CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2004-1204 DoS Overflow 2005-01-10 2017-07-11
2.1
None Local Low Not required None None Partial
FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.
152 CVE-2004-1203 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.
153 CVE-2004-1202 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.
154 CVE-2004-1201 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
155 CVE-2004-1199 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.
156 CVE-2004-1197 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter.
157 CVE-2004-1196 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter.
158 CVE-2004-1195 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory.
159 CVE-2004-1194 DoS Overflow 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname.
160 CVE-2004-1193 264 Bypass 2005-01-10 2017-07-11
6.6
None Local Low Not required None Complete Complete
Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.
161 CVE-2004-1192 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.
162 CVE-2004-1191 2005-01-10 2017-07-11
1.2
None Local High Not required Partial None None
Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."
163 CVE-2004-1190 2005-01-10 2017-10-11
2.1
None Local Low Not required None Partial None
SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
164 CVE-2004-1188 Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
165 CVE-2004-1187 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
166 CVE-2004-1185 Exec Code 2005-01-21 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
167 CVE-2004-1184 Exec Code 2005-01-21 2018-10-19
4.6
None Local Low Not required Partial Partial Partial
The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
168 CVE-2004-1183 DoS Exec Code Overflow 2005-01-06 2017-10-11
5.1
None Remote High Not required Partial Partial Partial
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted TIFF file.
169 CVE-2004-1177 XSS 2005-01-10 2017-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
170 CVE-2004-1172 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
171 CVE-2004-1171 2005-01-10 2017-07-11
2.1
None Local Low Not required Partial None None
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
172 CVE-2004-1170 Exec Code 2005-01-10 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
173 CVE-2004-1169 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.
174 CVE-2004-1168 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
175 CVE-2004-1167 2005-01-10 2017-07-11
5.0
None Remote Low Not required None Partial None
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.
176 CVE-2004-1165 Exec Code 2005-01-10 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.
177 CVE-2004-1164 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence."
178 CVE-2004-1163 DoS 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets.
179 CVE-2004-1162 Exec Code Bypass 2005-01-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.
180 CVE-2004-1161 Bypass 2005-01-10 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
181 CVE-2004-1160 2005-01-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
182 CVE-2004-1158 2005-01-10 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
183 CVE-2004-1157 2005-01-10 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
184 CVE-2004-1154 DoS Exec Code Overflow 2005-01-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
185 CVE-2004-1153 DoS Exec Code 2005-01-10 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.
186 CVE-2004-1152 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.
187 CVE-2004-1151 Overflow +Priv 2005-01-10 2016-10-18
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.
188 CVE-2004-1149 +Priv 2005-01-10 2021-04-09
7.2
None Local Low Not required Complete Complete Complete
Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.
189 CVE-2004-1148 2005-01-10 2017-07-11
5.0
None Remote Low Not required Partial None None
phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.
190 CVE-2004-1147 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.
191 CVE-2004-1138 Exec Code 2005-01-10 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.
192 CVE-2004-1137 DoS Exec Code 2005-01-10 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
193 CVE-2004-1136 DoS Overflow 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.
194 CVE-2004-1135 DoS Overflow 2005-01-10 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.
195 CVE-2004-1134 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
196 CVE-2004-1133 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.
197 CVE-2004-1130 XSS 2005-01-10 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.
198 CVE-2004-1129 Sql 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.
199 CVE-2004-1128 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename.
200 CVE-2004-1127 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command.
Total number of vulnerabilities : 320   Page : 1 2 3 4 (This Page)5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.