2004-09-16 | CVE-2004-0866 | Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | 7.5 |
2004-09-16 | CVE-2004-0827 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | 7.5 |
2004-09-16 | CVE-2004-0801 | Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. | 7.5 |
2004-09-15 | CVE-2004-1685 | Authentication Bypass vulnerability in SMC Networks Smc7004Vwbr and Smc7008Abr SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU running firmware 1.42.003 allow remote attackers to bypass authentication by connecting to it from the same IP address as the administrator who is logged in, then accessing the setup_status.htm or status.HTM pages. | 7.5 |
2004-09-14 | CVE-2004-0831 | Local Security vulnerability in Virusscan 4.5/4.5.1 McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing users to browse for files via the "System Scan" properties of the System Tray applet, which could allow local users to gain privileges. | 7.2 |
2004-09-12 | CVE-2004-1676 | Remote Heap Overflow vulnerability in Gadu-Gadu Instant Messenger 6.0/6.0Build149 Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6.0 build 149 allows remote attackers to execute arbitrary code via a crafted GG_MSG_IMAGE_REPLY message. | 7.5 |
2004-09-10 | CVE-2004-1670 | Remote Input Validation vulnerability in IceWarp Web Mail Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7, and possibly other versions, allow remote attackers to (1) create arbitrary directories via a .. | 7.5 |
2004-09-10 | CVE-2004-1668 | SQL Injection vulnerability in Easyweb Factory Subjects Module 2.0 Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Postnuke module allow remote attackers to execute arbitrary SQL commands via the (1) pageid, (2) subid, or (3) catid parameters. | 7.5 |
2004-09-07 | CVE-2004-0823 | OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 and possibly other operating systems, may allow certain authentication schemes to use hashed (crypt) passwords in the userPassword attribute as if they were plaintext passwords, which allows remote attackers to re-use hashed passwords without decrypting them. | 7.5 |
2004-09-07 | CVE-2004-0822 | Environment Variable Buffer Overflow vulnerability in Apple CoreFoundation Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable. local low complexity apple | 7.2 |