CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004 (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0441 Exec Code Overflow 2004-12-22 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.
2 CVE-2004-2758 DoS 2004-12-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
3 CVE-2004-2754 89 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
4 CVE-2004-2746 89 Exec Code Sql 2004-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
5 CVE-2004-2745 22 Dir. Trav. 2004-12-31 2018-10-19
7.8
None Remote Low Not required Complete None None
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
6 CVE-2004-2739 264 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows remote attackers to modify system configuration via unknown attack vectors.
7 CVE-2004-2737 89 Exec Code Sql 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
8 CVE-2004-2734 287 Bypass 2004-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
9 CVE-2004-2724 287 DoS 2004-12-31 2017-07-29
7.1
None Remote Medium Not required None None Complete
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
10 CVE-2004-2716 89 Exec Code Sql 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.14.5 allow remote attackers to execute arbitrary SQL commands via the (1) sortBy, (2) sortOrder, (3) startReg, (4) U, (5) LastCheck , and (6) R parameters.
11 CVE-2004-2715 287 +Priv Bypass 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
12 CVE-2004-2711 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval."
13 CVE-2004-2710 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name.
14 CVE-2004-2709 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.
15 CVE-2004-2707 Overflow 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) before 1.0.5 have unknown impact and attack vectors related to "several security flaws," probably related to buffer overflows in HTTP server responses.
16 CVE-2004-2700 264 2004-12-31 2008-09-05
9.0
None Remote Low ??? Complete Complete Complete
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.
17 CVE-2004-2695 89 Exec Code Sql 2004-12-31 2020-02-24
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Authorize.net callback code (subscriptions/authorize.php) in Jelsoft vBulletin 3.0 through 3.0.3 allows remote attackers to execute arbitrary SQL statements via the x_invoice_num parameter. NOTE: this issue might be related to CVE-2006-4267.
18 CVE-2004-2693 264 +Priv 2004-12-31 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
19 CVE-2004-2692 264 Exec Code Bypass 2004-12-31 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
20 CVE-2004-2691 DoS 2004-12-31 2017-07-29
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
21 CVE-2004-2690 Exec Code 2004-12-31 2017-07-29
8.5
None Remote Medium ??? Complete Complete Complete
Unrestricted file upload vulnerability in the Administration Panel for NewsPHP allows remote authenticated administrators to upload and execute arbitrary code instead of video files.
22 CVE-2004-2689 264 2004-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
23 CVE-2004-2687 16 Exec Code 2004-12-31 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
24 CVE-2004-2686 22 Dir. Trav. 2004-12-31 2018-10-30
7.2
None Local Low Not required Complete Complete Complete
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
25 CVE-2004-2685 119 Exec Code Overflow 2004-12-31 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.
26 CVE-2004-2681 XSS 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely long time, which might make it easier for remote attackers to hijack a session.
27 CVE-2004-2679 +Info 2004-12-31 2017-07-29
7.8
None Remote Low Not required Complete None None
Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to obtain potentially sensitive information by sending an Internet Key Exchange (IKE) with a certain Vendor ID payload that causes Firewall-1 to return a response containing version and other information.
28 CVE-2004-2677 Exec Code 2004-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
29 CVE-2004-2676 +Priv 2004-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
30 CVE-2004-2673 DoS Exec Code Overflow 2004-12-31 2017-07-29
9.0
None Remote Low ??? Complete Complete Complete
Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.
31 CVE-2004-2672 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows attackers to upload .lnk files via unknown vectors.
32 CVE-2004-2669 Exec Code Sql 2004-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s, w, and d in users.php, (2) id in comments.php, (3) rusername in auth.php, or (4) h in plug.php.
33 CVE-2004-2668 Exec Code Sql 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Interchange before 4.8.9 allows remote attackers to execute arbitrary SQL commands via unknown vectors.
34 CVE-2004-2663 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Support eGatherer ActiveX control 2.0.0.16 allow remote attackers to create files with arbitrary content, as demonstrated by creating a .hta file in a Startup folder.
35 CVE-2004-2653 +Priv 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
36 CVE-2004-2652 DoS 2004-12-31 2017-07-20
7.8
None Remote Low Not required None None Complete
The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
37 CVE-2004-2645 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."
38 CVE-2004-2644 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.
39 CVE-2004-2639 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.
40 CVE-2004-2638 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value.
41 CVE-2004-2635 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control's RegQueryValue() method.
42 CVE-2004-2632 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg['Servers'] variables.
43 CVE-2004-2631 Exec Code 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
44 CVE-2004-2630 Exec Code 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
45 CVE-2004-2629 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
46 CVE-2004-2627 Exec Code 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
47 CVE-2004-2623 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."
48 CVE-2004-2622 2004-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
49 CVE-2004-2619 Bypass 2004-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
50 CVE-2004-2614 DoS Exec Code Overflow 2004-12-31 2019-11-25
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
Total number of vulnerabilities : 429   Page : 1 (This Page)2 3 4 5 6 7 8 9
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.