Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-04-15 | CVE-2004-0217 | Link Following vulnerability in Symantec Antivirus Scan Engine 4.0/4.3 The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan Engine 4.0 and 4.3 for Red Hat Linux allows local users to create or append to arbitrary files via a symlink attack on /tmp/LiveUpdate.log. | 7.0 |
| 2004-03-26 | CVE-2004-1865 | Cross-site Scripting vulnerability in Bblog 0.7.2 Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). | 4.8 |
| 2004-03-03 | CVE-2004-0005 | Off-by-one Error vulnerability in Gaim Project Gaim 0.75 Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. | 9.8 |
| 2004-01-20 | CVE-2004-0030 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in PHPgedview 2.61 PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code. | 9.8 |
| 2004-01-05 | CVE-2003-1013 | NULL Pointer Dereference vulnerability in Ethereal The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference. | 7.5 |
| 2004-01-05 | CVE-2003-1000 | NULL Pointer Dereference vulnerability in Xchat 2.0.6 xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference. | 7.5 |
| 2004-01-05 | CVE-2003-0981 | Origin Validation Error vulnerability in Freescripts Visitorbook LE FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks. | 6.1 |
| 2003-12-31 | CVE-2003-1564 | XML Entity Expansion vulnerability in Xmlsoft Libxml2 libxml2, possibly before 2.5.0, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, aka the "billion laughs attack." | 6.5 |
| 2003-12-31 | CVE-2003-1233 | Link Following vulnerability in Pedestalsoftware Integrity Protection Driver 1.3 Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier allows privileged attackers, such as rootkits, to bypass file access restrictions to the Windows kernel by using the NtCreateSymbolicLinkObject function to create a symbolic link to (1) \Device\PhysicalMemory or (2) to a drive letter using the subst command. | 9.8 |
| 2003-11-17 | CVE-2003-0844 | Link Following vulnerability in Schroepl MOD Gzip mod_gzip 1.3.26.1a and earlier, and possibly later official versions, when running in debug mode without the Apache log, allows local users to overwrite arbitrary files via (1) a symlink attack on predictable temporary filenames on Unix systems, or (2) an NTFS hard link on Windows systems when the "Strengthen default permissions of internal system objects" policy is not enabled. | 7.1 |