Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2005-01-27	CVE-2004-0882	Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value. network low complexity samba conectiva redhat ubuntu critical	10.0
2005-01-10	CVE-2004-1137	Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read. network low complexity linux ubuntu critical	10.0
2005-01-10	CVE-2004-1067	Remote Unspecified vulnerability in Cyrus IMAPD Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. network low complexity carnegie-mellon-university redhat ubuntu critical	10.0
2005-01-10	CVE-2004-1065	Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. network low complexity openpkg php trustix ubuntu critical	10.0
2005-01-10	CVE-2004-1019	Improper Input Validation vulnerability in multiple products The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. network low complexity openpkg php trustix ubuntu CWE-20 critical	10.0
2005-01-10	CVE-2004-1015	Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. network low complexity carnegie-mellon-university redhat ubuntu critical	10.0
2005-01-10	CVE-2004-1013	The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. network low complexity carnegie-mellon-university openpkg conectiva redhat trustix ubuntu critical	10.0
2005-01-10	CVE-2004-1012	The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. network low complexity carnegie-mellon-university openpkg conectiva redhat trustix ubuntu critical	10.0
2005-01-10	CVE-2004-1011	Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. network low complexity carnegie-mellon-university openpkg conectiva redhat trustix ubuntu critical	10.0