Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0593 | 1 Sygate Technologies | 2 Enforcer, Secure Enterprise | 2017-07-11 | 7.5 HIGH | N/A |
| Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before authentication, which could allow remote attackers to bypass filtering rules. | |||||
| CVE-2004-0592 | 1 Suse | 1 Suse Linux | 2017-07-11 | 5.0 MEDIUM | N/A |
| The tcp_find_option function of the netfilter subsystem for IPv6 in the SUSE Linux 2.6.5 kernel with USAGI patches, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type, a similar flaw to CVE-2004-0626. | |||||
| CVE-2004-0591 | 1 Inter7 | 1 Sqwebmail | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-status" MIME Content-Type. | |||||
| CVE-2004-0590 | 3 Frees Wan, Openswan, Strongswan | 4 Frees Wan, Super Frees Wan, Openswan and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject. | |||||
| CVE-2004-0588 | 1 Usermin | 1 Usermin | 2017-07-11 | 6.8 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages. | |||||
| CVE-2004-0586 | 1 Ibm | 1 Acprunner | 2017-07-11 | 10.0 HIGH | N/A |
| acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary code via the (1) DownLoadURL, (2) SaveFilePath, and (3) Download ActiveX methods. | |||||
| CVE-2004-0584 | 1 Horde | 1 Imp | 2017-07-11 | 6.8 MEDIUM | N/A |
| Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "security fix," does not properly validate input, which allows remote attackers to execute arbitrary script as other users via script or HTML in an e-mail message, possibly triggering a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2004-1277 | 1 Iglooftp | 1 Iglooftp | 2017-07-11 | 5.0 MEDIUM | N/A |
| The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters. | |||||
| CVE-2004-0583 | 3 Debian, Usermin, Webmin | 3 Debian Linux, Usermin, Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. | |||||
| CVE-2004-0582 | 1 Webmin | 1 Webmin | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module. | |||||
| CVE-2004-0581 | 2 Gnu, Mandrakesoft | 3 Ksymoops, Mandrake Linux, Mandrake Linux Corporate Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | |||||
| CVE-2004-0579 | 2 Debian, William Deich | 2 Debian Linux, Super | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root. | |||||
| CVE-2004-0578 | 1 Qbik | 1 Wingate | 2017-07-11 | 5.0 MEDIUM | N/A |
| WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory. | |||||
| CVE-2004-0577 | 1 Qbik | 1 Wingate | 2017-07-11 | 5.0 MEDIUM | N/A |
| WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory. | |||||
| CVE-2004-0576 | 1 Gnu | 1 Radius | 2017-07-11 | 5.0 MEDIUM | N/A |
| The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the -enable-snmp option, allows remote attackers to cause a denial of service (server crash) via malformed SNMP messages containing an invalid OID. | |||||
| CVE-2004-1276 | 1 Iglooftp | 1 Iglooftp | 2017-07-11 | 2.1 LOW | N/A |
| IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP. | |||||
| CVE-2004-0563 | 1 Freenet6 | 1 Freenet6 | 2017-07-11 | 2.1 LOW | N/A |
| The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password. | |||||
| CVE-2004-0559 | 3 Mandrakesoft, Usermin, Webmin | 4 Mandrake Linux, Mandrake Linux Corporate Server, Usermin and 1 more | 2017-07-11 | 2.1 LOW | N/A |
| The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. | |||||
| CVE-2004-0555 | 1 Gnu | 1 Queue | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 may allow remote attackers to execute arbitrary code. | |||||
| CVE-2004-1275 | 1 Html2hdml | 1 Html2hdml | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file. | |||||
| CVE-2004-0547 | 1 Postgresql | 1 Postgresql | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows remote attackers to cause a denial of service (crash). | |||||
| CVE-2004-1274 | 1 Greed | 1 Greed | 2017-07-11 | 10.0 HIGH | N/A |
| The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters. | |||||
| CVE-2004-1273 | 1 Greed | 1 Greed | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename. | |||||
| CVE-2004-1272 | 1 Bolthole | 1 Filter | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message. | |||||
| CVE-2004-1271 | 1 Dxfscope | 1 Dxf File Format Viewer | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file. | |||||
| CVE-2004-0545 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. | |||||
| CVE-2004-0544 | 1 Ibm | 1 Aix | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. | |||||
