Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-12-31 | CVE-2004-1327 | Remote Client-Side Buffer Overflow vulnerability in Crystal Art Crystal FTP Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension. | 7.5 |
| 2004-12-31 | CVE-2004-1189 | Out-Of-Bounds Write vulnerability in MIT Kerberos 5 The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow. | 7.2 |
| 2004-12-31 | CVE-2004-1182 | Unspecified vulnerability in Hylafax hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfaxd file, allows remote attackers to authenticate and bypass intended access restrictions via a crafted (1) username or (2) hostname that satisfies a regular expression that is matched against a hosts.hfaxd entry without a password. | 7.5 |
| 2004-12-31 | CVE-2004-1173 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 6 allows remote attackers to bypass the popup blocker via the document object model (DOM) methods in the DHTML Dynamic HTML (DHTML) Editing Component (DEC) and Javascript that calls showModalDialog. | 7.5 |
| 2004-12-31 | CVE-2004-1166 | Code Injection vulnerability in Microsoft IE and Internet Explorer CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | 7.5 |
| 2004-12-31 | CVE-2004-1155 | Unspecified vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 through 6 allows remote attackers to spoof arbitrary web sites by injecting content from one window into another window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
| 2004-12-31 | CVE-2004-1144 | Unspecified vulnerability in Linux Kernel 2.4.0 Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges. | 7.2 |
| 2004-12-31 | CVE-2004-1143 | Unspecified vulnerability in GNU Mailman The password generation in mailman before 2.1.5 generates only 5 million unique passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. | 7.5 |
| 2004-12-31 | CVE-2004-1104 | Unspecified vulnerability in Microsoft IE 6.0 Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page that contains a BASE element that points to the legitimate site, followed by an anchor (a) element with an empty "href" attribute, and a FORM whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | 7.5 |
| 2004-12-31 | CVE-2004-0984 | Local Security vulnerability in GNU Mailutils 0.5/0.6 Unknown vulnerability in the dotlock implementation in mailutils before 1:0.5-4 on Debian GNU/Linux allows attackers to gain privileges. | 7.2 |