| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
151 |
CVE-2004-0545 |
|
|
|
2004-08-06 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. |
|
152 |
CVE-2004-0544 |
|
|
Overflow +Priv |
2004-08-06 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. |
|
153 |
CVE-2004-0543 |
|
|
Sql |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. |
|
154 |
CVE-2004-0542 |
|
|
Exec Code |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
PHP before 4.3.7 on Win32 platforms does not properly filter all shell metacharacters, which allows local or remote attackers to execute arbitrary code, overwrite files, and access internal environment variables via (1) the "%", "|", or ">" characters to the escapeshellcmd function, or (2) the "%" character to the escapeshellarg function. |
|
155 |
CVE-2004-0541 |
|
|
Exec Code Overflow |
2004-08-06 |
2018-05-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). |
|
156 |
CVE-2004-0540 |
|
|
|
2004-08-06 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain. |
|
157 |
CVE-2004-0539 |
|
|
Exec Code |
2004-08-06 |
2017-10-12 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code. |
|
158 |
CVE-2004-0538 |
|
|
Exec Code |
2004-08-06 |
2017-10-12 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user. |
|
159 |
CVE-2004-0537 |
|
|
|
2004-08-06 |
2022-02-28 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Opera 7.50 and earlier allows remote web sites to provide a "Shortcut Icon" (favicon) that is wider than expected, which could allow the web sites to spoof a trusted domain and facilitate phishing attacks using a wide icon and extra spaces. |
|
160 |
CVE-2004-0536 |
|
|
+Priv |
2004-08-06 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in Tripwire commercial 4.0.1 and earlier, including 2.4, and open source 2.3.1 and earlier, allows local users to gain privileges via format string specifiers in a file name, which is used in the generation of an email report. |
|
161 |
CVE-2004-0535 |
|
|
Overflow |
2004-08-06 |
2017-10-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. |
|
162 |
CVE-2004-0530 |
|
|
Exec Code |
2004-08-06 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path. |
|
163 |
CVE-2004-0529 |
|
|
+Priv |
2004-08-06 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490. |
|
164 |
CVE-2004-0528 |
|
|
|
2004-08-06 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
|
165 |
CVE-2004-0527 |
|
|
|
2004-08-06 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
|
166 |
CVE-2004-0526 |
|
|
|
2004-08-06 |
2021-07-23 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates a "phishing" attack. |
|
167 |
CVE-2004-0525 |
|
|
DoS |
2004-08-06 |
2018-10-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 allows remote attackers to cause a denial of service (hang) by accessing iLO using the TCP/IP reserved port zero. |
|
168 |
CVE-2004-0524 |
|
|
Overflow +Priv |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name. |
|
169 |
CVE-2004-0523 |
|
|
Exec Code Overflow |
2004-08-18 |
2020-01-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. |
|
170 |
CVE-2004-0522 |
|
|
Bypass |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. |
|
171 |
CVE-2004-0521 |
|
|
Sql |
2004-08-18 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. |
|
172 |
CVE-2004-0520 |
|
|
XSS |
2004-08-18 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. |
|
173 |
CVE-2004-0519 |
|
|
XSS |
2004-08-18 |
2017-10-11 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. |
|
174 |
CVE-2004-0518 |
|
|
|
2004-08-18 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. |
|
175 |
CVE-2004-0517 |
|
|
|
2004-08-18 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. |
|
176 |
CVE-2004-0516 |
|
|
|
2004-08-18 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517. |
|
177 |
CVE-2004-0515 |
|
|
|
2004-08-18 |
2017-07-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files." |
|
178 |
CVE-2004-0514 |
|
|
|
2004-08-18 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." |
|
179 |
CVE-2004-0513 |
|
|
|
2004-08-18 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls." |
|
180 |
CVE-2004-0507 |
|
|
DoS Exec Code Overflow |
2004-08-18 |
2017-10-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
|
181 |
CVE-2004-0506 |
|
|
DoS |
2004-08-18 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference. |
|
182 |
CVE-2004-0505 |
|
|
DoS |
2004-08-18 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors. |
|
183 |
CVE-2004-0504 |
|
|
DoS |
2004-08-18 |
2017-10-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients. |
|
184 |
CVE-2004-0503 |
|
|
Bypass |
2004-08-18 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. |
|
185 |
CVE-2004-0502 |
|
|
Bypass |
2004-08-18 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. |
|
186 |
CVE-2004-0501 |
|
|
Bypass +Info |
2004-08-18 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information. |
|
187 |
CVE-2004-0495 |
|
|
+Priv |
2004-08-06 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool. |
|
188 |
CVE-2004-0493 |
|
|
DoS Overflow |
2004-08-06 |
2021-06-06 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. |
|
189 |
CVE-2004-0492 |
|
|
DoS Exec Code Overflow |
2004-08-06 |
2021-06-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. |
|
190 |
CVE-2004-0490 |
|
|
Exec Code |
2004-08-18 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. |
|
191 |
CVE-2004-0487 |
|
|
DoS |
2004-08-18 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. |
|
192 |
CVE-2004-0476 |
|
|
DoS Overflow |
2004-08-18 |
2017-07-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port. |
|
193 |
CVE-2004-0461 |
|
|
DoS Exec Code Overflow |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. |
|
194 |
CVE-2004-0460 |
|
|
DoS Exec Code Overflow |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. |
|
195 |
CVE-2004-0453 |
|
|
DoS Exec Code |
2004-08-06 |
2017-07-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string. |
|
196 |
CVE-2004-0450 |
|
|
Exec Code |
2004-08-06 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail. |
|
197 |
CVE-2004-0447 |
|
|
DoS |
2004-08-06 |
2017-10-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS. |
|
198 |
CVE-2004-0435 |
|
|
|
2004-08-18 |
2017-07-11 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. |
|
199 |
CVE-2004-0433 |
|
|
DoS Exec Code Overflow |
2004-08-18 |
2017-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets. |
|
200 |
CVE-2004-0432 |
|
|
Bypass |
2004-08-18 |
2017-07-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. |
