CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2004(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-1247 DoS 2004-01-15 2008-09-05
5.0
None Remote Low Not required None None Partial
webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to cause a denial of service via malformed ASN.1 packets in corrupt client certificates to an SSL server, as demonstrated using an exploit for the OpenSSL ASN.1 parsing vulnerability.
2 CVE-2005-0068 DoS 2004-12-22 2008-09-05
5.0
None Remote Low Not required None None Partial
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
3 CVE-2005-0067 DoS 2004-12-22 2008-09-05
5.0
None Remote Low Not required None None Partial
The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
4 CVE-2005-0066 DoS 2004-12-22 2008-09-05
5.0
None Remote Low Not required None None Partial
The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.
5 CVE-2004-2758 DoS 2004-12-31 2010-05-29
7.5
None Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
6 CVE-2004-2753 DoS 2004-12-31 2008-09-05
5.6
None Local Low Not required Partial None Complete
Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner."
7 CVE-2004-2728 119 DoS Overflow 2004-12-31 2008-09-05
3.5
None Remote Medium Single system None None Partial
Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and 9.0 allows remote, authenticated users to cause a denial of service (application crash) via a long argument to the XCWD command.
8 CVE-2004-2727 119 DoS Overflow 2004-12-31 2008-09-05
4.3
None Remote Medium Not required None None Partial
Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 through 1.7 allows remote attackers to cause a denial of service (application crash) via a long HTTP GET request.
9 CVE-2004-2726 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
HTTPMail service in MailEnable Professional 1.18 does not properly handle arguments to the Authorization header, which allows remote attackers to cause a denial of service (null dereference and application crash). NOTE: This is a different vulnerability than CVE-2005-1348.
10 CVE-2004-2724 287 DoS 2004-12-31 2008-09-05
7.1
None Remote Medium Not required None None Complete
LionMax Software Chat Anywhere 2.72a allows remote attackers to cause a denial of service (server crash and client CPU consumption) via a username beginning with percent (%) followed by a null character.
11 CVE-2004-2713 264 DoS 2004-12-31 2008-09-05
1.9
None Local Medium Not required None None Partial
** DISPUTED ** Zone Alarm Pro 1.0 through 5.1 gives full access to %windir%\Internet Logs\* to the EVERYONE group, which allows local users to cause a denial of service by modifying the folder contents or permissions. NOTE: this issue has been disputed by the vendor, who claims that it does not affect product functionality since the same information is also saved in a protected file.
12 CVE-2004-2712 119 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to "URL data."
13 CVE-2004-2711 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to "avatar retrieval."
14 CVE-2004-2710 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to (1) sending certain typing statuses or (2) setting the chat room status bar to the current chat room name.
15 CVE-2004-2709 119 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown vectors involving HTML tags.
16 CVE-2004-2706 20 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 allows remote attackers to cause a denial of service (crash) via conference packets with error messages.
17 CVE-2004-2698 362 DoS 2004-12-31 2008-09-05
6.9
None Local Medium Not required Complete Complete Complete
Race condition in IMWheel 1.0.0pre11 and earlier, when running with the -k option, allows local users to cause a denial of service (IMWheel crash) and possibly modify arbitrary files via a symlink attack on the imwheel.pid file.
18 CVE-2004-2691 DoS 2004-12-31 2008-09-05
7.1
None Remote Medium Not required None None Complete
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
19 CVE-2004-2675 DoS 2004-12-31 2008-09-05
6.8
None Remote Low Single system None None Complete
ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.
20 CVE-2004-2673 DoS Exec Code Overflow 2004-12-31 2008-09-05
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.
21 CVE-2004-2665 DoS 2004-12-31 2009-03-04
4.9
None Local Low Not required None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.00, B.11.04, and B.11.11 before 20040628 allows local users to cause a denial of service via unspecified vectors.
22 CVE-2004-2662 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Soft3304 04WebServer before 1.41 allows remote attackers to cause a denial of service (resource consumption or crash) via certain data related to OpenSSL, which causes a thread to terminate but continue to hold resources.
23 CVE-2004-2660 DoS 2004-12-31 2010-08-21
4.9
None Local Low Not required None None Complete
Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows local users to cause a denial of service (memory consumption) via certain O_DIRECT (direct IO) write requests.
24 CVE-2004-2654 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory, a researcher claimed that the issue was a buffer overflow that was not fixed in STABLE6. However, the vendor's bug report clearly shows that the researcher later retracted this claim, because the tested product was actually STABLE5.
