Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-11-03 | CVE-2004-0847 | Path Traversal vulnerability in Microsoft Asp.Net 1.0/1.1 The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in restricted directories via a request containing a (1) "\" (backslash) or (2) "%5C" (encoded backslash), aka "Path Validation Vulnerability." | 7.5 |
| 2004-11-03 | CVE-2004-0846 | Unspecified vulnerability in Microsoft Excel and Office Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and v.X for Mac allows remote attackers to execute arbitrary code via a malicious file containing certain parameters that are not properly validated. | 7.5 |
| 2004-11-03 | CVE-2004-0835 | Local vulnerability in MySQL MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5.x before 5.0.1, checks the CREATE/INSERT rights of the original table instead of the target table in an ALTER TABLE RENAME operation, which could allow attackers to conduct unauthorized activities. | 7.5 |
| 2004-11-03 | CVE-2004-0815 | Remote Arbitrary File Access vulnerability in Samba The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x before 3.0.2a, trims certain directory names down to absolute paths, which could allow remote attackers to bypass the specified share restrictions and read, write, or list arbitrary files via "/.////" style sequences in pathnames. | 7.5 |
| 2004-11-03 | CVE-2004-0774 | Unspecified vulnerability in Realnetworks products RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Windows allows remote attackers to cause a denial of service (CPU and memory exhaustion) via a POST request with a Content-Length header set to -1. | 7.8 |
| 2004-11-03 | CVE-2004-0569 | Unspecified vulnerability in Microsoft Windows NT 4.0 The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote attackers to read active memory or cause a denial of service (system crash) via a malicious message, possibly related to improper length values. | 7.5 |
| 2004-11-03 | CVE-2004-0552 | Unspecified vulnerability in Sophos Small Business Suite Sophos Small Business Suite 1.00 on Windows does not properly handle files whose names contain reserved MS-DOS device names such as (1) LPT1, (2) COM1, (3) AUX, (4) CON, or (5) PRN, which can allow malicious code to bypass detection when it is installed, copied, or executed. | 7.5 |
| 2004-11-03 | CVE-2004-0208 | Unspecified vulnerability in Microsoft products The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to access kernel memory and gain privileges via a malicious program that modified some system structures in a way that is not properly validated by privileged operating system functions. | 7.2 |
| 2004-11-03 | CVE-2004-0206 | Remote Buffer Overflow vulnerability in Microsoft Windows NetDDE Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. | 7.5 |
| 2004-10-30 | CVE-2004-1350 | Buffer Overflow vulnerability in SUN Java System web Proxy Server 3.6 Multiple buffer overflows in Sun Java System Web Proxy Server (formerly Sun ONE Proxy Server) 3.6 through 3.6 SP4 allow remote attackers to execute arbitrary code via unknown vectors, possibly CONNECT requests. | 7.5 |