Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-03-01 | CVE-2004-1031 | Local vulnerability in Fcron FCronTab/FCronSighUp fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. | 7.2 |
2005-03-01 | CVE-2004-1030 | Local vulnerability in Fcron FCronTab/FCronSighUp fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message. | 2.1 |
2005-03-01 | CVE-2004-1029 | Permissions, Privileges, and Access Controls vulnerability in multiple products The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. | 9.3 |
2005-03-01 | CVE-2004-1021 | Unspecified vulnerability in Apple Ical 1.5.3 iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms. | 7.5 |
2005-03-01 | CVE-2004-1010 | Remote Recursive Directory Compression Buffer Overflow vulnerability in Info-Zip ZIP 2.3 Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname. | 10.0 |
2005-03-01 | CVE-2004-1007 | The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address. | 5.0 |
2005-03-01 | CVE-2004-1006 | Remote Format String vulnerability in ISC DHCPD Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. | 10.0 |
2005-03-01 | CVE-2004-1003 | Unspecified vulnerability in Trend Micro Scanmail Domino 2.51/2.6 Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file. | 5.0 |
2005-03-01 | CVE-2004-1002 | Integer Underflow (Wrap or Wraparound) vulnerability in multiple products Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location. | 7.5 |
2005-03-01 | CVE-2004-1001 | Unspecified vulnerability in Debian Shadow 4.0.4.1 Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled. | 4.6 |