CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2004

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
851 CVE-2004-1562 Exec Code Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows remote attackers to execute arbitrary SQL commands via the key parameter.
852 CVE-2004-1561 Exec Code Overflow 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
853 CVE-2004-1560 DoS Overflow 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Microsoft SQL Server 7.0 allows remote attackers to cause a denial of service (mssqlserver service halt) via a long request to TCP port 1433, possibly triggering a buffer overflow.
854 CVE-2004-1559 XSS 2004-12-31 2017-07-10
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) redirect_to, text, popupurl, or popuptitle parameters to wp-login.php, (2) redirect_url parameter to admin-header.php, (3) popuptitle, popupurl, content, or post_title parameters to bookmarklet.php, (4) cat_ID parameter to categories.php, (5) s parameter to edit.php, or (6) s or mode parameter to edit-comments.php.
855 CVE-2004-1558 DoS Exec Code Overflow 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
856 CVE-2004-1557 Bypass 2004-12-31 2017-07-10
6.4
None Remote Low Not required Partial Partial None
MyWebServer 1.0.3 allows remote attackers to bypass authentication, modify configuration, and read arbitrary files via a direct HTTP request to (1) /admin or (2) ServerProperties.html.
857 CVE-2004-1556 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
MyWebServer 1.0.3 allows remote attackers to cause a denial of service (application crash) via a large number of connections within a short time.
858 CVE-2004-1555 Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Message Board allow remote attackers to run arbitrary SQL commands via the (1) keywords parameter to search.asp, (2) handle parameter to profile.asp, (3) txtUserHandle parameter to reg2.asp or (4) txtUserEmail parameter to forgot.asp.
859 CVE-2004-1554 Exec Code File Inclusion 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in livre_include.php in @lex Guestbook allows remote attackers to execute arbitrary PHP code by modifying the chem_absolu parameter to reference a URL on a remote web server that contains the code.
860 CVE-2004-1553 89 Sql 2004-12-31 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in aspWebAlbum allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the cat parameter to album.asp. NOTE: it was later reported that vector 1 affects aspWebAlbum 3.2, and the vector involves the txtUserName parameter in a processlogin action to album.asp, as reachable from the login action.
861 CVE-2004-1552 Sql 2004-12-31 2017-10-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in aspWebCalendar allows remote attackers to execute arbitrary SQL statements via (1) the username field on the login page or (2) the eventid parameter to calendar.asp.
862 CVE-2004-1551 XSS 2004-12-31 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the (1) email or (2) file modules in paFileDB 3.1 Final allows remote attackers to execute arbitrary web script or HTML via the id parameter.
863 CVE-2004-1550 Bypass +Info 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.
864 CVE-2004-1549 2004-12-31 2017-07-10
5.0
None Remote Low Not required Partial None None
The conference menu in ActivePost Standard 3.1 sends passwords of password-protected rooms in cleartext, which could allow remote attackers to gain sensitive information by sniffing the network connection.
865 CVE-2004-1548 Dir. Trav. 2004-12-31 2017-07-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename.
866 CVE-2004-1547 DoS Overflow 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow.
867 CVE-2004-1546 DoS Overflow 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST command to the IMAP server.
868 CVE-2004-1545 Exec Code 2004-12-31 2017-07-10
5.0
None Remote Low Not required None Partial None
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code.
869 CVE-2004-1544 XSS 2004-12-31 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter.
870 CVE-2004-1543 Dir. Trav. 2004-12-31 2017-07-10
5.0
None Remote Low Not required Partial None None
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter.
871 CVE-2004-1542 DoS Overflow 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply.
872 CVE-2004-1541 Exec Code 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share.
873 CVE-2004-1540 2004-12-31 2017-07-10
5.0
None Remote Low Not required None Partial None
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration file.
