Weekly Vulnerabilities Reports > January 10 to 16, 2005

Overview

235 new vulnerabilities reported during this period, including 101 critical vulnerabilities and 34 high severity vulnerabilities. This weekly summary report vulnerabilities in 219 products from 160 vendors including Redhat, Ubuntu, Suse, Gentoo, and Linux. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", and "Permissions, Privileges, and Access Controls".

  • 190 reported vulnerabilities are remotely exploitables.
  • 234 reported vulnerabilities are exploitable by an anonymous user.
  • Redhat has the most reported vulnerabilities, with 25 reported vulnerabilities.
  • Redhat has the most reported critical vulnerabilities, with 10 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

101 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-11 CVE-2004-0897 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2003 Server and Windows XP

The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

10.0
2005-01-10 CVE-2004-1311 Mplayer Denial-Of-Service vulnerability in Mplayer 1.0Pre5

Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.

10.0
2005-01-10 CVE-2004-1310 Mplayer Remote Security vulnerability in Mplayer 1.0Pre5

Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.

10.0
2005-01-10 CVE-2004-1309 Mplayer Remote Security vulnerability in Mplayer Unix Mplayer 1.0Pre5

Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.

10.0
2005-01-10 CVE-2004-1308 Libtiff Unspecified vulnerability in Libtiff

Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.

10.0
2005-01-10 CVE-2004-1304 File
Gentoo
Trustix
Buffer Overflow vulnerability in File ELF Header

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

10.0
2005-01-10 CVE-2004-1303 Yanf Remote Security vulnerability in Yanf 0.4

Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.

10.0
2005-01-10 CVE-2004-1302 Yamt Unspecified vulnerability in Yamt 0.5

The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.

10.0
2005-01-10 CVE-2004-1301 Xlreader Remote Security vulnerability in Xlreader 0.9

Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file.

10.0
2005-01-10 CVE-2004-1300 Xine Unspecified vulnerability in Xine Xine-Lib 1Rc7

Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.

10.0
2005-01-10 CVE-2004-1299 Vilistextum Unspecified vulnerability in Vilistextum 2.6.6

Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page.

10.0
2005-01-10 CVE-2004-1298 Michael Kohn Remote Security vulnerability in Michael Kohn Vb2C 0.02

Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file.

10.0
2005-01-10 CVE-2004-1297 Zack Smith Remote Security vulnerability in Zack Smith Unrtf 0.19.3

Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.

10.0
2005-01-10 CVE-2004-1293 Rtf2Latex2E Remote Security vulnerability in Rtf2Latex2E 1.0Fc2

Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file.

10.0
2005-01-10 CVE-2004-1292 Michael Kohn Unspecified vulnerability in Michael Kohn Ringtonetools 2.22

Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file.

10.0
2005-01-10 CVE-2004-1290 William Hoggarth Remote Security vulnerability in William Hoggarth Pgn2Web 0.3

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file.

10.0
2005-01-10 CVE-2004-1289 Pcal Unspecified vulnerability in Pcal

Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.

10.0
2005-01-10 CVE-2004-1288 Siag Unspecified vulnerability in Siag O3Read .3

Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file.

10.0
2005-01-10 CVE-2004-1287 Nasm Unspecified vulnerability in Nasm Netwide Assembler 0.98.38

Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.

10.0
2005-01-10 CVE-2004-1286 Napshare Remote Security vulnerability in Napshare 1.2

Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.

10.0
2005-01-10 CVE-2004-1285 Mplayer Remote Security vulnerability in MPlayer

Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream.

10.0
2005-01-10 CVE-2004-1284 Mpg123 Unspecified vulnerability in Mpg123

Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.

10.0
2005-01-10 CVE-2004-1283 Mesh Viewer Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows remote attackers to execute arbitrary code via crafted mesh files.
10.0
2005-01-10 CVE-2004-1282 Linpopup Unspecified vulnerability in Linpopup 1.2

Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation.

10.0
2005-01-10 CVE-2004-1280 Junkie Remote Security vulnerability in Junkie FTP Client 0.3.1

The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename.

10.0
2005-01-10 CVE-2004-1279 Jpegtoavi Remote Security vulnerability in Jpegtoavi 1.5

Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.

10.0
2005-01-10 CVE-2004-1278 Abc2Ps
John Chambers
Remote Security vulnerability in abc2ps

Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attackers to execute arbitrary code via a crafted ABC file.

10.0
2005-01-10 CVE-2004-1275 Html2Hdml Remote Security vulnerability in Html2Hdml 1.0.3

Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file.

10.0
2005-01-10 CVE-2004-1274 Greed Unspecified vulnerability in Greed 0.81P

The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters.

10.0
2005-01-10 CVE-2004-1273 Greed Remote Security vulnerability in Greed 0.81P

Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename.

10.0
2005-01-10 CVE-2004-1272 Bolthole Remote Security vulnerability in Bolthole Filter 2.6.1

Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message.

