CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In August 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-1774 Exec Code Overflow 2004-08-31 2010-02-06
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDSYS.MD2.SDO_CODE_SIZE) in Oracle 10g before 10.1.0.2 Patch 2 allows local users to execute arbitrary code via a long LAYER parameter.
2 CVE-2004-1752 Exec Code Overflow 2004-08-24 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
3 CVE-2004-1751 DoS 2004-08-26 2008-09-05
5.0
None Remote Low Not required None None Partial
Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote servers to cause a denial of service (client or server crash) via a large packet, which generates a "Message too long" socket error that is treated as a critical error.
4 CVE-2004-1745 DoS Exec Code Overflow 2004-08-24 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Painkiller 1.3.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
5 CVE-2004-1744 DoS 2004-08-24 2008-09-05
5.0
None Remote Low Not required None None Partial
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to cause a denial of service (CPU consumption or crash) via many large HTTP requests.
6 CVE-2004-1743 2004-08-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder.
7 CVE-2004-1742 Dir. Trav. 2004-08-24 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
8 CVE-2004-1741 DoS 2004-08-23 2008-09-10
5.0
None Remote Low Not required None None Partial
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST.
9 CVE-2004-1740 2004-08-23 2008-09-05
5.0
None Remote Low Not required Partial None None
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST.
10 CVE-2004-1739 DoS 2004-08-23 2008-09-05
5.0
None Remote Low Not required None None Partial
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
11 CVE-2004-1737 Exec Code Sql Bypass 2004-08-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters.
12 CVE-2004-1735 XSS 2004-08-21 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field.
13 CVE-2004-1733 Dir. Trav. 2004-08-20 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL.
14 CVE-2004-1732 Exec Code Sql 2004-08-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter.
15 CVE-2004-1731 2004-08-20 2008-09-05
5.0
None Remote Low Not required None None Partial
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address.
16 CVE-2004-1729 XSS 2004-08-20 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
17 CVE-2004-1728 Exec Code Overflow 2004-08-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in British National Corpus SARA (sarad) allows remote attackers to execute arbitrary code by calling the client with a long string.
18 CVE-2004-1727 DoS 2004-08-20 2008-09-05
5.0
None Remote Low Not required None None Partial
BadBlue 2.5 allows remote attackers to cause a denial of service (refuse HTTP connections) via a large number of connections from the same IP address.
19 CVE-2004-1726 Exec Code Overflow 2004-08-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm.c in XV allow remote attackers to execute arbitrary code via a crafted image file that triggers a heap-based buffer overflow.
20 CVE-2004-1724 2004-08-18 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
21 CVE-2004-1722 Sql 2004-08-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in calendar.html in Merak Mail Server 5.2.7 allows remote attackers to execute arbitrary SQL statements via the schedule parameter.
22 CVE-2004-1721 2004-08-17 2008-09-10
5.0
None Remote Low Not required Partial None None
The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.
23 CVE-2004-1720 +Info 2004-08-17 2008-09-10
5.0
None Remote Low Not required Partial None None
The (1) address.html and possibly (2) calendar.html pages in Merak Mail Server 5.2.7 allow remote attackers to gain sensitive information via an invalid HTTP request, which reveals the installation path. NOTE: it is unclear whether the calendar.html is an exposure, since the path is leaked in web logs that may only be available to the administrators, who would have access to the path through legitimate means.
24 CVE-2004-1719 XSS 2004-08-17 2008-09-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail Server 5.2.7 allow remote attackers to inject arbitrary web script or HTML via the (1) category, (2) cserver, (3) ext, (4) global, (5) showgroups, (6) or showlite parameters to address.html, or the (7) spage or (8) autoresponder parameters to settings.html, the (9) folder parameter to readmail.html, or the (10) attachmentpage_text_error parameter to attachment.html, (11) folder, (12) ct, or (13) cv parameters to calendar.html, (14) an <img> tag, or (15) the subject of an e-mail message.
