CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
101 CVE-2004-1274 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters.
102 CVE-2004-1273 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename.
103 CVE-2004-1272 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.
104 CVE-2004-1271 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file.
105 CVE-2004-1270 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
106 CVE-2004-1269 2005-01-10 2018-10-03
5.0
None Remote Low Not required None None Partial
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
107 CVE-2004-1268 2005-01-10 2018-10-03
2.1
None Local Low Not required None Partial None
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
108 CVE-2004-1267 119 Exec Code Overflow 2005-01-10 2018-10-03
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.
109 CVE-2004-1266 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.
110 CVE-2004-1265 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the convex-tool program in Convex 3D 0.8pre1 allows remote attackers to execute arbitrary code via a crafted 3DS file.
111 CVE-2004-1264 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.
112 CVE-2004-1263 Exec Code 2005-01-10 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.
113 CVE-2004-1262 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures.
114 CVE-2004-1261 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts.
115 CVE-2004-1260 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function in parse.cpp for abctab2ps 1.6.3 allow remote attackers to execute arbitrary code via crafted ABC files.
116 CVE-2004-1259 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the handle_directive function in abcpp.c for abcpp 1.3.0 allow remote attackers to execute arbitrary code via crafted ABC files.
117 CVE-2004-1258 119 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files.
118 CVE-2004-1257 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files.
119 CVE-2004-1256 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files.
120 CVE-2004-1255 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF.
121 CVE-2004-1254 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.
122 CVE-2004-1233 DoS Overflow 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.
123 CVE-2004-1232 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.
124 CVE-2004-1231 Dir. Trav. 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. (dot dot) sequences in a DCC connection with a CTCP packet that contains a 1 as the type and a 4 as the subtype.
125 CVE-2004-1230 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.
126 CVE-2004-1229 XSS 2005-01-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.
127 CVE-2004-1228 DoS 2005-01-10 2017-07-11
6.4
None Remote Low Not required Partial None Partial
The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.
128 CVE-2004-1227 Exec Code Dir. Trav. 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. (dot dot) sequences in the (1) module, (2) action, or (3) theme parameters to index.php, (4) the theme parameter to Login.php, and possibly other parameters or scripts.
129 CVE-2004-1226 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.
130 CVE-2004-1225 Exec Code +Priv Sql 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.
131 CVE-2004-1224 2005-01-10 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
132 CVE-2004-1223 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.
133 CVE-2004-1222 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter.
134 CVE-2004-1221 Dir. Trav. 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. sequences in the TextFile parameter.
135 CVE-2004-1220 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.
136 CVE-2004-1219 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.
137 CVE-2004-1218 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.
138 CVE-2004-1217 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp.
139 CVE-2004-1216 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game.
140 CVE-2004-1215 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error.
141 CVE-2004-1214 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.
142 CVE-2004-1213 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.
143 CVE-2004-1212 Dir. Trav. 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. (dot dot) in the file argument.
144 CVE-2004-1211 119 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.
145 CVE-2004-1210 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables.
146 CVE-2004-1209 2005-01-10 2017-07-11
5.0
None Remote Low Not required None Partial None
Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.
147 CVE-2004-1208 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request.
148 CVE-2004-1207 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero.
149 CVE-2004-1206 Dir. Trav. 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.
150 CVE-2004-1205 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.
Total number of vulnerabilities : 320   Page : 1 2 3 (This Page)4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.