CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2004-2313 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error messages for incorrect passwords versus correct passwords on non-mail-enabled accounts (such as root), which allows remote attackers to guess the root password via brute force attacks.
452 CVE-2004-2312 Overflow +Priv 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
453 CVE-2004-2311 Dir. Trav. 2004-12-31 2017-07-11
3.6
None Local Low Not required Partial Partial None
Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows local users to create folders or determine the existence of files via a .. (dot dot) in the new folder dialog.
454 CVE-2004-2310 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domino R6 6.5.1 allows remote attackers to inject arbitrary web script or HTML via a Domino command in the Quick Console.
455 CVE-2004-2309 Dir. Trav. 2004-12-31 2017-07-11
2.1
None Local Low Not required Partial None None
Directory traversal vulnerability in Crob FTP Server 3.5.1 allows local users to browse outside the FTP root via multiple ../ (dot dot slash) in the DIR command.
456 CVE-2004-2308 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html.
457 CVE-2004-2307 DoS 2004-12-31 2021-07-23
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attackers to cause a denial of service (browser crash) via a shell: URI with double backslashes (\\) in an HTML tag such as IFRAME or A.
458 CVE-2004-2306 2004-12-31 2018-10-30
4.6
None Local Low Not required Partial Partial Partial
Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled and the SUNWscpu package has been removed as a result of security hardening, disables mail alerts from the audit_warn script, which might allow attackers to escape detection.
459 CVE-2004-2305 Bypass 2004-12-31 2021-04-09
5.0
None Remote Low Not required None Partial None
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
460 CVE-2004-2304 DoS Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow.
461 CVE-2004-2303 2004-12-31 2017-07-11
3.6
None Local Low Not required Partial Partial None
MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
462 CVE-2004-2302 DoS 2004-12-31 2017-02-19
2.6
None Local High Not required Partial None Partial
Race condition in the sysfs_read_file and sysfs_write_file functions in Linux kernel before 2.6.10 allows local users to read kernel memory and cause a denial of service (crash) via large offsets in sysfs files.
463 CVE-2004-2301 DoS Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow.
464 CVE-2004-2300 Exec Code Overflow 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE.
465 CVE-2004-2299 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header.
466 CVE-2004-2298 2004-12-31 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the administrator does not change the credential by using the NMAP Credential Generator.
467 CVE-2004-2297 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a large, out-of-range score parameter.
468 CVE-2004-2296 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.
469 CVE-2004-2295 Exec Code Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter.
470 CVE-2004-2294 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Canonicalize-before-filter error in the send_review function in the Reviews module for PHP-Nuke 6.0 to 7.3 allows remote attackers to inject arbitrary web script or HTML via hex-encoded XSS sequences in the text parameter, which is checked for dangerous sequences before it is canonicalized, leading to a cross-site scripting (XSS) vulnerability.
471 CVE-2004-2293 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to 7.3 allow remote attackers to inject arbitrary web script or HTML via the (1) eid parameter or (2) query parameter to the Encyclopedia module, (3) preview_review function in the Reviews module as demonstrated by the url, cover, rlanguage, and hits parameters, or (4) savecomment function in the Reviews module, as demonstrated using the uname parameter. NOTE: the Faq/categories and Encyclopedia/ltr issues are already covered by CVE-2005-1023.
472 CVE-2004-2292 DoS Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to cause a denial of service (application crash) via a long STATUS command to the IMAP server.
473 CVE-2004-2291 Exec Code 2004-12-31 2021-07-23
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script.
474 CVE-2004-2290 Exec Code 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder.
475 CVE-2004-2289 Exec Code 2004-12-31 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
476 CVE-2004-2288 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.
477 CVE-2004-2287 Dir. Trav. 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.
478 CVE-2004-2286 DoS Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.
479 CVE-2004-2284 Exec Code 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument.
480 CVE-2004-2283 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
481 CVE-2004-2282 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
482 CVE-2004-2281 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 and 6.0.x before 6.0.5 have unknown impact and attack vectors, related to Java applets, as identified by (1) KSPR5YS6GR and (2) KSPR62F4D3.
483 CVE-2004-2280 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before 6.0.5 allows remote attackers to cause a denial of service (crash) via unknown vectors related to Java applets, as identified by KSPR62F4KN.
484 CVE-2004-2279 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 Final allows remote attackers to execute arbitrary script as other users via the pop parameter in a chat action to index.php.
485 CVE-2004-2278 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHost before 3.10r1 has unknown impact and attack vectors.
486 CVE-2004-2277 DoS Exec Code Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in aGSM Half-Life client allows remote Half-Life servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server response.
487 CVE-2004-2276 Bypass 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
488 CVE-2004-2275 Exec Code 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.
489 CVE-2004-2274 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and attack vectors, possibly related to the parsing of the URI.
490 CVE-2004-2273 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a packet with a single byte, which triggers a "Wrong protocol or connection state" error.
491 CVE-2004-2272 DoS Overflow 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in the sockFinger_DataArrival function in efFingerD 0.2.12 allows remote attackers to cause a denial of service (daemon crash) via a long finger command.
492 CVE-2004-2271 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
493 CVE-2004-2270 Exec Code 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.
494 CVE-2004-2269 Exec Code Overflow 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability.
495 CVE-2004-2268 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php.
496 CVE-2004-2267 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allows remote attackers to inject arbitrary HTML or web script via the album name.
497 CVE-2004-2266 Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter.
498 CVE-2004-2265 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact.
499 CVE-2004-2264 DoS Exec Code 2004-12-31 2017-07-11
6.4
None Remote Low Not required None Partial Partial
** DISPUTED ** Format string bug in the open_altfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a vulnerability unless there are plausible scenarios under which privilege boundaries could be crossed.
500 CVE-2004-2263 Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
Total number of vulnerabilities : 1223   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11 12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.