CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In May 2004 (CVSS score >= 8)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2004 +Priv 2004-05-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
2 CVE-2004-1993 Exec Code 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
3 CVE-2004-0386 Exec Code Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
4 CVE-2004-0380 Exec Code Bypass 2004-05-04 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
5 CVE-2004-0377 Exec Code Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
6 CVE-2004-0368 119 Exec Code Overflow 2004-05-04 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
7 CVE-2004-0220 119 DoS Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
8 CVE-2003-0782 DoS Exec Code Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
9 CVE-2003-0781 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
10 CVE-2003-0648 Exec Code Overflow 2004-05-04 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
Total number of vulnerabilities : 10   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.