Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0917 | 1 Vignette | 1 Application Portal | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag. | |||||
| CVE-2004-0915 | 2 Debian, Viewcvs | 2 Debian Linux, Viewcvs | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information. | |||||
| CVE-2004-0913 | 1 Ecartis | 1 Ecartis | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514-1.3 and 1.x before 1.0.0+cvs.20030911-8 allows attackers in the same domain to gain administrator privileges and modify configuration. | |||||
| CVE-2004-0911 | 1 Debian | 1 Netkit | 2017-07-11 | 5.0 MEDIUM | N/A |
| telnetd for netkit 0.17 and earlier, and possibly other versions, on Debian GNU/Linux allows remote attackers to cause a denial of service (free of an invalid pointer), a different vulnerability than CVE-2001-0554. | |||||
| CVE-2004-0881 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2017-07-11 | 2.1 LOW | N/A |
| getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. | |||||
| CVE-2004-0880 | 3 Gentoo, Getmail, Slackware | 3 Linux, Getmail, Slackware Linux | 2017-07-11 | 1.2 LOW | N/A |
| getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. | |||||
| CVE-2004-0875 | 1 Phpgroupware | 1 Phpgroupware | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module. | |||||
| CVE-2004-0873 | 1 Apple | 2 Ichat, Ichat Av | 2017-07-11 | 7.5 HIGH | N/A |
| Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program. | |||||
| CVE-2004-0838 | 1 Lexar | 1 Jumpdrive Secure | 2017-07-11 | 2.1 LOW | N/A |
| Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecurely in memory using XOR encryption, which allows local users to read the password directly from the device and access the password protected part of the drive. | |||||
| CVE-2004-1030 | 2 Gentoo, Thibault Godouet | 2 Linux, Fcron | 2017-07-11 | 2.1 LOW | N/A |
| fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. | |||||
| CVE-2004-0834 | 3 Gentoo, Mandrakesoft, Speedtouch | 5 Linux, Mandrake Linux, Mandrake Linux Corporate Server and 2 more | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. | |||||
| CVE-2004-0833 | 1 Debian | 1 Debian Linux | 2017-07-11 | 7.5 HIGH | N/A |
| Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-bin, uses a Sendmail configuration script with a fixed username and password, which could allow remote attackers to use Sendmail as an open mail relay and send spam messages. | |||||
| CVE-2004-0831 | 1 Mcafee | 1 Virusscan | 2017-07-11 | 7.2 HIGH | N/A |
| McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges. | |||||
| CVE-2004-0830 | 1 F-secure | 3 F-secure Anti-virus, F-secure Content Scanner Server, Internet Gatekeeper | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchange 6.21 and earlier, F-Secure Anti-Virus for Microsoft Exchange 6.01 and earlier, and F-Secure Internet Gatekeeper 6.32 and earlier allow remote attackers to cause a denial of service (service crash due to unhandled exception) via a certain malformed packet. | |||||
| CVE-2004-0829 | 1 Samba | 1 Samba | 2017-07-11 | 5.0 MEDIUM | N/A |
| smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2. | |||||
| CVE-2004-0828 | 1 Ibm | 1 Aix | 2017-07-11 | 2.1 LOW | N/A |
| The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and 5.3 does not properly drop privileges before executing the -f option, which allows local users to modify or create arbitrary files. | |||||
| CVE-2004-0826 | 4 Hp, Mozilla, Netscape and 1 more | 10 Hp-ux, Network Security Services, Certificate Server and 7 more | 2017-07-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. | |||||
| CVE-2004-0825 | 1 Apple | 1 Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations. | |||||
| CVE-2004-0824 | 1 Apple | 1 Mac Os X | 2017-07-11 | 2.1 LOW | N/A |
| PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to overwrite system files via a symlink attack on PPPDialer log files. | |||||
| CVE-2004-0822 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable. | |||||
| CVE-2004-0821 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges. | |||||
| CVE-2004-0820 | 1 Nullsoft | 1 Winamp | 2017-07-11 | 4.6 MEDIUM | N/A |
| Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file. | |||||
| CVE-2004-0819 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet. | |||||
| CVE-2004-1300 | 1 Xine | 1 Xine-lib | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file. | |||||
| CVE-2004-1298 | 1 Michael Kohn | 1 Vb2c | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file. | |||||
| CVE-2004-0805 | 2 Mandrakesoft, Mpg123 | 3 Mandrake Linux, Mandrake Linux Corporate Server, Mpg123 | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. | |||||
