Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-1117 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
| CVE-2004-1116 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
| CVE-2004-1314 | 1 Apple | 1 Safari | 2017-07-11 | 7.5 HIGH | N/A |
| Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | |||||
| CVE-2004-1313 | 1 Webroot Software | 1 My Firewall Plus | 2017-07-11 | 7.2 HIGH | N/A |
| The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. | |||||
| CVE-2004-1115 | 1 Gentoo | 1 Linux | 2017-07-11 | 7.2 HIGH | N/A |
| The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | |||||
| CVE-2004-1113 | 1 Sqlgrey | 1 Sqlgrey Postfix Greylisting Service | 2017-07-11 | 10.0 HIGH | N/A |
| SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. | |||||
| CVE-2004-1112 | 2 Cisco, Okena | 2 Security Agent, Stormwatch | 2017-07-11 | 5.1 MEDIUM | N/A |
| The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. | |||||
| CVE-2004-1110 | 2 Gentoo, Jean-jacques Sarton | 2 Linux, Mtink | 2017-07-11 | 2.1 LOW | N/A |
| The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | |||||
| CVE-2004-1109 | 1 Kerio | 1 Personal Firewall | 2017-07-11 | 5.0 MEDIUM | N/A |
| The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. | |||||
| CVE-2004-1108 | 1 Gentoo | 1 Linux | 2017-07-11 | 2.1 LOW | N/A |
| qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | |||||
| CVE-2004-1107 | 1 Gentoo | 1 Linux | 2017-07-11 | 2.1 LOW | N/A |
| dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2004-1106 | 2 Gallery Project, Gentoo | 2 Gallery, Linux | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | |||||
| CVE-2004-1105 | 1 Nortel | 1 Contivity | 2017-07-11 | 5.0 MEDIUM | N/A |
| Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2004-1103 | 1 Tips | 1 Mailpost | 2017-07-11 | 5.0 MEDIUM | N/A |
| MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version. | |||||
| CVE-2004-1102 | 1 Tips | 1 Mailpost | 2017-07-11 | 5.0 MEDIUM | N/A |
| MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information. | |||||
| CVE-2004-1101 | 1 Tips | 1 Mailpost | 2017-07-11 | 5.8 MEDIUM | N/A |
| mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. | |||||
| CVE-2004-1100 | 1 Tips | 1 Mailpost | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter. | |||||
| CVE-2004-1098 | 3 Mandrakesoft, Roaring Penguin, Suse | 4 Mandrake Linux, Mandrake Linux Corporate Server, Mimedefang and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. | |||||
| CVE-2004-1097 | 1 Cherokee | 1 Cherokee Httpd | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL. | |||||
| CVE-2004-1311 | 1 Mplayer | 1 Mplayer | 2017-07-11 | 10.0 HIGH | N/A |
| Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow. | |||||
| CVE-2004-1069 | 2 Linux, Ubuntu | 2 Linux Kernel, Ubuntu Linux | 2017-07-11 | 1.2 LOW | N/A |
| Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function. | |||||
| CVE-2004-1310 | 1 Mplayer | 1 Mplayer | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet. | |||||
| CVE-2004-1067 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. | |||||
| CVE-2004-1066 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 3.6 LOW | N/A |
| The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future. | |||||
| CVE-2004-1062 | 1 Viewcvs | 1 Viewcvs | 2017-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 allow remote attackers to inject arbitrary HTML and web script via certain error messages. | |||||
| CVE-2004-1005 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-1004 | 6 Debian, Gentoo, Midnight Commander and 3 more | 8 Debian Linux, Linux, Midnight Commander and 5 more | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. | |||||
| CVE-2004-1309 | 1 Mplayer | 1 Unix Mplayer | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field. | |||||
| CVE-2004-1003 | 1 Trend Micro | 1 Scanmail Domino | 2017-07-11 | 5.0 MEDIUM | N/A |
| Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file. | |||||
| CVE-2004-1304 | 3 File, Gentoo, Trustix | 3 File, Linux, Secure Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. | |||||
| CVE-2004-1000 | 1 Debian | 1 Lintian | 2017-07-11 | 2.1 LOW | N/A |
| lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. | |||||
| CVE-2004-0999 | 1 Zgv | 1 Zgv Image Viewer | 2017-07-11 | 2.6 LOW | N/A |
| zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images. | |||||
| CVE-2004-0998 | 1 Telnetd | 2 Telnetd, Telnetd-ssl | 2017-07-11 | 7.5 HIGH | N/A |
| Format string vulnerability in telnetd-ssl 0.17 and earlier allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0996 | 4 Cscope, Debian, Gentoo and 1 more | 4 Cscope, Debian Linux, Linux and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-0994 | 2 Debian, Zgv | 3 Debian Linux, Xzgv Image Viewer, Zgv Image Viewer | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct. | |||||
| CVE-2004-0993 | 1 Hp | 1 Sockd | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. | |||||
| CVE-2004-0992 | 1 Proxytunnel | 1 Proxytunnel | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer. | |||||
| CVE-2004-1032 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2017-07-11 | 2.1 LOW | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string. | |||||
| CVE-2004-0986 | 4 Debian, Linux, Redhat and 1 more | 4 Debian Linux, Linux Kernel, Fedora Core and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers. | |||||
| CVE-2004-0985 | 1 Microsoft | 1 Ie | 2017-07-11 | 10.0 HIGH | N/A |
| Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help. | |||||
| CVE-2004-1303 | 1 Yanf | 1 Yanf | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses. | |||||
| CVE-2004-1302 | 1 Yamt | 1 Yamt | 2017-07-11 | 10.0 HIGH | N/A |
| The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag. | |||||
| CVE-2004-0953 | 1 Jabber Software Foundation | 1 Jabber Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username. | |||||
| CVE-2004-1031 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2017-07-11 | 7.2 HIGH | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. | |||||
| CVE-2004-0950 | 1 Danware Data | 1 Netop | 2017-07-11 | 5.0 MEDIUM | N/A |
| NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request. | |||||
| CVE-2004-0947 | 3 Arj Software Inc., Gentoo, Suse | 3 Unarj, Linux, Suse Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. | |||||
| CVE-2004-1301 | 1 Xlreader | 1 Xlreader | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file. | |||||
| CVE-2004-0929 | 2 Libtiff, Suse | 2 Libtiff, Suse Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image. | |||||
| CVE-2004-0928 | 2 Hitachi, Macromedia | 4 Cosminexus Enterprise, Cosminexus Server, Coldfusion and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". | |||||
| CVE-2004-0920 | 1 Symantec | 1 Norton Antivirus | 2017-07-11 | 5.0 MEDIUM | N/A |
| Symantec Norton AntiVirus 2004, and earlier versions, allows a virus or other malicious code to avoid detection or cause a denial of service (application crash) using a filename containing an MS-DOS device name. | |||||