Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-23 | CVE-2004-0342 | Off-by-one Error vulnerability in Wftpd PRO Server Project Wftpd PRO Server 3.21 WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error. | 5.5 |
| 2004-11-23 | CVE-2004-0285 | Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products PHP remote file inclusion vulnerabilities in include/footer.inc.php in (1) AllMyVisitors, (2) AllMyLinks, and (3) AllMyGuests allow remote attackers to execute arbitrary PHP code via a URL in the _AMVconfig[cfg_serverpath] parameter. network low complexity allmyguests-project allmylinks-project allmyvisitors-project CWE-829 critical | 9.8 |
| 2004-11-23 | CVE-2004-0079 | NULL Pointer Dereference vulnerability in multiple products The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. | 7.5 |
| 2004-11-03 | CVE-2004-0847 | Path Traversal vulnerability in Microsoft Asp.Net 1.0/1.1 The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | 9.8 |
| 2004-10-20 | CVE-2004-0772 | Double Free vulnerability in multiple products Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code. | 9.8 |
| 2004-10-20 | CVE-2004-0747 | Incorrect Calculation of Buffer Size vulnerability in Apache Http Server Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables. | 7.8 |
| 2004-10-18 | CVE-2004-1603 | Link Following vulnerability in Cpanel 9.4.1 cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled. | 5.5 |
| 2004-09-28 | CVE-2004-0689 | Link Following vulnerability in multiple products KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. | 7.1 |
| 2004-09-28 | CVE-2004-0458 | NULL Pointer Dereference vulnerability in multiple products mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. | 7.5 |
| 2004-08-11 | CVE-2004-1714 | Incorrect Permission Assignment for Critical Resource vulnerability in ISS Blackice PC Protection and Blackice Server Protection BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule. | 7.1 |