CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2004-0545 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack.
152 CVE-2004-0544 Overflow +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands.
153 CVE-2004-0543 Sql 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.
154 CVE-2004-0542 Exec Code 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function.
155 CVE-2004-0541 Exec Code Overflow 2004-08-06 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
156 CVE-2004-0540 2004-08-06 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.
157 CVE-2004-0539 Exec Code 2004-08-06 2017-10-12
10.0
None Remote Low Not required Complete Complete Complete
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.
158 CVE-2004-0538 Exec Code 2004-08-06 2017-10-12
7.5
None Remote Low Not required Partial Partial Partial
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.
159 CVE-2004-0537 2004-08-06 2022-02-28
5.0
None Remote Low Not required None Partial None
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces.
160 CVE-2004-0536 +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report.
161 CVE-2004-0535 Overflow 2004-08-06 2017-10-11
2.1
None Local Low Not required Partial None None
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
162 CVE-2004-0530 Exec Code 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path.
163 CVE-2004-0529 +Priv 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
164 CVE-2004-0528 2004-08-06 2017-07-11
5.0
None Remote Low Not required None Partial None
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
165 CVE-2004-0527 2004-08-06 2017-07-11
5.0
None Remote Low Not required None Partial None
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
166 CVE-2004-0526 2004-08-06 2021-07-23
5.0
None Remote Low Not required None Partial None
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack.
167 CVE-2004-0525 DoS 2004-08-06 2018-10-30
5.0
None Remote Low Not required None None Partial
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero.
168 CVE-2004-0524 Overflow +Priv 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name.
169 CVE-2004-0523 Exec Code Overflow 2004-08-18 2020-01-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
170 CVE-2004-0522 Bypass 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.
171 CVE-2004-0521 Sql 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
172 CVE-2004-0520 XSS 2004-08-18 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
173 CVE-2004-0519 XSS 2004-08-18 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
174 CVE-2004-0518 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors.
175 CVE-2004-0517 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516.
176 CVE-2004-0516 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
177 CVE-2004-0515 2004-08-18 2017-07-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files."
178 CVE-2004-0514 2004-08-18 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups."
179 CVE-2004-0513 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."
180 CVE-2004-0507 DoS Exec Code Overflow 2004-08-18 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
181 CVE-2004-0506 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
182 CVE-2004-0505 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
183 CVE-2004-0504 DoS 2004-08-18 2017-10-11
5.0
None Remote Low Not required None None Partial
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
184 CVE-2004-0503 Bypass 2004-08-18 2017-07-11
5.0
None Remote Low Not required None Partial None
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502.
185 CVE-2004-0502 Bypass 2004-08-18 2017-07-11
5.0
None Remote Low Not required Partial None None
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI.
186 CVE-2004-0501 Bypass +Info 2004-08-18 2017-07-11
5.0
None Remote Low Not required Partial None None
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.
187 CVE-2004-0495 +Priv 2004-08-06 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.
188 CVE-2004-0493 DoS Overflow 2004-08-06 2021-06-06
6.4
None Remote Low Not required None Partial Partial
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
189 CVE-2004-0492 DoS Exec Code Overflow 2004-08-06 2021-06-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
190 CVE-2004-0490 Exec Code 2004-08-18 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529.
191 CVE-2004-0487 DoS 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs.
192 CVE-2004-0476 DoS Overflow 2004-08-18 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port.
193 CVE-2004-0461 DoS Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
194 CVE-2004-0460 DoS Exec Code Overflow 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
195 CVE-2004-0453 DoS Exec Code 2004-08-06 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string.
196 CVE-2004-0450 Exec Code 2004-08-06 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail.
197 CVE-2004-0447 DoS 2004-08-06 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS.
198 CVE-2004-0435 2004-08-18 2017-07-11
3.6
None Local Low Not required None Partial Partial
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk.
199 CVE-2004-0433 DoS Exec Code Overflow 2004-08-18 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets.
200 CVE-2004-0432 Bypass 2004-08-18 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions.
Total number of vulnerabilities : 240   Page : 1 2 3 4 (This Page)5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.