25 CVE-2004-1718 DoS 2004-08-17 2008-09-05
2.1
None Local Low Not required None None Partial
The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 and earlier allows local users to cause a denial of service (crash) via an invalid pointer in the "oa" argument.
26 CVE-2004-1717 Exec Code Overflow 2004-08-16 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
27 CVE-2004-1716 XSS 2004-08-16 2008-09-05
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the (1) IRC Server or (2) AIM ID fields in the user profile.
28 CVE-2004-1715 Dir. Trav. 2004-08-11 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 allows remote attackers or local users to read arbitrary files via "..\\", "..\", and similar dot dot sequences in the URL.
29 CVE-2004-1714 DoS 2004-08-11 2008-09-05
2.1
None Local Low Not required None None Partial
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
30 CVE-2004-1713 2004-08-10 2008-09-05
2.1
None Local Low Not required None Partial None
Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01] and earlier, as used by HP-UX Workload Manager (WLM), allows local users to corrupt data files.
31 CVE-2004-1712 XSS 2004-08-06 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers inject arbitrary Javascript via the name parameter.
32 CVE-2004-1711 XSS 2004-08-06 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter.
33 CVE-2004-1710 Exec Code 2004-08-06 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
34 CVE-2004-1709 2004-08-04 2008-09-05
2.1
None Local Low Not required Partial None None
Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token and the driver, which could allow local users to obtain the PINs of other users.
35 CVE-2004-1708 DoS 2004-08-02 2008-09-05
5.0
None Remote Low Not required None None Partial
Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of service (crash) via a large number of connections.
36 CVE-2004-1706 DoS Exec Code 2004-08-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The U.S. Robotics USR808054 wireless access point allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via an HTTP GET request with a long version string.
37 CVE-2004-1702 DoS 2004-08-09 2008-09-05
5.0
None Remote Low Not required None None Partial
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
38 CVE-2004-1701 Exec Code Overflow 2004-08-09 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.
39 CVE-2004-1682 +Priv 2004-08-15 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
40 CVE-2004-1681 Overflow +Priv 2004-08-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
41 CVE-2004-1679 Dir. Trav. 2004-08-04 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers create arbitrary files via a .../ (triple dot) in the (1) CWD, (2) STOR, or (3) RETR commands.
42 CVE-2004-1662 +Info 2004-08-25 2008-09-05
5.0
None Remote Low Not required Partial None None
YaBB SE 1.5.1 allows remote attackers to obtain sensitive information via a direct HTTP request to Admin.php, which reveals the full path in a PHP error message.
43 CVE-2004-1660 Exec Code File Inclusion 2004-08-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier allows remote attackers to execute arbitrary PHP code via the cutepath parameter to (1) show_archives.php or (2) show_news.php.
44 CVE-2004-1653 2004-08-31 2008-09-10
6.4
None Remote Low Not required Partial Partial None
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
45 CVE-2004-1652 +Priv 2004-08-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
46 CVE-2004-1651 XSS 2004-08-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the registration page in phpScheduleIt 1.0.0 RC1 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Lastname fields during new user registration, or (3) the Schedule Name field.
47 CVE-2004-1650 2004-08-31 2008-09-10
7.5
None Remote Low Not required Partial Partial Partial
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
48 CVE-2004-1649 Exec Code Overflow 2004-08-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in Microsoft Msinfo32.exe might allow local users to execute arbitrary code via a long filename in the msinfo_file command line parameter. NOTE: this issue might not cross security boundaries, so it may be REJECTED in the future.
49 CVE-2004-1648 XSS 2004-08-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangePassword.asp, (3) users_list.asp, (4) and users_add.asp in Password Protect allows remote attackers to inject arbitrary web script or HTML via the ShowMsg parameter.
50 CVE-2004-1647 Sql Bypass 2004-08-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Password Protect allows remote attackers to execute arbitrary SQL statements and bypass authentication via (1) admin or Pass parameter to index_next.asp, (2) LoginId, OPass, or NPass to CPassChangePassword.asp, (3) users_edit.asp, or (4) users_add.asp.
Total number of vulnerabilities : 240   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.