| CVE-2004-0802 | 9 Conectiva, Enlightenment, Imagemagick and 6 more | 16 Linux, Imlib, Imlib2 and 13 more | 2017-07-11 | 5.1 MEDIUM | N/A |
| Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||||
| CVE-2004-0801 | 4 Conectiva, Linuxprinting.org, Sun and 1 more | 4 Linux, Foomatic-filters, Java Desktop System and 1 more | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. | |||||
| CVE-2004-0799 | 1 Ipswitch | 1 Whatsup Gold | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows remote attackers to cause a denial of service (server crash) via a GET request containing an MS-DOS device name, as demonstrated using "prn.htm". | |||||
| CVE-2004-0795 | 1 Ibm | 1 Db2 Universal Database | 2017-07-11 | 7.2 HIGH | N/A |
| DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe. | |||||
| CVE-2004-1297 | 1 Zack Smith | 1 Unrtf | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file. | |||||
| CVE-2004-0794 | 1 Luke Mewburn | 2 Lukemftp, Tnftpd | 2017-07-11 | 5.1 MEDIUM | N/A |
| Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2004-0789 | 9 Axis, Delegate, Dnrd and 6 more | 15 2100 Network Camera, 2110 Network Camera, 2120 Network Camera and 12 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network bandwidth consumption) by triggering a communications loop via (a) DNS query packets with localhost as a spoofed source address, or (b) a response packet that triggers a response packet. | |||||
| CVE-2004-0787 | 1 Openca | 1 Openca | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA 0.9.1-8 and earlier, and 0.9.2 RC6 and earlier, allows remote attackers to inject arbitrary web script or HTML via the form input fields. | |||||
| CVE-2004-1296 | 1 Gnu | 1 Groff | 2017-07-11 | 2.1 LOW | N/A |
| The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. | |||||
| CVE-2004-1295 | 1 Uml-utilities | 1 Uml-utilities | 2017-07-11 | 2.1 LOW | N/A |
| The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled). | |||||
| CVE-2004-1294 | 1 Luke Mewburn | 1 Tnftp | 2017-07-11 | 5.0 MEDIUM | N/A |
| The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters. | |||||
| CVE-2004-0781 | 1 Icecast | 1 Icecast | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter. | |||||
| CVE-2004-1293 | 1 Rtf2latex2e | 1 Rtf2latex2e | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file. | |||||
| CVE-2004-0774 | 1 Realnetworks | 2 Helix Universal Mobile Server And Gateway, Helix Universal Server | 2017-07-11 | 7.8 HIGH | N/A |
| RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1. | |||||
| CVE-2004-0770 | 2 Debian, Dgen | 2 Debian Linux, Emulator | 2017-07-11 | 2.1 LOW | N/A |
| romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files. | |||||
| CVE-2004-0768 | 1 Greg Roelofs | 1 Libpng3 | 2017-07-11 | 7.5 HIGH | N/A |
| libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | |||||
| CVE-2004-0767 | 1 Ngsec | 1 Stackdefender | 2017-07-11 | 5.0 MEDIUM | N/A |
| NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions. | |||||
| CVE-2004-0766 | 1 Ngsec | 1 Stackdefender | 2017-07-11 | 5.0 MEDIUM | N/A |
| NGSEC StackDefender 2.0 allows attackers to cause a denial of service (system crash) via an invalid address for the BaseAddress parameter to the hooks for the (1) ZwAllocateVirtualMemory or (2) ZwProtectVirtualMemory functions. | |||||
| CVE-2004-0749 | 2 Gentoo, Subversion | 2 Linux, Subversion | 2017-07-11 | 5.0 MEDIUM | N/A |
| The mod_authz_svn module in Subversion 1.0.7 and earlier does not properly restrict access to all metadata on unreadable paths, which could allow remote attackers to gain sensitive information via (1) svn log -v, (2) svn propget, or (3) svn blame, and other commands that follow renames. | |||||
| CVE-2004-1292 | 1 Michael Kohn | 1 Ringtonetools | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file. | |||||
| CVE-2004-0744 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| The TCP/IP Networking component in Mac OS X before 10.3.5 allows remote attackers to cause a denial of service (memory and resource consumption) via a "Rose Attack" that involves sending a subset of small IP fragments that do not form a complete, larger packet. | |||||
| CVE-2004-0743 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Safari in Mac OS X before 10.3.5, after sending form data using the POST method, may re-send the data to a GET method URL if that URL is redirected after the POST data and the user uses the forward or backward buttons, which may cause an information leak. | |||||
| CVE-2004-0742 | 1 Sun | 1 Java System Calendar Server | 2017-07-11 | 10.0 HIGH | N/A |
| Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view. | |||||
| CVE-2004-1028 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | |||||