Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2004-07-07 CVE-2004-0470 Unspecified vulnerability in BEA Weblogic Server 7.0/8.1
BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 through SP2, when editing weblogic.xml using WebLogic Builder or the SecurityRoleAssignmentMBean.toXML method, inadvertently removes security-role-assignment tags when weblogic.xml does not have a principal-name tag, which can remove intended access restrictions for the associated web application.
network
low complexity
bea
7.5
2004-07-07 CVE-2004-0424 Integer Overflow vulnerability in Linux Kernel Setsockopt MCAST_MSFILTER
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
local
low complexity
sgi linux slackware
7.2
2004-07-07 CVE-2004-0400 Unspecified vulnerability in University of Cambridge Exim
Stack-based buffer overflow in Exim 4 before 4.33, when the headers_check_syntax option is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code during the header check.
network
low complexity
university-of-cambridge
7.5
2004-07-07 CVE-2004-0399 Unspecified vulnerability in University of Cambridge Exim 3.35
Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the sender_verify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification.
network
low complexity
university-of-cambridge
7.5
2004-07-07 CVE-2004-0398 Heap Overflow vulnerability in Neon WebDAV Client Library ne_rfc1036_parse Function
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client.
network
low complexity
cadaver neon openoffice subversion
7.5
2004-07-07 CVE-2004-0397 Buffer Overflow vulnerability in Subversion 1.0/1.0.1/1.0.2
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
network
low complexity
subversion
7.5
2004-06-21 CVE-2004-1345 Privilege Escalation vulnerability in SUN products
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.
local
low complexity
sun
7.2
2004-06-14 CVE-2004-0396 Heap Overflow vulnerability in CVS Malformed Entry Modified and Unchanged Flag Insertion
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
network
low complexity
cvs
7.5
2004-06-14 CVE-2004-0227 Remote Buffer Overflow vulnerability in Triornis ZoneMinder
Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allow a remote attacker to execute arbitrary code via a long query string.
network
low complexity
triornis
7.5
2004-06-14 CVE-2004-0038 Remote Code Execution vulnerability in Mcafee Epolicy Orchestrator 2.5/2.5.1/3.0
McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81.
network
low complexity
mcafee
7.5