| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
21801 |
CVE-2004-2335 |
|
|
+Priv |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
The Macromedia installers and e-licensing client on Mac OS X, as used for Macromedia Contribute 2, Director, Dreamweaver, Fireworks, Flash, and Studio, install the AuthenticationService setuid and writable by other users, which allows local users to gain privileges by modifying the program. |
|
21802 |
CVE-2004-2329 |
|
|
Exec Code |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbitrary code with SYSTEM privileges via the Load button in the Firewall Configuration Files option, which does not drop privileges before opening the file loading dialog box. |
|
21803 |
CVE-2004-2326 |
|
|
Sql Bypass |
2004-12-31 |
2018-10-19 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in IP3 Networks NetAccess Appliance before firmware 3.1.18b13 allows remote attackers to bypass authentication via the (1) login or (2) password. NOTE: this issue was later reported to also affect firmware 4.0.34. |
|
21804 |
CVE-2004-2324 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx. |
|
21805 |
CVE-2004-2322 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the (1) announce and (2) notes modules of phpWebSite before 0.9.3-2 allows remote attackers to execute arbitrary SQL queries, as demonstrated using the ANN_id parameter to the announce module. |
|
21806 |
CVE-2004-2314 |
|
|
|
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b 2.2.116 does not have a password by default, which allows remote attackers to gain access. |
|
21807 |
CVE-2004-2312 |
|
|
Overflow +Priv |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument. |
|
21808 |
CVE-2004-2304 |
|
|
DoS Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. |
|
21809 |
CVE-2004-2300 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd is installed setuid or setgid. If not, then this issue should not be included in CVE. |
|
21810 |
CVE-2004-2299 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. |
|
21811 |
CVE-2004-2295 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to execute arbitrary SQL commands via the order parameter. |
|
21812 |
CVE-2004-2291 |
|
|
Exec Code |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via an embedded script that uses Shell Helper objects and a shortcut (link) to execute the target script. |
|
21813 |
CVE-2004-2290 |
|
|
Exec Code |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Microsoft Windows XP Explorer allows attackers to execute arbitrary code via a HTML and script in a self-executing folder that references an executable file within the folder, which is automatically executed when a user accesses the folder. |
|
21814 |
CVE-2004-2286 |
|
|
DoS Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow. |
|
21815 |
CVE-2004-2271 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. |
|
21816 |
CVE-2004-2270 |
|
|
Exec Code |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code. |
|
21817 |
CVE-2004-2269 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Stack-based buffer overflow in pads.c in Passive Asset Detection System (Pads) might allow local users to execute arbitrary code via a long report file name argument. NOTE: since Pads is not normally installed setuid, this may not be a vulnerability. |
|
21818 |
CVE-2004-2266 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter. |
|
21819 |
CVE-2004-2265 |
|
|
|
2004-12-31 |
2017-07-10 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact. |
|
21820 |
CVE-2004-2263 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie. |
|
21821 |
CVE-2004-2254 |
|
|
Bypass |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, allows remote attackers to bypass authentication for the administration interface via a direct request to admin.cgi with a modified utoken parameter. |
|
21822 |
CVE-2004-2250 |
|
|
Bypass |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the "access code" in RemoteEditor before 0.1.6 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. |
|
21823 |
CVE-2004-2249 |
|
|
Bypass |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in the "access code" in SecureEditor before 0.1.2 has unknown impact and attack vectors, possibly involving a bypass of IP address restrictions. |
|
21824 |
CVE-2004-2243 |
|
|
|
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous. |
|
21825 |
CVE-2004-2240 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. |
|
21826 |
CVE-2004-2239 |
|
|
DoS Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow attackers to cause a denial of service or execute arbitrary code. |
|
21827 |
CVE-2004-2234 |
|
|
|
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in Moodle before 1.2 allows teachers to log in as administrators. |
|
21828 |
CVE-2004-2232 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in sql.php in the Glossary module in Moodle 1.4.1 and earlier allows remote attackers to modify SQL statements. |
|
21829 |
CVE-2004-2228 |
|
|
+Priv |
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Mozilla Firefox before 1.0 is installed with world-writable permissions on Mac OS X, which allows local users to gain privileges. |
|
21830 |
CVE-2004-2221 |
|
|
Exec Code Overflow |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. |
|
21831 |
CVE-2004-2218 |
|
|
Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter. |
|
21832 |
CVE-2004-2214 |
|
|
Bypass |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to bypass access restrictions via a URI with mixed case characters. |
|
21833 |
CVE-2004-2212 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allows remote attackers to execute arbitrary SQL commands via the forum_id parameter. |
|
21834 |
CVE-2004-2209 |
|
|
Exec Code Sql |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
|
21835 |
CVE-2004-2206 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in NatterChat 1.12 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
|
21836 |
CVE-2004-2205 |
|
|
|
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allows local users to gain root access via unspecified vectors. |
|
21837 |
CVE-2004-2204 |
|
|
|
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Macromedia ColdFusion MX 6.0 and 6.1 application server, when running with the CreateObject function or CFOBJECT tag enabled, allows local users to conduct unauthorized activities and obtain administrative passwords by creating CFML scripts that use CreateObject or CFOBJECT. |
|
21838 |
CVE-2004-2203 |
|
|
|
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Ansel 1.2 through 2.0 uses insecure default permissions, which allows remote attackers to gain access to web readable directories. |
|
21839 |
CVE-2004-2202 |
|
|
Exec Code Sql Bypass |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 through 4.2 allows remote attackers to bypass authentication and execute other commands on the server's underlying database via the (1) cat_id or (2) sub_id parameters in adDetail.asp, or (2) the password parameter in the login form. |
|
21840 |
CVE-2004-2201 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to execute arbitrary SQL commands via the FOR_ID parameter in messages.asp, (2) MSG_ID parameter in messageDetail.asp, or (3) password parameter in the login form. |
|
21841 |
CVE-2004-2197 |
|
|
|
2004-12-31 |
2017-07-10 |
7.2 |
Admin |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ownership of files, which could allow local users to execute arbitrary programs. |
|
21842 |
CVE-2004-2192 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic Trader PHP 1.0 allows remote attackers to execute arbitrary SQL commands via the ttt_admin parameter. |
|
21843 |
CVE-2004-2189 |
|
|
Exec Code Sql |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in DMXReady Site Chassis Manager allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
|
21844 |
CVE-2004-2186 |
|
|
Exec Code Sql |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers to execute arbitrary SQL commands via SpecialMaintenance. |
|
21845 |
CVE-2004-2183 |
|
|
Exec Code |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to execute arbitrary shell commands via the query string. |
|
21846 |
CVE-2004-2182 |
287 |
|
|
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. |
|
21847 |
CVE-2004-2181 |
|
|
Exec Code Sql |
2004-12-31 |
2009-06-25 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remote attackers to execute arbitrary SQL commands via the (1) sort_by or (2) page parameters to view_user.php, or the (3) forum_id parameter to view_topic.php. NOTE: the sort_by vector was later reported to be present in WowBB 1.65. |
|
21848 |
CVE-2004-2178 |
|
|
Exec Code Sql |
2004-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. |
|
21849 |
CVE-2004-2175 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php. |
|
21850 |
CVE-2004-2173 |
|
|
Exec Code Sql |
2004-12-31 |
2017-07-10 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter. |