| CVE-2004-0543 | 1 Oracle | 2 Applications, E-business Suite | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries. | |||||
| CVE-2004-0524 | 1 Thiago Melo De Paula | 1 Change Passwd | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the chpasswd command in the Change_passwd plugin before 4.0, as used in SquirrelMail, allows local users to gain root privileges via a long user name. | |||||
| CVE-2004-0522 | 2 Debian, Gallery Project | 2 Debian Linux, Gallery | 2017-07-11 | 10.0 HIGH | N/A |
| Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges. | |||||
| CVE-2004-1266 | 1 Jacob Rhoden | 1 Csv2xml | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file. | |||||
| CVE-2004-0518 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. | |||||
| CVE-2004-0517 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. | |||||
| CVE-2004-0516 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517. | |||||
| CVE-2004-0515 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 4.6 MEDIUM | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files." | |||||
| CVE-2004-0514 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.2 HIGH | N/A |
| Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of directory services lookups." | |||||
| CVE-2004-1265 | 1 Alex Dunaevsky | 1 Convex 3d | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the convex-tool program in Convex 3D 0.8pre1 allows remote attackers to execute arbitrary code via a crafted 3DS file. | |||||
| CVE-2004-1264 | 1 Chbg | 1 Chbg | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file. | |||||
| CVE-2004-0512 | 1 Sco | 1 Openserver | 2017-07-11 | 2.1 LOW | N/A |
| Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a core dump. | |||||
| CVE-2004-0511 | 1 Sco | 1 Openserver | 2017-07-11 | 2.1 LOW | N/A |
| Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference. | |||||
| CVE-2004-1263 | 1 Changepassword | 1 Changepassword | 2017-07-11 | 7.2 HIGH | N/A |
| changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program. | |||||
| CVE-2004-0510 | 1 Sco | 1 Openserver | 2017-07-11 | 7.2 HIGH | N/A |
| Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program. | |||||
| CVE-2004-0503 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Microsoft Outlook 2003 allows remote attackers to bypass the default zone restrictions and execute script within media files via a Rich Text Format (RTF) message containing an OLE object for the Windows Media Player, which bypasses Media Player's setting to disallow scripting and may lead to unprompted installation of an executable when exploited in conjunction with predictable-file-location exposures such as CVE-2004-0502. | |||||
| CVE-2004-0502 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Outlook 2003, when replying to an e-mail message, stores certain files in a predictable location for the "src" of an img tag of the original message, which allows remote attackers to bypass zone restrictions and exploit other issues that rely on predictable locations, as demonstrated using a shell: URI. | |||||
| CVE-2004-0501 | 1 Microsoft | 1 Outlook | 2017-07-11 | 5.0 MEDIUM | N/A |
| Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information. | |||||
| CVE-2004-1262 | 1 Stuart Cunningham | 1 Bsb2ppm | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures. | |||||
| CVE-2004-1012 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2017-07-11 | 10.0 HIGH | N/A |
| The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. | |||||
| CVE-2004-0490 | 1 Cpanel | 1 Cpanel | 2017-07-11 | 7.2 HIGH | N/A |
| cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec option, does not set the --enable-discard-path option, which causes php to use the SCRIPT_FILENAME variable to find and execute a script instead of the PATH_TRANSLATED variable, which allows local users to execute arbitrary PHP code as other users via a URL that references the attacker's script after the user's script, which executes the attacker's script with the user's privileges, a different vulnerability than CVE-2004-0529. | |||||
| CVE-2004-0489 | 1 Apple | 1 Mac Os X | 2017-07-11 | 7.6 HIGH | N/A |
| Argument injection vulnerability in the SSH URI handler for Safari on Mac OS 10.3.3 and earlier allows remote attackers to (1) execute arbitrary code via the ProxyCommand option or (2) conduct port forwarding via the -R option. | |||||
| CVE-2004-1261 | 1 Asp2php | 1 Asp2php | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts. | |||||