CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004(Bypass)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0190 Dir. Trav. Bypass 2004-09-29 2008-09-05
2.6
None Remote High Not required None Partial None
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.
2 CVE-2004-2736 287 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
3 CVE-2004-2734 287 Bypass 2004-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses an uppercase Alias tag with an inconsistent lowercase directory tag for a volume, which allows remote attackers to bypass access control to the WEB-INF folder.
4 CVE-2004-2715 287 +Priv Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
5 CVE-2004-2703 310 Bypass 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweeper for SMTP version 4.3 or MAILsweeper Business Suite I or II, allows remote attackers to bypass scanning by including encrypted data in a mail message, which causes the message to be marked as "Clean" instead of "Encrypted".
6 CVE-2004-2694 264 Bypass 2004-12-31 2008-09-05
5.8
None Remote Medium Not required Partial Partial None
Microsoft Outlook Express 6.0 allows remote attackers to bypass intended access restrictions, load content from arbitrary sources into the Outlook context, and facilitate phishing attacks via a "BASE HREF" with the target set to "_top".
7 CVE-2004-2692 264 Exec Code Bypass 2004-12-31 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mode disabled allows remote attackers to bypass restrictions and execute arbitrary commands via a backtick operator, which is not handled using the php_escape_shell_cmd function.
8 CVE-2004-2637 Bypass 2004-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions.
9 CVE-2004-2619 Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted.
10 CVE-2004-2597 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Quake II server before R1Q2, as used in multiple products, allows remote attackers to bypass IP-based access control rules via a userinfo string that already contains an "ip" key/value pair but is also long enough to cause a new key/value pair to be truncated, which interferes with the server's ability to find the client's IP address.
11 CVE-2004-2579 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access control rules of an unspecified component via an unspecified attack vector involving a string that contains escape sequences represented with "overlong UTF-8 encoding."
12 CVE-2004-2542 DoS Exec Code Sql Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.
13 CVE-2004-2529 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Gadu-Gadu allows remote attackers to bypass the "image send" option by sending a very small image file, which could be used in conjunction with image-related vulnerabilities.
14 CVE-2004-2481 Bypass 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
MyProxy 6.58 allows remote authenticated users in the Users Tab to connect to arbitrary hosts from the MyProxy server, possibly bypassing access restrictions, by connecting to the proxy and issuing a CONNECT command.
15 CVE-2004-2480 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.
16 CVE-2004-2443 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Jaws 0.3 allows remote attackers to bypass authentication and via an HTTP request to admin.php with the logged cookie set to the MD5 hash of a null password, which is compared against the logged session variable by the logged_on function in application.php.
17 CVE-2004-2442 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Multiple interpretation error in various F-Secure Anti-Virus products, including Workstation 5.43 and earlier, Windows Servers 5.50 and earlier, MIMEsweeper 5.50 and earlier, Anti-Virus for Linux Servers and Gateways 4.61 and earlier, and other products, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on the target system.
18 CVE-2004-2431 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 through 0.3.1, with the linking service enabled, allows remote attackers to bypass authentication.
19 CVE-2004-2426 Dir. Trav. Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlier, allows remote attackers to bypass authentication via a .. (dot dot) in an HTTP POST request to ServerManager.srv, then use these privileges to conduct other activities, such as modifying files using editcgi.cgi.
20 CVE-2004-2421 Bypass 2004-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP 6 and 7, when running on HP-UX in trusted mode, allows attackers to bypass authentication and gain administrator rights.
21 CVE-2004-2405 DoS Overflow Bypass 2004-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Buffer overflow in multiple F-Secure Anti-Virus products, including F-Secure Anti-Virus 5.42 and earlier, allows remote attackers to bypass scanning or cause a denial of service (crash or module restart), depending on the product, via a malformed LHA archive.
22 CVE-2004-2383 Bypass 2004-12-31 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
23 CVE-2004-2363 XSS Bypass 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None Partial None
Validate-Before-Canonicalize vulnerability in the checkURI function in functions.inc.php in PHPX 3.0 through 3.2.6 allows remote attackers to conduct cross-site scripting (XSS) attacks via hex-encoded tags, which bypass the check for literal "<", ">", "(", and ")" characters, as demonstrated using the limit parameter to forums.php and a variety of other vectors.
24 CVE-2004-2343 Bypass 2004-12-31 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the .htaccess mechanism is only intended to restrict external web access, and a local user already has the privileges to perform the same operations without using ErrorDocument.
25 CVE-2004-2338 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules without netmasks on big-endian 64-bit platforms such as SPARC64, which may allow remote attackers to bypass access restrictions.
26 CVE-2004-2331 Bypass +Info 2004-12-31 2008-09-05
2.1
None Local Low Not required Partial None None
ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox security restrictions and obtain sensitive information by using Java reflection methods to access trusted Java objects without using the CreateObject function or cfobject tag.
27 CVE-2004-2326 Sql Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34.
28 CVE-2004-2305 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote attackers to bypass virus scanning by including a password-protected file in a ZIP file, which causes eTrust to scan only the password protected file and skip the other files.
29 CVE-2004-2283 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote attackers to bypass URL filters via a crafted request that causes a page to be added to the clean page cache.
30 CVE-2004-2282 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filters via a ".." in the request.
31 CVE-2004-2276 Bypass 2004-12-31 2008-09-05
2.1
None Local Low Not required None Partial None
F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and 5.52, 4.60 for Samba Servers, and 4.52 and earlier for Linux does not properly detect certain viruses in a PKZip archive, which allows viruses such as Sober.D and Sober.G to bypass initial detection.
32 CVE-2004-2254 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter.
33 CVE-2004-2250 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
34 CVE-2004-2249 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions.
35 CVE-2004-2220 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required None Partial None
F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not properly detect certain password-protected files in a ZIP file, which allows remote attackers to bypass anti-virus protection.
36 CVE-2004-2214 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters.
37 CVE-2004-2202 Exec Code Sql Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form.
38 CVE-2004-2176 Bypass 2004-12-31 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF access controls.
39 CVE-2004-2163 Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies.
40 CVE-2004-2155 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php.
41 CVE-2004-2154 Bypass 2004-12-31 2010-08-21
7.5
None Remote Low Not required Partial Partial Partial
CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
42 CVE-2004-2144 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php.
43 CVE-2004-2100 Bypass 2004-12-31 2008-09-05
5.0
None Remote Low Not required Partial None None
GeoHttpServer, when configured to authenticate users, allows remote attackers to bypass authentication and access unauthorized files via a URL that contains %0a%0a (encoded newlines).
44 CVE-2004-2088 Bypass 2004-02-12 2008-09-05
5.0
None Remote Low Not required None Partial None
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
45 CVE-2004-2079 Bypass 2004-02-09 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
46 CVE-2004-2071 Bypass 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versions, allows remote attackers to bypass authentication in the web interface via an HTTP GET request with two slashes ("//") after the server name.
47 CVE-2004-2067 Sql Bypass 2004-07-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters.
48 CVE-2004-2066 Exec Code Sql Bypass 2004-07-29 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
49 CVE-2004-2065 Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename.
50 CVE-2004-2032 Bypass 2004-05-24 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Netgear RP114 allows remote attackers to bypass the keyword based URL filtering by requesting a long URL, as demonstrated using a large number of %20 (hex-encoded space) sequences.
Total number of vulnerabilities : 145   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.