CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-2136 2004-02-19 2008-09-05
2.1
None Local Low Not required Partial None None
dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
2 CVE-2004-2093 DoS Exec Code Overflow 2004-02-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
3 CVE-2004-2092 2004-02-09 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.
4 CVE-2004-2091 2004-02-10 2008-09-05
5.0
None Remote Low Not required None Partial None
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
5 CVE-2004-2090 2004-02-07 2008-09-05
5.0
None Remote Low Not required Partial None None
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
6 CVE-2004-2089 DoS 2004-02-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command.
7 CVE-2004-2088 Bypass 2004-02-12 2008-09-05
5.0
None Remote Low Not required None Partial None
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
8 CVE-2004-2086 DoS Exec Code Overflow 2004-02-06 2008-09-05
5.0
None Remote Low Not required None None Partial
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
9 CVE-2004-2085 XSS 2004-02-04 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.
10 CVE-2004-2084 XSS 2004-02-07 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.
11 CVE-2004-2083 2004-02-11 2008-09-05
2.6
None Remote High Not required None Partial None
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
12 CVE-2004-2082 DoS 2004-02-13 2008-09-05
5.0
None Remote Low Not required None None Partial
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
13 CVE-2004-2080 2004-02-09 2008-09-10
5.0
None Remote Low Not required None None Partial
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
14 CVE-2004-2079 Bypass 2004-02-09 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
15 CVE-2004-2078 DoS Overflow 2004-02-09 2008-09-05
5.0
None Remote Low Not required None None Partial
Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.
16 CVE-2004-2077 DoS 2004-02-08 2008-09-05
5.0
None Remote Low Not required None None Partial
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.
17 CVE-2004-2073 +Priv 2004-02-06 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
18 CVE-2004-1360 2004-02-27 2008-09-10
2.1
None Local Low Not required None Partial None
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
19 CVE-2004-1244 Exec Code 2004-02-08 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
20 CVE-2004-1180 DoS 2004-02-16 2008-09-10
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
21 CVE-2004-1082 2004-02-03 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
22 CVE-2004-0944 2004-02-28 2008-09-05
5.0
None Remote Low Not required Partial None None
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
23 CVE-2004-0466 DoS 2004-02-21 2008-09-05
5.0
None Remote Low Not required None None Partial
WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
24 CVE-2004-0324 Exec Code 2004-02-23 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
25 CVE-2004-0322 Exec Code XSS 2004-02-23 2008-09-05
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed.
26 CVE-2004-0095 DoS Exec Code Overflow 2004-02-17 2008-09-05
5.0
None Remote Low Not required None None Partial
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
27 CVE-2004-0091 XSS 2004-02-17 2008-09-10
4.3
None Remote Medium Not required None Partial None
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft."
28 CVE-2004-0074 Overflow +Priv 2004-02-17 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
29 CVE-2004-0073 Exec Code File Inclusion 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script.
30 CVE-2004-0072 Dir. Trav. 2004-02-17 2008-09-05
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request.
31 CVE-2004-0071 Dir. Trav. 2004-02-17 2005-10-20
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php.
32 CVE-2004-0070 Exec Code File Inclusion 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
33 CVE-2004-0069 Exec Code 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function.
34 CVE-2004-0068 Exec Code File Inclusion 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
35 CVE-2004-0067 79 XSS 2004-02-17 2011-09-13
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1.
36 CVE-2004-0066 2004-02-17 2008-09-05
5.0
None Remote Low Not required Partial None None
phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.
37 CVE-2004-0065 Sql 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php.
38 CVE-2004-0064 2004-02-17 2008-09-05
2.1
None Local Low Not required None Partial None
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory.
39 CVE-2004-0063 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
40 CVE-2004-0062 Overflow 2004-02-17 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity.
41 CVE-2004-0061 Bypass 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character.
42 CVE-2004-0060 DoS 2004-02-17 2008-09-05
5.0
None Remote Low Not required None None Partial
WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request.
43 CVE-2004-0059 Dir. Trav. 2004-02-17 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header.
44 CVE-2004-0058 2004-02-17 2008-09-05
2.1
None Local Low Not required None Partial None
Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file.
45 CVE-2004-0057 DoS 2004-02-17 2010-08-21
5.0
None Remote Low Not required None None Partial
The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989.
46 CVE-2004-0056 DoS Exec Code 2004-02-17 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
47 CVE-2004-0055 DoS 2004-02-17 2010-08-21
5.0
None Remote Low Not required None None Partial
The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value.
48 CVE-2004-0054 DoS Exec Code 2004-02-17 2009-03-04
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
49 CVE-2004-0049 DoS 2004-02-17 2008-09-05
6.8
None Remote Low Single system None None Complete
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
50 CVE-2004-0046 XSS 2004-02-03 2008-09-05
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character.
Total number of vulnerabilities : 90   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.