| 2004-12-06 | CVE-2004-0623 | Unspecified vulnerability in GNU Gnats
Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remote attackers to execute arbitrary code via format string specifiers in a string that gets logged by syslog. network low complexity gnu critical | 10.0 |
| 2004-12-06 | CVE-2004-0621 | Authentication Bypass vulnerability in ZaireWeb Solutions Newsletter ZWS Administrative Interface
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords. | 10.0 |
| 2004-12-06 | CVE-2004-0608 | The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory. | 10.0 |
| 2004-12-06 | CVE-2004-0607 | The eay_check_x509cert function in KAME Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication. | 10.0 |
| 2004-12-06 | CVE-2004-0603 | Unspecified vulnerability in GNU Gzip
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1332. network low complexity gnu critical | 10.0 |
| 2004-12-06 | CVE-2004-0590 | FreeS/WAN 1.x and 2.x, and other related products including superfreeswan 1.x, openswan 1.x before 1.0.6, openswan 2.x before 2.1.4, and strongSwan before 2.1.3, allows remote attackers to authenticate using spoofed PKCS#7 certificates in which a self-signed certificate identifies an alternate Certificate Authority (CA) and spoofed issuer and subject. | 10.0 |
| 2004-12-06 | CVE-2004-0477 | Remote 812 ADSL Router Web Interface Authentication Bypass vulnerability in 3Com 3Cp4144 1.1.9.4
Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. network low complexity 3com critical | 10.0 |
| 2004-12-06 | CVE-2004-0451 | Remote Syslog Format String vulnerability in Sup
Multiple format string vulnerabilities in the (1) logquit, (2) logerr, or (3) loginfo functions in Software Upgrade Protocol (SUP) allows remote attackers to execute arbitrary code via format string specifiers in messages that are logged by syslog. | 10.0 |
| 2004-12-06 | CVE-2004-0448 | Remote Syslog Format String vulnerability in JFTPGW
Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages. network low complexity jftpgw critical | 10.0 |
| 2004-12-06 | CVE-2004-0393 | Multiple vulnerability in Rlpr msg() Function
Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function. network low complexity rlpr critical | 10.0 |