CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 4)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
301 CVE-2004-2437 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
302 CVE-2004-2435 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources Management System (HRMS) 7.0, when "web enabled" using HTML Access, allows remote attackers to inject arbitrary web script or HTML via unspecified (1) debugging or (2) utility scripts.
303 CVE-2004-2434 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
304 CVE-2004-2433 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the IsValidFile function in the ADM ActiveX control for Altnet Download Manager 4.0.0.4 and earlier, as used in Kazaa Media Desktop 1.3 through 2.6.4 and Grokkster 1.3 through 2.6, allows remote attackers to execute arbitrary code via a long bstrFilepath parameter.
305 CVE-2004-2432 DoS Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of service (crash) via a request for a file with a long file name, possibly due to an off-by-one buffer overflow.
306 CVE-2004-2431 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.
307 CVE-2004-2430 +Priv 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
308 CVE-2004-2429 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based and heap-based buffer overflows in EnderUNIX spamGuard before 1.7-BETA allow remote attackers to execute arbitrary code via the (1) qmail_parseline and (2) sendmail_parseline functions in parser.c, (3) loadconfig and (4) removespaces functions in loadconfig.c, and possibly (5) unspecified functions in functions.c.
309 CVE-2004-2428 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the plaintext username and password.
310 CVE-2004-2427 DoS +Info 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
311 CVE-2004-2426 Dir. Trav. Bypass 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
312 CVE-2004-2425 Exec Code 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to execute arbitrary commands via accent (`) and possibly other shell metacharacters in the query string to virtualinput.cgi.
313 CVE-2004-2424 DoS 2004-12-31 2017-07-12
5.0
None Remote Low Not required None None Partial
BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow remote attackers to cause a denial of service (network port consumption) via unknown actions in HTTPS sessions, which prevents the server from releasing the network port when the session ends.
314 CVE-2004-2423 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the Web calendaring component of Ipswitch IMail Server before 8.13 allows remote attackers to cause a denial of service (crash) via "specific content."
315 CVE-2004-2422 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple features in Ipswitch IMail Server before 8.13 allow remote attackers to cause a denial of service (crash) via (1) a long sender field to the Queue Manager or (2) a long To field to the Web Messaging component.
316 CVE-2004-2421 Bypass 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.
317 CVE-2004-2420 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7 allows remote attackers to cause a denial of service (daemon halt) via a port scan involving reset packets.
318 CVE-2004-2418 Exec Code Overflow 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.
319 CVE-2004-2417 Exec Code 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) client hostname or (2) message-id, which are injected into a syslog message.
320 CVE-2004-2416 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.
321 CVE-2004-2415 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Davenport before 0.9.10 allows attackers to cause a denial of service (resource consumption) via (1) a very large XML file or (2) entity expansion attacks.
322 CVE-2004-2413 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 allows remote attackers to execute arbitrary SQL commands via the (1) Processed0 and (2) Processed1 parameters in a POST request to shopproductselect.asp.
323 CVE-2004-2412 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 through 5.0 allow remote attackers to execute arbitrary SQL commands via the catalogid parameter in (1) shopreviewlist.asp and (2) shopreviewadd.asp.
324 CVE-2004-2411 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4.0 through 5.0 does not sufficiently cleanse inputs, which allows remote attackers to conduct cross-site scripting (XSS) attacks that do not use <script> tags, as demonstrated via javascript in IMG tags to (1) the cat parameter in shopdisplayproducts.asp or (2) the msg parameter in shoperror.asp, and possibly other vectors.
325 CVE-2004-2409 Exec Code Overflow 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 through 2.0.1, when running in update mode ("-t update"), might allow attackers to execute arbitrary code.
326 CVE-2004-2407 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
327 CVE-2004-2406 Overflow 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
328 CVE-2004-2405 DoS Overflow Bypass 2004-12-31 2017-07-11
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.
329 CVE-2004-2403 CSRF 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3.2 allows remote attackers to perform unauthorized actions as the administrative user via a link or IMG tag to YaBB.pl that specifies the desired action, id, and moda parameters.
330 CVE-2004-2402 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP 1.3.2 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded to parameter. NOTE: some sources say that the board parameter is affected, but this is incorrect.
331 CVE-2004-2401 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Ipswitch IMail Express Web Messaging before 8.05 might allow remote attackers to execute arbitrary code via an HTML message with long "tag text."
332 CVE-2004-2399 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (CPU consumption) via delayed responses to DNS queries.
333 CVE-2004-2397 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
The web-based Management Console in Blue Coat Security Gateway OS 3.0 through 3.1.3.13 and 3.2.1, when importing a private key, stores the key and its passphrase in plaintext in a log file, which allows attackers to steal digital certificates.
334 CVE-2004-2396 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
335 CVE-2004-2393 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not properly validate the certificate chain of a client or server, which allows remote attackers to falsely authenticate peers for SSL/TLS.
336 CVE-2004-2392 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
337 CVE-2004-2391 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service a message with an empty <priority/> tag.
338 CVE-2004-2390 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8, when using libgadu 1.0 and later, allows attackers to cause a denial of service via unknown vectors.
339 CVE-2004-2389 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2.0.8 allows remote attackers to cause a denial of service (infinite loop) via user re-registration.
340 CVE-2004-2388 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
rexecd for AIX 4.3.3 does not properly use a local copy of the pwd structure when calling getpwnam, which may cause the structure to be overwritten by the authenticate function and assign privileges to the wrong user.
341 CVE-2004-2387 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code.
342 CVE-2004-2386 134 Exec Code 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.
343 CVE-2004-2385 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path information (home directory) via an HTTP request for init.emu.
344 CVE-2004-2384 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
NullSoft Winamp 5.02 allows remote attackers to cause a denial of service (crash) by creating a file with a long filename, which causes the victim's player to crash when the file is opened from the command line.
345 CVE-2004-2383 Bypass 2004-12-31 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
346 CVE-2004-2382 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".
347 CVE-2004-2381 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote attackers to cause denial of service (memory usage and application crash) via HTTP requests with a large Content-Length.
348 CVE-2004-2380 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in postfile.exe for Twilight Utilities Web Server 2.0.0.0 allows remote attackers to write arbitrary files via a .. (dot dot) in the attfile parameter.
349 CVE-2004-2379 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for Windows allow remote attackers to inject arbitrary web script or HTML via (1) the Displayed Name attribute in util.pl and (2) the Folder attribute in showmail.pl.
350 CVE-2004-2378 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
@Mail 3.64 for Windows allows remote attackers to cause a denial of service ("unusable" server) via a large number of POP3 connections to the server.
Total number of vulnerabilities : 2243   Page : 1 2 3 4 5 6 7 (This Page)8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.