not required None None Complete
X.509 Certificate Signature Verification in Gnu transport layer security library (GnuTLS) 1.0.16 allows remote attackers to cause a denial of service (CPU consumption) via certificates containing long chains and signed with large RSA keys.
217 CVE-2004-2529 Bypass 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
218 CVE-2004-2528 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watchdog 4.0.1a allows remote attackers to inject arbitrary web script or HTML via the cam parameter.
219 CVE-2004-2527 DoS 2004-12-31 2017-07-11
5.4
None Remote High Not required None None Complete
The local and remote desktop login screens in Microsoft Windows XP before SP2 and 2003 allow remote attackers to cause a denial of service (CPU and memory consumption) by repeatedly using the WinKey+"U" key combination, which causes multiple copies of Windows Utility Manager to be loaded more quickly than they can be closed when the copies detect that another instance is running.
220 CVE-2004-2526 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.
221 CVE-2004-2525 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in compat.php in Serendipity before 0.7.1 allows remote attackers to inject arbitrary web script or HTML via the searchTerm variable.
222 CVE-2004-2524 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allows remote attackers to obtain plaintext username and password credentials by using the clogin_e and base64_encode functions to encode the desired user ID in the c parameter, then read the plaintext values in the resulting form.
223 CVE-2004-2523 Exec Code 2004-12-31 2017-07-11
6.5
None Remote Low ??? Partial Partial Partial
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
224 CVE-2004-2522 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the (1) template or (2) language parameter.
225 CVE-2004-2521 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to perform a denial of service (application crash) via a large number of connections to TCP port (1) 25 (SMTP) or (2) 110 (POP).
226 CVE-2004-2520 DoS 2004-12-31 2017-07-11
4.0
None Remote Low ??? None None Partial
POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authenticated users to cause a denial of service (application crash) via a large numeric value in the (1) LIST, (2) RETR, or (3) UIDL commands.
227 CVE-2004-2519 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial of service (CPU consumption) via directory specifiers in the LANGUAGE parameter to (1) index.tmpl and (2) web.tmpl, such as (a) slash "/", (b) backslash "\", (c) dot ".",, (d) dot dot "..", and (e) internal slash "lang//en".
228 CVE-2004-2518 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensitive information via (1) a trailing null byte ("%00") to a URL or (2) an invalid LANGUAGE parameter to web.tmpl, which reveals the full installation path in an error message.
229 CVE-2004-2517 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html.
230 CVE-2004-2516 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in myServer 0.7 allows remote attackers to list arbitrary directories via an HTTP GET command with a large number of "./" sequences followed by "../" sequences.
231 CVE-2004-2515 Exec Code 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which VMware would be running with privileges beyond those already available to the attackers, so this might not be a vulnerability.
232 CVE-2004-2514 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in modules/private_messages/index.php in PowerPortal 1.x allows remote attackers to inject arbitrary web script or HTML via the (1) SUBJECT or (2) MESSAGE field.
233 CVE-2004-2513 Exec Code Overflow 2004-12-31 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
234 CVE-2004-2512 Http R.Spl. 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and earlier allows remote attackers to conduct HTTP response splitting attacks to spoof web content and poison web caches via CRLF ("%0d%0a") sequences in the PHPSESSID parameter.
235 CVE-2004-2511 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the year, (2) month, and (3) day parameters in calendar.php; (4) the cid and (5) url parameters in index.php; (6) the cid parameter in annoucement.php; (7) the cid parameter in news.php; (8) the cid parameter in contents.php; (9) the q parameter in search.php; and (10) the country parameter in register.php.
236 CVE-2004-2510 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UBB.Threads before 6.5 allows remote attackers to inject arbitrary web script or HTML via the Cat parameter.
237 CVE-2004-2509 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) login.php, and (3) online.php in Infopop UBB.Threads 6.2.3 and 6.5 allow remote attackers to inject arbitrary web script or HTML via the Cat parameter.
238 CVE-2004-2508 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
239 CVE-2004-2507 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
240 CVE-2004-2506 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.
241 CVE-2004-2505 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Macromedia ColdFusion MX before 6.1 does not restrict the size of error messages, which allows remote attackers to cause a denial of service (memory consumption and crash) by sending repeated GET or POST requests that trigger error messages that use long strings of data.
242 CVE-2004-2504 +Priv 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
243 CVE-2004-2503 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
INweb Mail Server 2.40 allows remote attackers to cause a denial of service (crash) via a large number of connect/disconnect actions to the (1) POP3 and (2) SMTP services.
244 CVE-2004-2501 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the IMAP service of MailEnable Professional Edition 1.52 and Enterprise Edition 1.01 allows remote attackers to execute arbitrary code via (1) a long command string or (2) a long string to the MEIMAP service and then terminating the connection.
245 CVE-2004-2500 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
246 CVE-2004-2499 DoS 2004-12-31 2017-07-11
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier allows remote attackers to cause a denial of service via unknown attack vectors when a web site is "improperly accessed."
247 CVE-2004-2498 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors.
248 CVE-2004-2497 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
249 CVE-2004-2496 DoS 2004-12-31 2017-07-11
7.8
None Remote Low Not required None None Complete
The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attackers to cause a denial of service (service availability loss) via a large number of POST requests to /Search.
250 CVE-2004-2495 DoS 2004-12-31 2017-07-11
7.8
None Remote Low Not required None None Complete
The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Server 1.18 allow remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous connections to the service.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 (This Page)6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.