25 CVE-2004-2652 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when printing TCP/IP options using FAST output or verbose mode, allows remote attackers to cause a denial of service (crash) via packets with invalid TCP/IP options, which trigger a null dereference.
26 CVE-2004-2650 DoS 2004-12-31 2008-09-05
4.9
None Local Low Not required None None Complete
Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak.
27 CVE-2004-2648 DoS 2004-12-31 2008-09-05
1.0
None Local High Single system None None Partial
FreezeX 1.00.100.0666 allows local users with administrator privileges to cause a denial of service (FreezeX application) by overwriting the db.fzx file.
28 CVE-2004-2647 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
29 CVE-2004-2646 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.
30 CVE-2004-2641 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set.
31 CVE-2004-2629 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause a denial of service, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
32 CVE-2004-2614 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
33 CVE-2004-2599 DoS Overflow 2004-12-31 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple buffer overflows in Quake II server before R1Q2, as used in multiple products, allow local users to cause a denial of service (application crash) via the server console or rcon.
34 CVE-2004-2596 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Quake II server before R1Q2, as used in multiple products, allows remote attackers cause a denial of service (exhaustion of connection slots) via a large number of connections from the same IP address.
35 CVE-2004-2595 DoS Dir. Trav. 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Absolute path traversal vulnerability in Quake II server before R1Q2 on Linux, as used in multiple products, allows remote attackers to cause a denial of service (application crash) via a download command with a full pathname for a directory in the argument, which causes the server to crash when it cannot read data.
36 CVE-2004-2593 DoS Exec Code Overflow 2004-12-31 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in command-packet processing of Quake II server before R1Q2, as used in multiple products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a packet with a long cmd_args buffer.
37 CVE-2004-2592 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Quake II server before R1Q2, as used in multiple products, allows remote attackers cause a denial of service (application crash) via a modified client that asks the server to send data stored at a negative array offset, which is not handled when processing Configstrings and Baselines.
38 CVE-2004-2589 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Gaim before 0.82 allows remote servers to cause a denial of service (application crash) via a long HTTP Content-Length header, which causes Gaim to abort when attempting to allocate memory.
39 CVE-2004-2587 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service via a long txtusername parameter, possibly due to a buffer overflow.
40 CVE-2004-2583 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous open connections to TCP port 25.
41 CVE-2004-2581 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Novell iChain 2.3 allows attackers to cause a denial of service via a URL with a "specific string."
42 CVE-2004-2549 DoS Overflow 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow.
43 CVE-2004-2546 DoS 2004-12-31 2008-09-05
6.4
None Remote Low Not required Partial None Partial
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
44 CVE-2004-2545 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote attackers to cause a denial of service (SMTP proxy failure) via unknown attack vendors involving an "extremely busy network." NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.
45 CVE-2004-2543 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote attackers to cause a denial of service (proxy failure) via invalid traffic to the (1) T.120 or (2) RTSP proxy, or (3) invalid MIME messages to the mail filter. NOTE: this might not be a vulnerability because the embedded monitoring sub-system automatically restarts after the failure.
46 CVE-2004-2542 DoS Exec Code Sql Bypass 2004-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in Dynix (formerly known as epixtech) WebPAC allow remote attackers to execute arbitrary SQL commands via unknown attack vectors, resulting in an ability to execute stored procedures, bypass login authentication, and cause an unspecified denial of service to backend databases.
47 CVE-2004-2540 DoS 2004-12-31 2008-09-05
5.0
None Remote Low Not required None None Partial
readObject in (1) Java Runtime Environment (JRE) and (2) Software Development Kit (SDK) 1.4.0 through 1.4.2_05 allows remote attackers to cause a denial of service (JVM unresponsive) via crafted serialized data.
48 CVE-2004-2539 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP 6.0 allows remote attackers to cause a denial of service (panic and reboot) and possibly other impacts via unknown attack vectors, possibly related to unspecified worms, as identified by bug ID
49 CVE-2004-2534 DoS 2004-12-31 2008-09-05
7.8
None Remote Low Not required None None Complete
Fastream NETFile Server 7.1.2 does not properly handle keep-alive connection timeouts and does not close the connection after a HEAD request, which allows remote attackers to perform a denial of service (connection consumption) by sending a large number HTTP HEAD requests.
50 CVE-2004-2533 20 DoS Mem. Corr. 2004-12-31 2010-04-27
5.0
None Remote Low Not required None None Partial
Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause a denial of service (application crash) via a SITE CHMOD command with a "\\...\" followed by a short string, causing partial memory corruption, a different vulnerability than CVE-2004-2111.
Total number of vulnerabilities : 580   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.