CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In July 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2067 Sql Bypass 2004-07-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
2 CVE-2004-2066 Exec Code Sql Bypass 2004-07-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
3 CVE-2004-2064 XSS 2004-07-29 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields.
4 CVE-2004-2061 2004-07-27 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
5 CVE-2004-2055 XSS 2004-07-19 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter.
6 CVE-2004-2053 Exec Code File Inclusion 2004-07-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter.
7 CVE-2004-2051 2004-07-24 2008-09-05
5.0
None Remote Low Not required Partial None None
The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL.
8 CVE-2004-2047 Dir. Trav. 2004-07-23 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for PostNuke allows remote attackers to retrieve arbitrary files via a .. (dot dot) in the pathext parameter.
9 CVE-2004-1749 DoS 2004-07-22 2008-09-05
5.0
None Remote Low Not required None None Partial
Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when configured in a one-armed routing configuration, allows remote attackers to cause a denial of service (CPU consumption) via a large number of HTTP requests.
10 CVE-2004-1707 +Priv 2004-07-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
11 CVE-2004-1705 DoS Overflow 2004-07-30 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
12 CVE-2004-1704 +Priv 2004-07-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
13 CVE-2004-1703 Exec Code 2004-07-30 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
14 CVE-2004-0742 2004-07-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view.
15 CVE-2004-0741 DoS Overflow 2004-07-27 2008-09-05
5.0
None Remote Low Not required None None Partial
LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow.
16 CVE-2004-0740 DoS Overflow 2004-07-27 2008-09-10
5.0
None Remote Low Not required None None Partial
The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly triggering a buffer overflow.
17 CVE-2004-0739 DoS Exec Code Overflow 2004-07-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename.
18 CVE-2004-0738 Sql 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters.
19 CVE-2004-0737 XSS 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3, (6) sel4, (7) sel5, (8) match, (9) mod1, (10) mod2, or (11) mod3 parameters.
20 CVE-2004-0736 2004-07-27 2008-09-05
5.0
None Remote Low Not required Partial None None
The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message.
21 CVE-2004-0735 Exec Code Overflow 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.
22 CVE-2004-0734 Exec Code 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter.
23 CVE-2004-0733 1 DoS Exec Code 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call.
24 CVE-2004-0732 Sql 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter.
25 CVE-2004-0731 XSS 2004-07-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field.
26 CVE-2004-0730 XSS 2004-07-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from faq.php, or (3) the faq[0][0] parameter in lang_bbcode.php as accessible from faq.php.
27 CVE-2004-0729 2004-07-27 2008-09-05
5.0
None Remote Low Not required Partial None None
PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.
28 CVE-2004-0728 DoS 2004-07-27 2008-09-10
5.0
None Remote Low Not required None None Partial
The Remote Control Client service in Microsoft's Systems Management Server (SMS) 2.50.2726.0 allows remote attackers to cause a denial of service (crash) via a data packet to TCP port 2702 that causes the server to read or write to an invalid memory address.
29 CVE-2004-0727 Exec Code Bypass 2004-07-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
30 CVE-2004-0726 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Windows Media Player control in Microsoft Windows 2000 allows remote attackers to execute arbitrary script in the local computer zone via an ASX filename that contains javascript, which is executed in the local context in a preview panel.
31 CVE-2004-0725 XSS 2004-07-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.
32 CVE-2004-0724 DoS 2004-07-27 2008-09-05
5.0
None Remote Low Not required None None Partial
The Half-Life engine before July 7 2004 allows remote attackers to cause a denial of service (server or client crash) via an empty fragmented packet.
33 CVE-2004-0723 Bypass 2004-07-27 2008-09-05
6.4
None Remote Low Not required Partial Partial None
Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers to bypass sandbox restrictions to read or write certain data between applets from different domains via the "GET/Key" and "PUT/Key/Value" commands, aka "cross-site Java."
34 CVE-2004-0721 2004-07-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
35 CVE-2004-0720 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Safari 1.2.2 does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
36 CVE-2004-0719 2004-07-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, and possibly other versions, does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
37 CVE-2004-0718 2004-07-27 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netscape 7.1 web browsers do not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
38 CVE-2004-0717 2004-07-27 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a frame in one domain from injecting content into a frame that belongs to another domain, which facilitates web site spoofing and other attacks, aka the frame injection vulnerability.
39 CVE-2004-0715 +Priv 2004-07-27 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
The WebLogic Authentication provider for BEA WebLogic Server and WebLogic Express 8.1 through SP2 and 7.0 through SP4 does not properly clear member relationships when a group is deleted, which can cause a new group with the same name to have the members of the old group, which allows group members to gain privileges.
40 CVE-2004-0714 DoS Mem. Corr. 2004-07-27 2009-03-04
5.0
None Remote Low Not required None None Partial
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
41 CVE-2004-0713 2004-07-27 2008-09-05
6.4
None Remote Low Not required None Partial Partial
The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLogic Server and WebLogic Express version 8.1 through SP2, 7.0 through SP4, and 6.1 through SP6, does not properly check EJB permissions before unexporting a bean, which allows remote authenticated users to remove EJB objects from remote views before the security exception is thrown.
42 CVE-2004-0712 +Priv 2004-07-27 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The configuration tools (1) config.sh in Unix or (2) config.cmd in Windows for BEA WebLogic Server 8.1 through SP2 create a log file that contains the administrative username and password in cleartext, which could allow local users to gain privileges.
43 CVE-2004-0711 Bypass 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The URL pattern matching feature in BEA WebLogic Server 6.x matches illegal patterns ending in "*" as wildcards as if they were the legal "/*" pattern, which could cause WebLogic 7.x to allow remote attackers to bypass intended access restrictions because the illegal patterns are properly rejected.
44 CVE-2004-0710 DoS 2004-07-27 2009-03-04
5.0
None Remote Low Not required None None Partial
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
45 CVE-2004-0709 Bypass 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions.
46 CVE-2004-0708 +Priv 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges by creating a user with the same name as an existing group that has higher privileges.
47 CVE-2004-0707 Sql 2004-07-27 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allows remote attackers with privileges to grant membership to any group to execute arbitrary SQL.
48 CVE-2004-0706 2004-07-27 2008-09-05
2.1
None Local Low Not required Partial None None
Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, which could allow local users to view the password in the web server log files.
49 CVE-2004-0705 XSS 2004-07-27 2008-09-05
6.8
User Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in (1) editcomponents.cgi, (2) editgroups.cgi, (3) editmilestones.cgi, (4) editproducts.cgi, (5) editusers.cgi, and (6) editversions.cgi in Bugzilla 2.16.x before 2.16.6, and 2.18 before 2.18rc1, allow remote attackers to execute arbitrary JavaScript as other users via a URL parameter.
50 CVE-2004-0704 2004-07-27 2008-09-05
5.0
None Remote Low Not required Partial None None
Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products.
Total number of vulnerabilities : 101   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.