Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0659 | 1 Mplayer | 1 Mplayer | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name. | |||||
| CVE-2004-0658 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 7.2 HIGH | N/A |
| Integer overflow in the hpsb_alloc_packet function (incorrectly reported as alloc_hpsb_packet) in IEEE 1394 (Firewire) driver 2.4 and 2.6 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via the functions (1) raw1394_write, (2) state_connected, (3) handle_remote_request, or (4) hpsb_make_writebpacket. | |||||
| CVE-2004-1285 | 1 Mplayer | 1 Mplayer | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream. | |||||
| CVE-2004-0656 | 1 Pureftpd | 1 Pureftpd | 2017-07-11 | 5.0 MEDIUM | N/A |
| The accept_client function in PureFTPd 1.0.18 and earlier allows remote attackers to cause a denial of service by exceeding the maximum number of connections. | |||||
| CVE-2004-0655 | 1 Esearch | 1 Emerge Search Tool | 2017-07-11 | 7.2 HIGH | N/A |
| eupdatedb in esearch 0.6.1 and earlier allows local users to create arbitrary files via a symlink attack on the esearchdb.py.tmp temporary file. | |||||
| CVE-2004-0652 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.2 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack 4, and 8.1 through 8.1 Service Pack 2, allows attackers to obtain the username and password for booting the server by directly accessing certain internal methods. | |||||
| CVE-2004-0650 | 1 Newatlanta | 1 Servletexec | 2017-07-11 | 10.0 HIGH | N/A |
| UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL. | |||||
| CVE-2004-1284 | 1 Mpg123 | 1 Mpg123 | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. | |||||
| CVE-2004-0649 | 2 Gentoo, L2tpd | 2 Linux, L2tpd | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-0648 | 1 Mozilla | 3 Firefox, Mozilla, Thunderbird | 2017-07-11 | 10.0 HIGH | N/A |
| Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol. | |||||
| CVE-2004-0647 | 1 Shorewall | 1 Shorewall | 2017-07-11 | 4.6 MEDIUM | N/A |
| shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local users to overwrite arbitrary files via a symlink attack on the chains-$$ temporary file. | |||||
| CVE-2004-0646 | 1 Macromedia | 2 Coldfusion, Jrun | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 web server connectors, such as (1) mod_jrun and (2) mod_jrun20 for Apache, with verbose logging enabled, allows remote attackers to execute arbitrary code via a long HTTP header Content-Type field or other fields. | |||||
| CVE-2004-1283 | 1 Mesh Viewer | 1 Mesh Viewer | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows remote attackers to execute arbitrary code via crafted mesh files. | |||||
| CVE-2004-0645 | 2 Abisource, Wvware | 2 Community Abiword, Wvware | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field. | |||||
| CVE-2004-0641 | 1 Thomson | 1 Speedtouch | 2017-07-11 | 7.5 HIGH | N/A |
| Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. | |||||
| CVE-2004-1282 | 1 Linpopup | 1 Linpopup | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation. | |||||
| CVE-2004-0640 | 2 Netkit, Ssltelnetd | 2 Linux Netkit, Secure Telnet | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0639 | 3 Open Webmail, Sgi, Squirrelmail | 3 Open Webmail, Propack, Squirrelmail | 2017-07-11 | 6.8 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. | |||||
| CVE-2004-0636 | 1 Aol | 1 Instant Messenger | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message. | |||||
| CVE-2004-0632 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 7.5 HIGH | N/A |
| Adobe Reader 6.0 does not properly handle null characters when splitting a filename path into components, which allows remote attackers to execute arbitrary code via a file with a long extension that is not normally handled by Reader, triggering a buffer overflow. | |||||
| CVE-2004-0631 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via a long filename for the PDF file that is provided to the uudecode command. | |||||
| CVE-2004-0630 | 1 Adobe | 1 Acrobat Reader | 2017-07-11 | 10.0 HIGH | N/A |
| The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Unix and Linux, and possibly other versions including those before 5.0.9, allows remote attackers to execute arbitrary code via shell metacharacters ("`" or backtick) in the filename of the PDF file that is provided to the uudecode command. | |||||
| CVE-2004-0629 | 1 Adobe | 2 Acrobat, Acrobat Reader | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a null terminator (%00) followed by a long string. | |||||
| CVE-2004-0626 | 4 Conectiva, Gentoo, Linux and 1 more | 4 Linux, Linux, Linux Kernel and 1 more | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type. | |||||
| CVE-2004-0625 | 1 Websoft | 1 Infinity Web | 2017-07-11 | 7.5 HIGH | N/A |
| SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page. | |||||
