CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2004-2262 Exec Code 2004-12-31 2017-10-19
5.0
None Remote Low Not required None Partial None
ImageManager in e107 before 0.617 does not properly check the types of uploaded files, which allows remote attackers to execute arbitrary code by uploading a PHP file via the upload parameter to images.php.
502 CVE-2004-2261 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in e107 allows remote attackers to inject arbitrary script or HTML via the "login name/author" field in the (1) news submit or (2) article submit functions.
503 CVE-2004-2260 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Opera Browser 7.23, and other versions before 7.50, updates the address bar as soon as the user clicks a link, which allows remote attackers to redirect to other sites via the onUnload attribute.
504 CVE-2004-2259 DoS 2004-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
vsftpd before 1.2.2, when under heavy load, allows attackers to cause a denial of service (crash) via a SIGCHLD signal during a malloc or free call, which is not re-entrant.
505 CVE-2004-2258 2004-12-31 2017-07-11
2.1
None Local Low Not required None Partial None
Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definition is password-protected, allows local users to access certain options by switching to another tab, then switching back to the original tab.
506 CVE-2004-2257 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.
507 CVE-2004-2256 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remote attackers to read arbitrary files, and possibly execute local PHP files, via .. sequences in the lang (language) variable.
508 CVE-2004-2255 Dir. Trav. 2004-12-31 2017-07-11
6.4
None Remote Low Not required Partial Partial None
Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote attackers to read arbitrary files, and possibly execute local PHP files, via the action variable, which is used as part of a template filename.
509 CVE-2004-2254 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
510 CVE-2004-2253 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and earlier allows remote attackers to read arbitrary files via a .. in the page parameter of the show command.
511 CVE-2004-2252 +Info 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
The firewall in Astaro Security Linux before 4.024 sends responses to SYN-FIN packets, which makes it easier for remote attackers to obtain information about the system and construct specialized attacks.
512 CVE-2004-2251 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
The PPTP server in Astaro Security Linux before 4.024 provides information about its version, which makes it easier for remote attackers to construct specialized attacks.
513 CVE-2004-2250 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
514 CVE-2004-2249 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
515 CVE-2004-2248 2004-12-31 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact and attack vectors, related to "oversize submissions."
516 CVE-2004-2247 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in the "admin of paypal email addresses" in AudienceConnect before 1.0.beta.21 has unknown impact and attack vectors.
517 CVE-2004-2246 XSS 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allows remote attackers to inject arbitrary HTML or web script via the conversation_id parameter to viewpic.php.
518 CVE-2004-2245 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remote attackers to inject arbitrary HTML or web script via the (1) page parameter to viewalbum.php or (2) btopage parameter to viewpic.php.
519 CVE-2004-2244 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9.0.3.1, 9.0.2.3 and earlier, and Release 1 1.0.2.2 and 1.0.2.2.2, and Database Server Release 2 9.2.0.1 and later, allows remote attackers to cause a denial of service (CPU and memory consumption) via a SOAP message containing a crafted DTD.
520 CVE-2004-2243 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
521 CVE-2004-2242 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.
522 CVE-2004-2241 XSS 2004-12-31 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch.
523 CVE-2004-2240 Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
524 CVE-2004-2239 DoS Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code.
525 CVE-2004-2238 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5.4.2 and earlier has unknown impact and attack vectors. NOTE: in a followup post, it was observed that the source code used constants that, when compiled, became static format strings. Thus this is not a vulnerability.
526 CVE-2004-2237 2004-12-31 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.3.4 has unknown impact and attack vectors, related to "strings in Moodle texts."
527 CVE-2004-2236 2004-12-31 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.3.3 has unknown impact and attack vectors, related to language setting.
528 CVE-2004-2235 2004-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unknown vulnerability in Moodle before 1.2 has unknown impact and attack vectors, related to improper filtering of text.
529 CVE-2004-2234 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators.
530 CVE-2004-2233 2004-12-31 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Unknown "front page vulnerability with Moodle servers" for Moodle before 1.3.2 has unknown impact and attack vectors.
531 CVE-2004-2232 Sql 2004-12-31 2020-12-01
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements.
532 CVE-2004-2231 2004-12-31 2017-07-11
1.2
None Local High Not required None Partial None
Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) persistent_state or (2) env.properties.X temporary files.
533 CVE-2004-2230 DoS Overflow 2004-12-31 2017-07-11
2.1
None Local Low Not required None None Partial
Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allows local users to cause a denial of service (panic) and corrupt memory via IPSEC credentials on a socket.
534 CVE-2004-2229 +Priv 2004-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.
535 CVE-2004-2228 +Priv 2004-12-31 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges.
536 CVE-2004-2227 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 1.0 truncates long filenames in the file download dialog box, which makes it easier for remote attackers to trick users into downloading files with dangerous extensions.
537 CVE-2004-2226 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Mails is enabled, allows remote attackers to determine valid e-mail addresses via an HTML e-mail that references a Cascading Style Sheets (CSS) document on the attacker's server.
538 CVE-2004-2225 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.
539 CVE-2004-2224 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that contains MS-DOS device names such as com1.
540 CVE-2004-2223 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
FsPHPGallery before 1.2 allows remote attackers to cause a denial of service via an image with a large size attribute, which causes a crash when the server attempts to resize the image.
541 CVE-2004-2222 Dir. Trav. 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter.
542 CVE-2004-2221 Exec Code Overflow 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
543 CVE-2004-2220 Bypass 2004-12-31 2017-07-11
5.0
None Remote Low Not required None Partial None
F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
544 CVE-2004-2219 2004-12-31 2021-07-23
2.6
None Remote High Not required None Partial None
Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar to facilitate phishing attacks via Javascript that uses an invalid URI, modifies the Location field, then uses history.back to navigate to the previous domain, aka NullyFake.
545 CVE-2004-2218 Sql 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
546 CVE-2004-2217 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
547 CVE-2004-2216 DoS 2004-12-31 2017-07-11
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier and 6.1 SP1 and earlier, and Application Server 7 Update 4 and earlier, allows remote attackers to cause a denial of service (crash) via a malformed client certificate.
548 CVE-2004-2215 +Priv 2004-12-31 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.
549 CVE-2004-2214 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.
550 CVE-2004-2213 2004-12-31 2017-07-11
5.0
None Remote Low Not required Partial None None
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.
Total number of vulnerabilities : 1223   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)12 13 14 15 16 17 18 19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.