Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.
Max CVSS
10.0
EPSS Score
14.18%
Published
2004-12-22
Updated
2017-07-11
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
Max CVSS
10.0
EPSS Score
1.99%
Published
2004-12-31
Updated
2017-07-29
Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allows remote authenticated administrators to upload arbitrary files with executable extensions via admin/images.aspx.
Max CVSS
9.0
EPSS Score
0.25%
Published
2004-12-31
Updated
2008-09-05
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
Max CVSS
9.3
EPSS Score
5.46%
Published
2004-12-31
Updated
2017-07-29
NewsPHP allows remote attackers to gain unauthorized administrative access by setting a cookie to the "autorized=admin; root=admin" value.
Max CVSS
10.0
EPSS Score
0.63%
Published
2004-12-31
Updated
2017-07-29

CVE-2004-2687

Public exploit
distcc 2.x, as used in XCode 1.5 and others, when not configured to restrict access to the server port, allows remote attackers to execute arbitrary commands via compilation jobs, which are executed by the server without authorization checks.
Max CVSS
9.3
EPSS Score
92.48%
Published
2004-12-31
Updated
2008-09-05
Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.
Max CVSS
9.0
EPSS Score
1.07%
Published
2004-12-31
Updated
2017-07-29
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures."
Max CVSS
10.0
EPSS Score
0.55%
Published
2004-12-31
Updated
2017-07-20
Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags.
Max CVSS
10.0
EPSS Score
0.55%
Published
2004-12-31
Updated
2017-07-20
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.
Max CVSS
10.0
EPSS Score
13.21%
Published
2004-12-31
Updated
2017-07-20
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter."
Max CVSS
10.0
EPSS Score
0.55%
Published
2004-12-31
Updated
2017-07-20
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access.
Max CVSS
10.0
EPSS Score
1.30%
Published
2004-12-31
Updated
2017-07-20
Unspecified vulnerability in procfs in the Linux-VServer stable branch for the 2.4 kernel before 1.23 and Linux-VServer development branch for the 2.4 kernel before 1.3.5 has unspecified impact and attack vectors, related to "write access to specific proc entries from a vserver context", a different vulnerability than CVE-2004-2408.
Max CVSS
10.0
EPSS Score
0.53%
Published
2004-12-31
Updated
2008-09-05
Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) 0.46 has unknown impact and attack vectors, related to regular expressions.
Max CVSS
10.0
EPSS Score
0.55%
Published
2004-12-31
Updated
2017-07-11
Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impact and attack vectors, related to a "Webmail security bug."
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2017-07-11
Serv-U FTP server before 5.1.0.0 has a default account and password for local administration, which allows local users to execute arbitrary commands by connecting to the server using the default administrator account, creating a new user, logging in as that new user, and then using the SITE EXEC command.
Max CVSS
10.0
EPSS Score
0.18%
Published
2004-12-31
Updated
2020-07-28
Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.
Max CVSS
10.0
EPSS Score
4.17%
Published
2004-12-31
Updated
2017-10-19
Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2017-07-11
Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact and attack vectors, related to logins.
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4, when register_globals is enabled, has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.58%
Published
2004-12-31
Updated
2017-07-11
Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown impact and unknown remote attack vectors, related to a "potential security issue."
Max CVSS
10.0
EPSS Score
0.48%
Published
2004-12-31
Updated
2017-07-11
Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to obtain sensitive information via direct requests to (1) admin/getparam.cgi, (2) admin/systemlog.cgi, (3) admin/serverreport.cgi, and (4) admin/paramlist.cgi, modify system information via (5) setparam.cgi and (6) factorydefault.cgi, or (7) cause a denial of service (reboot) via restart.cgi.
Max CVSS
10.0
EPSS Score
3.46%
Published
2004-12-31
Updated
2008-09-05
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.
Max CVSS
10.0
EPSS Score
0.47%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown attack vectors and impact, related to a "security hole" in the Setup/Config functionality.
Max CVSS
10.0
EPSS Score
0.19%
Published
2004-12-31
Updated
2008-09-05
Unknown "overflow" in the phpgw_config table for phpGroupWare before 0.9.14.002 has unknown attack vectors and impact.
Max CVSS
10.0
EPSS Score
0.21%
Published
2004-12-31
Updated
2008-09-05
80 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!