| CVE-2004-0624 | 1 Artmedic Webdesign | 1 Artmedic Links | 2017-07-11 | 7.5 HIGH | N/A |
| PHP remote file inclusion vulnerability in index.php for Artmedic links 5.0 (artmedic_links5) allows remote attackers to execute arbitrary PHP code by modifying the id parameter to reference a URL on a remote web server that contains the code. | |||||
| CVE-2004-0623 | 1 Gnu | 1 Gnats | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog. | |||||
| CVE-2004-0621 | 1 Zaireweb Solutions | 1 Newsletter Zws | 2017-07-11 | 10.0 HIGH | N/A |
| admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords. | |||||
| CVE-2004-0620 | 1 Jelsoft | 1 Vbulletin | 2017-07-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel. | |||||
| CVE-2004-0618 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument. | |||||
| CVE-2004-0617 | 1 Arbitroweb | 1 Arbitroweb | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remote attackers to inject arbitrary script or HTML via the rawURL parameter. | |||||
| CVE-2004-0616 | 1 Bt | 1 Voyager 2000 Wireless Adsl Router | 2017-07-11 | 5.0 MEDIUM | N/A |
| The BT Voyager 2000 Wireless ADSL Router has a default public SNMP community name, which allows remote attackers to obtain sensitive information such as the password, which is stored in plaintext. | |||||
| CVE-2004-0615 | 1 D-link | 3 Di-614\+, Di-624, Di-704p | 2017-07-11 | 5.1 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | |||||
| CVE-2004-0614 | 1 Osticket | 1 Osticket Sts | 2017-07-11 | 6.4 MEDIUM | N/A |
| osTicket trusts a hidden form field in the submit form to limit the upload size of a document, which could allow remote attackers to upload a file of any size. | |||||
| CVE-2004-0613 | 1 Osticket | 1 Osticket Sts | 2017-07-11 | 7.5 HIGH | N/A |
| osTicket allows remote attackers to view sensitive uploaded files and possibly execute arbitrary code via an HTTP request that uploads a PHP file to the ticket attachments directory. | |||||
| CVE-2004-0612 | 1 Zonelabs | 1 Zonealarm | 2017-07-11 | 5.1 MEDIUM | N/A |
| The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mobile code within an SSL encrypted session, which could allow remote attackers to bypass the mobile code filtering. NOTE: it has been disputed by the vendor that this behavior is required by the SSL specification. | |||||
| CVE-2004-1281 | 1 Junkie | 1 Junkie Ftp Client | 2017-07-11 | 5.0 MEDIUM | N/A |
| The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in a filename. | |||||
| CVE-2004-1280 | 1 Junkie | 1 Junkie Ftp Client | 2017-07-11 | 10.0 HIGH | N/A |
| The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename. | |||||
| CVE-2004-0611 | 1 Netgear | 1 Fvs318 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. | |||||
| CVE-2004-0610 | 1 Microsoft | 1 Mn-500 Wireless Base Station | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Web administration interface in Microsoft MN-500 Wireless Router allows remote attackers to cause a denial of service (connection refusal) via a large number of open HTTP connections. | |||||
| CVE-2004-0609 | 1 Rssh | 1 Rssh | 2017-07-11 | 5.0 MEDIUM | N/A |
| rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail. | |||||
| CVE-2004-0608 | 10 Arush, Dreamforge, Epic Games and 7 more | 14 Devastation, Tnn Outdoors Pro Hunter, Unreal Engine and 11 more | 2017-07-11 | 10.0 HIGH | N/A |
| The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory. | |||||
| CVE-2004-0606 | 1 Infoblox | 1 Dns One Appliance | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Infoblox DNS One running firmware 2.4.0-8 and earlier allows remote attackers to execute arbitrary scripts as other users via the (1) CLIENTID or (2) HOSTNAME option of a DHCP request. | |||||
| CVE-2004-1015 | 3 Carnegie Mellon University, Redhat, Ubuntu | 3 Cyrus Imap Server, Fedora Core, Ubuntu Linux | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. | |||||
| CVE-2004-1279 | 1 Jpegtoavi | 1 Jpegtoavi | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames. | |||||
| CVE-2004-1278 | 2 Abc2ps, John Chambers | 2 Abc2ps, Jcabc2ps | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attackers to execute arbitrary code via a crafted ABC file. | |||||
| CVE-2004-0604 | 2 Gentoo, Gift-fasttrack | 2 Linux, Gift-fasttrack | 2017-07-11 | 5.0 MEDIUM | N/A |
| The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. | |||||
| CVE-2004-0603 | 1 Gnu | 1 Gzip | 2017-07-11 | 10.0 HIGH | N/A |
| gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. | |||||
| CVE-2004-0602 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 2.1 LOW | N/A |
| The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic. | |||||
| CVE-2004-0601 | 1 Distcc | 1 Distcc | 2017-07-11 | 7.5 HIGH | N/A |
| distcc before 2.16, when running on 64-bit platforms, does not interpret IP-based access control rules correctly, which could allow remote attackers to bypass intended restrictions. | |||||