2004 CVE Vulnerabilities

2,707 CVEs published in 2004.

CVE IDSeverityCVSSDescription
CVE-2004-0213HIGH7.8Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which all...
CVE-2004-0212Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, al...
CVE-2004-0210HIGH7.8The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain pa...
CVE-2004-0205Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the ...
CVE-2004-0204Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterpri...
CVE-2004-0202IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2...
CVE-2004-0201Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP,...
CVE-2004-0137Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system pan...
CVE-2004-0136The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system cra...
CVE-2004-0135The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and wr...
CVE-2004-0125The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables ori...
CVE-2004-1710page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.
CVE-2004-1711Cross-site scripting (XSS) vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary we...
CVE-2004-1712Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name ...
CVE-2004-0641Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP I...
CVE-2004-1365Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local...
CVE-2004-1364Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries ...
CVE-2004-1371Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in t...
CVE-2004-1709Datakey Rainbow iKey2032 USB token, when using the CIP client package, does not encrypt communications between the token...
CVE-2004-1367Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP o...
CVE-2004-1370Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remo...
CVE-2004-1679Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote attackers to create arbitrary files via a .../ (trip...
CVE-2004-1368ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname i...
CVE-2004-1366Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.propertie...
CVE-2004-1369The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed ser...

Check if your code is affected by 2004 CVEs

Strix scans your code and infrastructure for known vulnerabilities automatically.

Scan your code now