874 CVE-2004-1539 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference.
875 CVE-2004-1538 Exec Code Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
876 CVE-2004-1537 XSS 2004-12-31 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter.
877 CVE-2004-1536 Exec Code Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter.
878 CVE-2004-1535 Exec Code File Inclusion 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
879 CVE-2004-1534 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, allows remote web sites to cause a denial of service (application instability or system hang) via certain JavaScript.
880 CVE-2004-1533 DoS Overflow 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
881 CVE-2004-1532 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
AppServ 2.5.x and earlier installs a default username and password, which allows remote attackers to gain access.
882 CVE-2004-1531 Exec Code Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in post.php in Invision Power Board (IPB) 2.0.0 through 2.0.2 allows remote attackers to execute arbitrary SQL commands via the qpid parameter.
883 CVE-2004-1530 Exec Code Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the (1) eid or (2) cid parameters.
884 CVE-2004-1529 XSS 2004-12-31 2017-07-10
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the Event Calendar module 2.13 for PHP-Nuke allows remote attackers to execute arbitrary web script via the (1) type, (2) day, (3) month, or (4) year parameters in a Preview operation, or (5) event comments.
885 CVE-2004-1528 2004-12-31 2017-07-10
5.0
None Remote Low Not required Partial None None
The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to gain sensitive information via an HTTP request to (1) config.php, (2) index.php, or (3) submit.php, which reveal the full path in an error message.
886 CVE-2004-1527 2004-12-31 2017-07-10
5.0
None Remote Low Not required None Partial None
Microsoft Internet Explorer 6.0 SP1 does not properly handle certain character strings in the Path attribute, which can cause it to modify cookies in other domains when the attacker's domain name is within the target's domain name or when wildcard DNS is being used, which allows remote attackers to hijack web sessions.
887 CVE-2004-1526 2004-12-31 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game players can kick other players off the server, including the administrator.
888 CVE-2004-1525 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via the status command.
889 CVE-2004-1524 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (game interruption) via a malformed UDP packet sent to a game port, such as port 29200.
890 CVE-2004-1523 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Format string vulnerability in the game console in Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a message.
891 CVE-2004-1522 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
Format string vulnerability in Army Men RTS 1.0 allows remote attackers to cause a denial of service (application crash) via a nickname that contains format strings.
892 CVE-2004-1521 2004-12-31 2017-07-10
5.0
None Remote Low Not required Partial None None
Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers.
893 CVE-2004-1520 Exec Code Overflow 2004-12-31 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authenticated users to execute arbitrary code via a long IMAP DELETE command.
894 CVE-2004-1519 Exec Code Sql 2004-12-31 2017-07-10
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows remote attackers to execute arbitrary SQL commands via (1) the bug_id parameter in a viewvotes operation or (2) the project parameter in an add operation.
895 CVE-2004-1518 Exec Code Sql 2004-12-31 2017-07-10
4.6
User Local Low Not required Partial Partial Partial
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
896 CVE-2004-1517 Bypass 2004-12-31 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers to bypass Active Link Filtering via an instant message containing a URL with hex encoded file extensions.
897 CVE-2004-1516 Http R.Spl. 2004-12-31 2017-07-10
5.0
None Remote Low Not required None Partial None
CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via the block_username parameter in the user module.
898 CVE-2004-1515 Sql 2004-12-31 2016-10-17
7.5
User Remote Low Not required Partial Partial Partial
SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL statements via the fsel parameter, as demonstrated using last.php.
899 CVE-2004-1514 DoS 2004-12-31 2017-07-10
5.0
None Remote Low Not required None None Partial
04WebServer 1.42 allows remote attackers to cause a denial of service (fail to restart properly) via an HTTP request for an MS-DOS device name such as COM2.
900 CVE-2004-1513 2004-12-31 2017-07-10
5.0
None Remote Low Not required None Partial None
04WebServer 1.42 does not adequately filter data that is written to log files, which could allow remote attackers to inject carriage return characters into the log file and spoof log entries.
Total number of vulnerabilities : 1223   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 (This Page)19 20 21 22 23 24 25
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.