2004 年に公開された CVE を表示しています。 CVE の一覧へ
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2004-9999 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been used as a placeholder by multiple organizations for multiple issues, but it is invalid. Notes: All CVE users should search CVE for the proper identifier. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.26% | 2004-12-31 | 2023-11-07 |
| CVE-2004-9998 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been used as a placeholder by multiple organizations for multiple issues, but it is invalid. Notes: All CVE users should search CVE for the proper identifier. All references and descriptions in this candidate have been removed to prevent accidental usage | 該当なし | 0.26% | 2004-12-31 | 2023-11-07 |
| CVE-2004-2760 | sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190. NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a sep | 6.8 | 0.30% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2759 | Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilization Suite 4.0 through 4.1 and Performance Suite 4.0 through 4.1, might allow local users to read portions of deleted files by accessing data within sparse files. | 2.1 | 0.07% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2758 | Multiple unspecified vulnerabilities in the H.323 protocol implementation for Sun SunForum 3.2 and 3D 1.0 allow remote attackers to cause a denial of service (segmentation fault and process crash), as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | 7.5 | 8.40% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2757 | Cross-site scripting (XSS) vulnerability in the failed login page in Novell iChain before 2.2 build 2.2.113 and 2.3 First Customer Ship (FCS) allows remote attackers to inject arbitrary web script or HTML via url parameter. | 4.3 | 0.34% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2756 | Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x, possibly 2 through 2.0.5, allows remote attackers to inject arbitrary web script or HTML via the (1) forum and (2) topic_id parameters. | 4.3 | 0.38% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2755 | Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, 3.0.0, and 3.0.1 before build 62 allows remote attackers to inject arbitrary web script or HTML via the query string in blocked URLs that are listed in (1) error or (2) block page messages. | 4.3 | 1.16% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2754 | SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions. | 7.5 | 1.89% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2753 | Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B.11.22 allows local users to access unspecified files or cause a denial of service via unknown vectors related to handling of "files in a potentially insecure manner." | 5.6 | 0.08% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2752 | Cross-site scripting (XSS) vulnerability in the Downloads module in PostNuke up to 0.726, and possibly later versions, allows remote attackers to inject arbitrary HTML and web script via the ttitle parameter in a viewdownloaddetails action. | 4.3 | 0.25% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2751 | SQL injection vulnerability in the members_list module in PostNuke 0.726, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the sortby parameter. | 6.8 | 0.78% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2750 | Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | 5.0 | 2.95% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2749 | Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error. | 4.3 | 0.50% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2748 | viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6.1a allows remote attackers to determine the installation path via an invalid profileid parameter, which leaks the pathname in an error message. | 4.3 | 7.23% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2747 | Directory traversal vulnerability in Pablo Software Solutions Quick 'n Easy FTP Server 1.77, and possibly earlier versions, allows remote authenticated users to determine the existence of arbitrary files via a .. (dot dot) in the DEL command, which triggers different error messages depending on whether the file exists or not. | 4.0 | 0.26% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2746 | SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gallery 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. | 7.5 | 0.80% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2745 | Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | 7.8 | 2.20% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2744 | Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has unknown impact and attack vectors, related to a "security update release." | 5.0 | 0.49% | 2004-12-31 | 2026-04-16 |
| CVE-2004-2743 | upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attackers to copy or overwrite arbitrary files via unspecified parameters related to names of uploaded files. | 6.4 | 0.55% | 2004-12-31 | 2026-04-16 |