Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-1471 | Multiple vulnerability in CVS Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. | 7.1 |
2004-12-31 | CVE-2004-1469 | Unspecified vulnerability in Peter D. Gray SUS 2.0/2.0.1 Format string vulnerability in the log function in SUS 2.0.2, and other versions before 2.0.6, allows local users to execute arbitrary code via format string specifiers in a command line argument that is passed directly to syslog. | 7.2 |
2004-12-31 | CVE-2004-1468 | The web mail functionality in Usermin 1.x and Webmin 1.x allows remote attackers to execute arbitrary commands via shell metacharacters in an e-mail message. | 7.5 |
2004-12-31 | CVE-2004-1466 | Remote Server-Side Script Execution vulnerability in Gallery Project Gallery 1.4.4 The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directory is under the web root. | 7.5 |
2004-12-31 | CVE-2004-1462 | Privilege Escalation vulnerability in MoinMoin Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote attackers to gain unauthorized access to administrator functions such as (1) revert and (2) delete. | 7.5 |
2004-12-31 | CVE-2004-1461 | Multiple vulnerability in Cisco products Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a separate unauthenticated TCP connection on a random port when a user authenticates to the ACS GUI, which allows remote attackers to bypass authentication by connecting to that port from the same IP address. | 7.5 |
2004-12-31 | CVE-2004-1460 | Multiple vulnerability in Cisco products Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when configured with an anonymous bind in Novell Directory Services (NDS) and authenticating NDS users with NDS, allows remote attackers to gain unauthorized access to AAA clients via a blank password. | 7.5 |
2004-12-31 | CVE-2004-1456 | Remote Command Execution vulnerability in CVSTrac filediff filediff in CVStrac allows remote attackers to execute arbitrary commands via shell metacharacters in rcsinfo. | 7.5 |
2004-12-31 | CVE-2004-1452 | Unspecified vulnerability in Gentoo Linux Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions on the init scripts as tomcat:tomcat, but executes the scripts with root privileges, which could allow local users in the tomcat group to execute arbitrary commands as root by modifying the scripts. | 7.2 |
2004-12-31 | CVE-2004-1440 | Unspecified vulnerability in Putty Multiple heap-based buffer overflows in the modpow function in PuTTY before 0.55 allow (1) remote attackers to execute arbitrary code via an SSH2 packet with a base argument that is larger than the mod argument, which causes the modpow function to write memory before the beginning of its buffer, and (2) remote malicious servers to cause a denial of service (client crash) and possibly execute arbitrary code via a large bignum during authentication. | 7.5 |