CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004(Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2715 287 +Priv Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
2 CVE-2004-2697 362 +Priv 2004-12-31 2008-09-05
6.9
Admin Local Medium Not required Complete Complete Complete
The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 and 5.1 allows local users to gain privileges via a symlink attack on a command line argument (log file). NOTE: this might be related to CVE-2006-5002.
3 CVE-2004-2693 264 +Priv 2004-12-31 2009-03-04
7.2
None Local Low Not required Complete Complete Complete
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
4 CVE-2004-2678 +Priv 2004-12-31 2008-09-05
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24), and 5.1A PK6(BL24), when using IPsec/IKE (Internet Key Exchange) with Certificates, allows remote attackers to gain privileges via unknown attack vectors.
5 CVE-2004-2676 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy Sweeper before 2.0 does not drop privileges when using the help functionality, which allows local users to gain privileges.
6 CVE-2004-2653 +Priv 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows attackers to gain privileges via unknown vectors involving (1) admin/userlevelmembers-edit.asp and (2) admin/edit-groups.asp.
7 CVE-2004-2615 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The documentation for CuteNews 1.3.6 and possibly other versions specifies that files under cutenews/data must be manually given world-writable permissions, which allows local users to insert false news, delete news, and possibly gain privileges or have other unknown impact.
8 CVE-2004-2611 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The Change Permissions function in the Sophster suite before 0.9.6 28 May 2004 (aka 0.9.6-r5), possibly including Sophster, FreeSophster, and FreeSophsterPAM, removes the (1) setuid, (2) setgid, and (3) sticky bits when changing a file, which might allow attackers to gain privileges or conduct other unauthorized activities.
9 CVE-2004-2610 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
mntd_mount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed. Typical usage would restrict write access to the configuration file.
10 CVE-2004-2536 +Priv 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 does not invalidate the per-TSS io_bitmap pointers if a process obtains IO access permissions from the ioperm function but does not drop those permissions when it exits, which allows other processes to access the per-TSS pointers, access restricted memory locations, and possibly gain privileges.
11 CVE-2004-2504 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8, executes child processes such as NOTEPAD.EXE with SYSTEM privileges when users create new files, which allows local users with physical access to gain privileges.
12 CVE-2004-2455 +Priv +Info 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows remote attackers to obtain sensitive information and gain privileges by using TFTP to download the nvram file, then extracting the username, password, and other data from the file.
13 CVE-2004-2436 +Priv 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
Computer Associates Unicenter Common Services 3.0 and earlier stores the database "SA" password in cleartext in the TndAddNspTmp.bat file, which could allow local users to gain privileges.
14 CVE-2004-2430 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Trend OfficeScan Corporate Edition 5.58 and possibly earler does not drop privileges when opening a help window from a virus detection pop-up window, which allows local users to gain SYSTEM privileges.
15 CVE-2004-2359 +Priv 2004-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does not properly drop SYSTEM privileges when started from the systray applet, which allows local users to gain privileges by accessing the Help functionality.
16 CVE-2004-2350 +Priv Sql 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the search_results parameter.
17 CVE-2004-2335 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program.
18 CVE-2004-2312 Overflow +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
19 CVE-2004-2229 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0.0.0 through 5.0.2.9.0 allow remote authenticated users to gain privileges.
20 CVE-2004-2228 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges.
21 CVE-2004-2215 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, which allows local users to access the terminals of other users and possibly gain privileges.
22 CVE-2004-2125 Overflow +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long packetLog.fileprefix value.
23 CVE-2004-2073 +Priv 2004-02-06 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
24 CVE-2004-2050 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell.
25 CVE-2004-2024 +Priv 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The distribution of Zen Cart 1.1.4 before patch 2 includes certain debugging code in the Admin password retrieval functionality, which allows attackers to gain administrative privileges via password_forgotten.php.
26 CVE-2004-2012 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The systrace_exit function in the systrace utility for NetBSD-current and 2.0 before April 16, 2004, and certain FreeBSD ports, does not verify the owner of the /dec/systrace connection before setting euid to 0, which allows local users to gain root privileges.
27 CVE-2004-2004 +Priv 2004-05-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
28 CVE-2004-1997 +Priv 2004-05-05 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
29 CVE-2004-1952 Exec Code +Priv Sql 2004-04-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password.
30 CVE-2004-1873 +Priv Sql 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2.0 allows remote attackers to gain privileges via the catcode parameter.
31 CVE-2004-1847 +Priv Bypass 2004-03-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
News Manager Lite 2.5 allows remote attackers to bypass authentication and gain administrator privileges by setting the ADMIN parameter in the NEWS_LOGIN cookie.
32 CVE-2004-1842 +Priv CSRF 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x through 7.1.0 allows remote attackers to gain administrative privileges via an img tag with a URL to admin.php.
33 CVE-2004-1833 +Priv 2004-03-20 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The admin.ib file in Borland Interbase 7.1 for Linux has default world writable permissions, which allows local users to gain database administrative privileges.
34 CVE-2004-1821 +Priv Sql 2004-03-15 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to gain privileges or perform unauthorized database operations via the gid parameter.
35 CVE-2004-1767 264 +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
36 CVE-2004-1764 Overflow +Priv 2004-01-14 2009-03-04
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
37 CVE-2004-1760 287 +Priv 2004-01-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.
38 CVE-2004-1758 +Priv 2004-04-13 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up to SP4, and 6.1 up to SP6 may store the database username and password for an untargeted JDBC connection pool in plaintext in config.xml, which allows local users to gain privileges.
39 CVE-2004-1757 +Priv 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the administrator password in cleartext in config.xml, which allows local users to gain privileges.
40 CVE-2004-1755 +Priv 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Web Services fat client for BEA WebLogic Server and Express 7.0 SP4 and earlier, when using 2-way SSL and multiple certificates to connect to the same URL, may use the incorrect identity after the first connection, which could allow users to gain privileges.
41 CVE-2004-1707 +Priv 2004-07-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0.
42 CVE-2004-1704 +Priv 2004-07-30 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privileges via a direct request to adminrestore.php in the extras directory.
43 CVE-2004-1683 +Priv 2004-09-13 2008-09-05
3.7
User Local High Not required Partial Partial Partial
A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap.
44 CVE-2004-1682 +Priv 2004-08-15 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in QNX 6.1 FTP client allows remote authenticated users to gain group bin privileges via format string specifiers in the QUOTE command.
45 CVE-2004-1681 Overflow +Priv 2004-08-26 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-installer, or (4) input-cfg in QNX Photon microGUI for QNX RTP 6.1 allow local users to gain privileges via a long -s (server) command line parameter.
46 CVE-2004-1661 +Priv Bypass 2004-09-02 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
47 CVE-2004-1652 +Priv 2004-08-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
48 CVE-2004-1624 +Priv 2004-10-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Carbon Copy 6.0.5257 does not drop system privileges when opening external programs through the help topic interface, which allows local users to gain privileges via (1) the help topic interface in CCW32.exe, which launches Notepad, or (2) the help button in the Carbon Copy Scheduler (CCSched.exe).
49 CVE-2004-1573 Exec Code +Priv 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The documentation for AJ-Fork 167 implies that users should set permissions for users.db.php to 777, which allows local users to execute arbitrary PHP code and gain privileges as the administrator.
50 CVE-2004-1567 +Priv 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers to gain privileges by setting the mail parameter to 1, which is the value for an administrator.
Total number of vulnerabilities : 134   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.