CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2004 (CVSS score >= 6)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-1697 2004-09-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The "Forgot your Password" link in Computer Associates (CA) Unicenter Management Portal 2.0 and 3.1 displays different error messages for users that exist and users that do not exist, which could allow remote attackers to guess valid usernames.
2 CVE-2004-1695 Bypass 2004-09-20 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to bypass authentication for the remote administration feature via a URL that contains an extra leading / (slash).
3 CVE-2004-1694 2004-09-21 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default usernames and passwords, one of which is hardcoded, which allows remote attackers to gain unauthorized access.
4 CVE-2004-1693 Exec Code File Inclusion 2004-09-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
5 CVE-2004-1685 Bypass 2004-09-15 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages.
6 CVE-2004-1676 Exec Code Overflow 2004-09-12 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message.
7 CVE-2004-1670 Dir. Trav. 2004-09-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. (dot dot) in the user parameter to viewaction.html or (2) rename arbitrary files via a ....// (doubled dot dot) in the folderold or folder parameters to folders.html.
8 CVE-2004-1668 Exec Code Sql 2004-09-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters.
9 CVE-2004-1661 +Priv Bypass 2004-09-02 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
10 CVE-2004-1654 Exec Code Sql 2004-09-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the calendar module in phpWebsite 0.9.3-4 and earlier allows remote attackers to execute arbitrary SQL commands via cal_template.
11 CVE-2004-1379 Exec Code Overflow 2004-09-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the DVD subpicture decoder in xine xine-lib 1-rc5 and earlier allows remote attackers to execute arbitrary code via a (1) DVD or (2) MPEG subpicture header where the second field reuses RLE data from the end of the first field.
12 CVE-2004-1372 Exec Code Overflow 2004-09-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow local users to execute arbitrary code via (1) a long third argument to the rec2xml function or (2) a long filename argument to the generate_distfile procedure.
13 CVE-2004-0866 2004-09-16 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
14 CVE-2004-0831 +Priv 2004-09-14 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges.
15 CVE-2004-0827 DoS Exec Code Overflow 2004-09-16 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
16 CVE-2004-0823 2004-09-07 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them.
17 CVE-2004-0822 Exec Code Overflow 2004-09-07 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
18 CVE-2004-0801 Exec Code 2004-09-16 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands.
19 CVE-2004-0745 Exec Code 2004-09-28 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.
20 CVE-2004-0699 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in ASN.1 decoding library in Check Point VPN-1 products, when Aggressive Mode IKE is implemented, allows remote attackers to execute arbitrary code by initiating an IKE negotiation and then sending an IKE packet with malformed ASN.1 data.
21 CVE-2004-0691 DoS Exec Code Overflow 2004-09-28 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
22 CVE-2004-0642 415 Exec Code 2004-09-28 2021-02-02
7.5
None Remote Low Not required Partial Partial Partial
Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
23 CVE-2004-0637 94 Exec Code 2004-09-02 2008-09-10
6.5
None Remote Low ??? Partial Partial Partial
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
24 CVE-2004-0629 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string.
25 CVE-2004-0593 Bypass 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules.
26 CVE-2004-0573 Exec Code Overflow 2004-09-28 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the converter for Microsoft WordPerfect 5.x on Office 2000, Office XP, Office 2003, and Works Suites 2001 through 2004 allows remote attackers to execute arbitrary code via a malicious document or website.
27 CVE-2004-0500 DoS Exec Code Overflow 2004-09-28 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
28 CVE-2004-0408 Exec Code Overflow 2004-09-28 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.
29 CVE-2004-0200 Exec Code Overflow 2004-09-28 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
30 CVE-2003-1052 +Priv 2004-09-28 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
31 CVE-2003-1051 Exec Code 2004-09-28 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
32 CVE-2003-1050 Exec Code Overflow 2004-09-28 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
33 CVE-2003-0930 Bypass 2004-09-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy.
34 CVE-2003-0929 Bypass 2004-09-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy.
35 CVE-2003-0928 Bypass 2004-09-28 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy.
36 CVE-2002-1583 Exec Code Overflow 2004-09-28 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
Total number of vulnerabilities : 36   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.