Search
Total
27796 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2004-0486 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 7.6 HIGH | N/A |
| HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. | |||||
| CVE-2004-0485 | 1 Apple | 1 Mac Os X | 2017-07-11 | 5.0 MEDIUM | N/A |
| The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. | |||||
| CVE-2004-0483 | 1 Sgi | 1 Irix | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote attackers to cause a denial of service (infinite loop) via certain RPC requests. | |||||
| CVE-2004-0482 | 1 Openbsd | 1 Openbsd | 2017-07-11 | 4.6 MEDIUM | N/A |
| Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs.c, (3) procfs_linux.c, (4) procfs_regs.c, (5) procfs_status.c, and (6) procfs_subr.c in procfs for OpenBSD 3.5 and earlier allow local users to read sensitive kernel memory and possibly perform other unauthorized activities. | |||||
| CVE-2004-0480 | 1 Ibm | 1 Lotus Notes | 2017-07-11 | 10.0 HIGH | N/A |
| Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allows remote attackers to execute arbitrary code via a notes: URI that uses a UNC network share pathname to provide an alternate notes.ini configuration file to notes.exe. | |||||
| CVE-2004-0476 | 1 3com | 1 3cp4144 | 2017-07-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port. | |||||
| CVE-2004-0475 | 1 Microsoft | 1 Ie | 2017-07-11 | 5.1 MEDIUM | N/A |
| The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. | |||||
| CVE-2004-0474 | 1 Microsoft | 1 Windows Xp | 2017-07-11 | 5.1 MEDIUM | N/A |
| Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue. | |||||
| CVE-2004-0471 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 2.1 LOW | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2 does not enforce site restrictions for starting and stopping servers for users in the Admin and Operator security roles, which allows unauthorized users to cause a denial of service (service shutdown). | |||||
| CVE-2004-1260 | 1 Abctab2ps | 1 Abctab2ps | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function in parse.cpp for abctab2ps 1.6.3 allow remote attackers to execute arbitrary code via crafted ABC files. | |||||
| CVE-2004-1259 | 1 Abcpp | 1 Abcpp | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the handle_directive function in abcpp.c for abcpp 1.3.0 allow remote attackers to execute arbitrary code via crafted ABC files. | |||||
| CVE-2004-0470 | 1 Bea | 1 Weblogic Server | 2017-07-11 | 7.5 HIGH | N/A |
| BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application. | |||||
| CVE-2004-0469 | 1 Checkpoint | 4 Firewall-1, Next Generation, Ng-ai and 1 more | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation. | |||||
| CVE-2004-0468 | 1 Juniper | 1 Junos | 2017-07-11 | 5.0 MEDIUM | N/A |
| Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. | |||||
| CVE-2004-0460 | 5 Infoblox, Isc, Mandrakesoft and 2 more | 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. | |||||
| CVE-2004-0459 | 1 Ieee | 1 802.11 Wireless Protocol | 2017-07-11 | 5.0 MEDIUM | N/A |
| The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wireless protocol, when using DSSS transmission encoding, allows remote attackers to cause a denial of service via a certain RF signal that causes a channel to appear busy (aka "jabber"), which prevents devices from transmitting data. | |||||
| CVE-2004-0456 | 3 Debian, Gentoo, Pavuk | 3 Debian Linux, Linux, Pavuk | 2017-07-11 | 7.6 HIGH | N/A |
| Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. | |||||
| CVE-2004-1257 | 1 Abc2mtex | 1 Abc2mtex | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files. | |||||
| CVE-2004-1256 | 1 Abcmidi | 1 Abcmidi | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files. | |||||
| CVE-2004-0454 | 1 Rlpr | 1 Rlpr | 2017-07-11 | 7.2 HIGH | N/A |
| Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allows local users to execute arbitrary code. | |||||
| CVE-2004-0453 | 1 Vice | 1 Vice | 2017-07-11 | 7.2 HIGH | N/A |
| Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string. | |||||
| CVE-2004-0451 | 2 Debian, Sup | 2 Debian Linux, Sup | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. | |||||
| CVE-2004-0450 | 1 Log2mail | 1 Log2mail | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the printlog function in log2mail before 0.2.5.2 allows local users or remote attackers to execute arbitrary code via format string specifiers in a logfile monitored by log2mail. | |||||
| CVE-2004-0448 | 1 Jftpgw | 1 Jftpgw | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages. | |||||
| CVE-2004-0437 | 1 South River Technologies | 1 Titan Ftp Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket. | |||||
| CVE-2004-1255 | 1 2fax | 1 2fax | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF. | |||||
| CVE-2004-1254 | 1 Rarlab | 1 Winrar | 2017-07-11 | 10.0 HIGH | N/A |
| WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. | |||||
| CVE-2004-1236 | 1 Netscape | 1 Directory Server | 2017-07-11 | 10.0 HIGH | N/A |
| Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0435 | 1 Freebsd | 1 Freebsd | 2017-07-11 | 3.6 LOW | N/A |
| Certain "programming errors" in the msync system call for FreeBSD 5.2.1 and earlier, and 4.10 and earlier, do not properly handle the MS_INVALIDATE operation, which leads to cache consistency problems that allow a local user to prevent certain changes to files from being committed to disk. | |||||
| CVE-2004-0433 | 2 Mplayer, Xine | 2 Mplayer, Xine-lib | 2017-07-11 | 10.0 HIGH | N/A |
| Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (a) long URLs, (b) long Real server responses, or (c) long Real Data Transport (RDT) packets. | |||||
| CVE-2004-0432 | 3 Gentoo, Proftpd Project, Trustix | 3 Linux, Proftpd, Secure Linux | 2017-07-11 | 7.5 HIGH | N/A |
| ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL entries as if they were AllowAll, which could allow FTP clients to bypass intended access restrictions. | |||||
| CVE-2004-0431 | 1 Apple | 1 Quicktime | 2017-07-11 | 5.1 MEDIUM | N/A |
| Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allows attackers to execute arbitrary code via a large "number of entries" field in the sample-to-chunk table data for a .mov movie file, which leads to a heap-based buffer overflow. | |||||
| CVE-2004-0430 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.1 MEDIUM | N/A |
| Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field. | |||||
| CVE-2004-0429 | 1 Apple | 1 Mac Os X | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability related to "the handling of large requests" in RAdmin for Apple Mac OS X 10.3.3 and Mac OS X 10.2.8 may allow attackers to have unknown impact via unknown attack vectors. | |||||
| CVE-2004-0428 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2017-07-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS X 10.3.3 Server, related to "the handling of an environment variable," has unknown attack vectors and unknown impact. | |||||
| CVE-2004-0425 | 1 Netegrity | 1 Sideminder Affiliate Agent | 2017-07-11 | 10.0 HIGH | N/A |
| Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie. | |||||
| CVE-2004-0407 | 1 Macromedia | 1 Coldfusion | 2017-07-11 | 2.6 LOW | N/A |
| The HTML form upload capability in ColdFusion MX 6.1 does not reclaim disk space if an upload is interrupted, which allows remote attackers to cause a denial of service (disk consumption) by repeatedly uploading files and interrupting the uploads before they finish. | |||||
| CVE-2004-0404 | 1 Psionic | 1 Logcheck | 2017-07-11 | 1.2 LOW | N/A |
| logcheck before 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary directory in /var/tmp. | |||||
| CVE-2004-0402 | 2 Mandrakesoft, Xpcd | 2 Mandrake Linux, Xpcd | 2017-07-11 | 4.6 MEDIUM | N/A |
| Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code. | |||||
| CVE-2004-0401 | 1 Free Software Foundation Inc. | 1 Libtasn1 | 2017-07-11 | 10.0 HIGH | N/A |
| Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, related to the DER parsing functions. | |||||
| CVE-2004-0408 | 1 Michael Bacarella | 1 Ident2 | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code. | |||||
| CVE-2004-0400 | 1 University Of Cambridge | 1 Exim | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check. | |||||
| CVE-2004-0399 | 1 University Of Cambridge | 1 Exim | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification. | |||||
| CVE-2004-0397 | 1 Subversion | 1 Subversion | 2017-07-11 | 7.5 HIGH | N/A |
| Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command. | |||||
| CVE-2004-0395 | 1 Gatos | 1 Gatos | 2017-07-11 | 7.2 HIGH | N/A |
| The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call. | |||||
| CVE-2004-1233 | 1 Gadu-gadu | 1 Gadu-gadu Instant Messenger | 2017-07-11 | 5.0 MEDIUM | N/A |
| Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length. | |||||
| CVE-2004-0394 | 1 Linux | 1 Linux Kernel | 2017-07-11 | 2.1 LOW | N/A |
| A "potential" buffer overflow exists in the panic() function in Linux 2.4.x, although it may not be exploitable due to the functionality of panic. | |||||
| CVE-2004-0393 | 1 Rlpr | 1 Rlpr | 2017-07-11 | 10.0 HIGH | N/A |
| Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function. | |||||
| CVE-2004-1011 | 6 Carnegie Mellon University, Conectiva, Openpkg and 3 more | 6 Cyrus Imap Server, Linux, Openpkg and 3 more | 2017-07-11 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. | |||||
| CVE-2004-0392 | 1 Kame | 1 Racoon | 2017-07-11 | 5.0 MEDIUM | N/A |
| racoon before 20040407b allows remote attackers to cause a denial of service (infinite loop and dropped connections) via an IKE message with a malformed Generic Payload Header containing invalid (1) "Security Association Next Payload" and (2) "RESERVED" fields. | |||||