Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-01-27 | CVE-2004-0925 | Unspecified vulnerability in Apple mac OS X and mac OS X Server Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, does not properly clear the username between authentication attempts, which allows users with the longest username to prevent other valid users from being able to authenticate. | 5.0 |
2005-01-27 | CVE-2004-0924 | Multiple Security vulnerability in Apple Mac OS X NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial root login, reports the root account as being disabled, even when it has not. | 5.0 |
2005-01-27 | CVE-2004-0923 | Local Password Disclosure vulnerability in CUPS Error_Log CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords. | 2.1 |
2005-01-27 | CVE-2004-0922 | Multiple Security vulnerability in Apple Mac OS X AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, does not properly set the guest group ID, which causes AFP to change a write-only AFP Drop Box to be read-write when the Drop Box is on a share that is mounted by a guest, which allows attackers to read the Drop Box. | 5.0 |
2005-01-27 | CVE-2004-0921 | Multiple Security vulnerability in Apple Mac OS X AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an AFP volume, allows the guest to "terminate authenticated user mounts" via modified SessionDestroy packets. | 7.5 |
2005-01-27 | CVE-2004-0918 | Resource Management Errors vulnerability in multiple products The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. | 5.0 |
2005-01-27 | CVE-2004-0917 | Remote Information Disclosure vulnerability in Vignette Application Portal The default installation of Vignette Application Portal installs the diagnostic utility without authentication requirements, which allows remote attackers to gain sensitive information, such as server and OS version, and conduct unauthorized activities via an HTTP request to /diag. | 5.0 |
2005-01-27 | CVE-2004-0916 | Unspecified vulnerability in Cabextract Project Cabextract 0.2/0.6/1.0 Directory traversal vulnerability in cabextract before 1.1 allows remote attackers to overwrite arbitrary files via a cabinet file containing .. | 5.0 |
2005-01-27 | CVE-2004-0903 | Remote Buffer Overflow vulnerability in Mozilla Browser Vcard Handling Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message. | 10.0 |
2005-01-27 | CVE-2004-0902 | Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname. | 10.0 |