CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2004-1826 Exec Code Sql 2004-03-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
352 CVE-2004-1821 +Priv Sql 2004-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.
353 CVE-2004-1820 Exec Code File Inclusion 2004-03-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in displaycategory.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php.
354 CVE-2004-1818 XSS 2004-03-15 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to execute arbitrary script as other users by injecting arbitrary script into the z parameter.
355 CVE-2004-1813 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authentication via an HTTP request to home.asp with a trailing slash (/).
356 CVE-2004-1812 Exec Code Overflow 2004-12-31 2021-04-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.
357 CVE-2004-1811 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates.
358 CVE-2004-1806 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters.
359 CVE-2004-1800 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie.
360 CVE-2004-1799 Bypass 2004-12-31 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to other interfaces.
361 CVE-2004-1796 Exec Code File Inclusion 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3.
362 CVE-2004-1793 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm.
363 CVE-2004-1791 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain access.
364 CVE-2004-1787 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries.
365 CVE-2004-1785 Exec Code Sql 2004-01-03 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.
366 CVE-2004-1784 Exec Code Overflow 2004-01-03 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.
367 CVE-2004-1783 Dir. Trav. 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot).
368 CVE-2004-1782 Exec Code 2004-12-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter.
369 CVE-2004-1774 Exec Code Overflow 2004-08-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
370 CVE-2004-1773 Exec Code Overflow 2004-12-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in sharutils 4.2.1 and earlier may allow attackers to execute arbitrary code via (1) long output from wc to shar, or (2) unknown vectors in unshar.
371 CVE-2004-1770 Exec Code 2004-03-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.
372 CVE-2004-1769 Exec Code 2004-03-11 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.
373 CVE-2004-1767 264 +Priv 2004-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
374 CVE-2004-1765 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apache 2.x, when SecFilterScanPost is enabled, allows remote attackers to execute arbitrary code via crafted POST requests.
375 CVE-2004-1764 Overflow +Priv 2004-01-14 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
376 CVE-2004-1763 DoS Exec Code Overflow 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.
377 CVE-2004-1762 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux before Hotfix 3 allows the Sober.D worm to bypass FASV.
378 CVE-2004-1760 287 +Priv 2004-01-21 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
379 CVE-2004-1755 +Priv 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
380 CVE-2004-1752 Exec Code Overflow 2004-08-24 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
381 CVE-2004-1737 Exec Code Sql Bypass 2004-08-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
382 CVE-2004-1734 Exec Code File Inclusion 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL on a remote web server that contains the code.
383 CVE-2004-1732 Exec Code Sql 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
384 CVE-2004-1728 Exec Code Overflow 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.
385 CVE-2004-1726 Exec Code Overflow 2004-08-20 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
386 CVE-2004-1725 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in xvbmp.c in XV allows remote attackers to execute arbitrary code via a crafted image file.
387 CVE-2004-1724 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
388 CVE-2004-1722 Sql 2004-08-17 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
389 CVE-2004-1717 Exec Code Overflow 2004-08-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
390 CVE-2004-1716 XSS 2004-08-16 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
391 CVE-2004-1710 Exec Code 2004-08-06 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
392 CVE-2004-1707 +Priv 2004-07-30 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
393 CVE-2004-1706 DoS Exec Code 2004-08-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
394 CVE-2004-1704 +Priv 2004-07-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
395 CVE-2004-1703 Exec Code 2004-07-30 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
396 CVE-2004-1701 Exec Code Overflow 2004-08-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
397 CVE-2004-1697 2004-09-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
398 CVE-2004-1695 Bypass 2004-09-20 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
399 CVE-2004-1694 2004-09-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
400 CVE-2004-1693 Exec Code File Inclusion 2004-09-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
Total number of vulnerabilities : 1077   Page : 1 2 3 4 5 6 7 8 (This Page)9 10 11 12 13 14 15 16 17 18 19 20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.