10.0
2005-01-10 CVE-2004-1271 Dxfscope Remote Security vulnerability in Dxfscope DXF File Format Viewer 0.2

Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file.

10.0
2005-01-10 CVE-2004-1266 Jacob Rhoden Remote Security vulnerability in Jacob Rhoden Csv2Xml 0.5.1

Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.

10.0
2005-01-10 CVE-2004-1265 Alex Dunaevsky Remote Security vulnerability in Alex Dunaevsky Convex 3D 0.8Pre1

Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the convex-tool program in Convex 3D 0.8pre1 allows remote attackers to execute arbitrary code via a crafted 3DS file.

10.0
2005-01-10 CVE-2004-1264 Chbg Unspecified vulnerability in Chbg 1.5

Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.

10.0
2005-01-10 CVE-2004-1262 Stuart Cunningham Remote Security vulnerability in Stuart Cunningham Bsb2Ppm 0.0.6

Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures.

10.0
2005-01-10 CVE-2004-1261 Asp2Php Remote Security vulnerability in Asp2PHP 0.76.23

Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts.

10.0
2005-01-10 CVE-2004-1260 Abctab2Ps Remote Security vulnerability in Abctab2Ps 1.6.3

Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function in parse.cpp for abctab2ps 1.6.3 allow remote attackers to execute arbitrary code via crafted ABC files.

10.0
2005-01-10 CVE-2004-1259 Abcpp Remote Security vulnerability in Abcpp 1.3.0

Multiple buffer overflows in the handle_directive function in abcpp.c for abcpp 1.3.0 allow remote attackers to execute arbitrary code via crafted ABC files.

10.0
2005-01-10 CVE-2004-1258 Moinejf Buffer Errors vulnerability in Moinejf Abcm2Ps 3.7.20

Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files.

10.0
2005-01-10 CVE-2004-1257 Abc2Mtex Remote Security vulnerability in Abc2Mtex 1.6.1

Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files.

10.0
2005-01-10 CVE-2004-1256 Abcmidi Remote Security vulnerability in Abcmidi 20041204

Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files.

10.0
2005-01-10 CVE-2004-1255 2Fax Remote Security vulnerability in 2Fax 3.04

Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF.

10.0
2005-01-10 CVE-2004-1254 Rarlab Remote Security vulnerability in WinRar

WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow.

10.0
2005-01-10 CVE-2004-1232 Gadu Gadu Remote Security vulnerability in Gadu-Gadu Instant Messenger

Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename.

10.0
2005-01-10 CVE-2004-1227 Sugarcrm Input Validation vulnerability in SugarCRM

Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via ..

10.0
2005-01-10 CVE-2004-1225 Sugarcrm Input Validation vulnerability in SugarCRM

SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality.

10.0
2005-01-10 CVE-2004-1222 Darryl Burgdorf Directory Traversal vulnerability in Darryl Burgdorf Weblibs 1.0

weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter.

10.0
2005-01-10 CVE-2004-1214 Burut Remote vulnerability in Burut Kreed 1.5

Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.

10.0
2005-01-10 CVE-2004-1211 David Harris Buffer Errors vulnerability in David Harris Mercury 4.0.1A

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands.

10.0
2005-01-10 CVE-2004-1208 21 6 Productions Remote Buffer Overflow vulnerability in 21-6 Productions Orbz

Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request.

10.0
2005-01-10 CVE-2004-1192 Citadel Remote Security vulnerability in Citadel/UX

Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server.

10.0
2005-01-10 CVE-2004-1188 Mplayer
Xine
Mandrakesoft
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
10.0
2005-01-10 CVE-2004-1187 Mplayer
Xine
Mandrakesoft
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
10.0
2005-01-10 CVE-2004-1172 Symantec Veritas Remote Buffer Overflow vulnerability in VERITAS Backup Exec Agent Browser

Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.

10.0
2005-01-10 CVE-2004-1170 GNU
SUN
Suse
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
10.0
2005-01-10 CVE-2004-1168 Mysql Remote Security vulnerability in MaxDB

Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.

10.0
2005-01-10 CVE-2004-1154 Samba
Redhat
Suse
Trustix
Remote Integer Overflow vulnerability in Samba Directory Access Control List

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

10.0
2005-01-10 CVE-2004-1153 Adobe Denial-Of-Service vulnerability in Adobe Acrobat Reader 6.0/6.0.2/8.0

Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields.

10.0
2005-01-10 CVE-2004-1152 Adobe Unspecified vulnerability in Adobe Acrobat Reader 5.0.9

Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.

10.0
2005-01-10 CVE-2004-1147 Phpmyadmin Unspecified vulnerability in PHPmyadmin

phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters.

10.0
2005-01-10 CVE-2004-1137 Linux
Ubuntu
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
10.0
2005-01-10 CVE-2004-1134 Microsoft Unspecified vulnerability in Microsoft W3Who.Dll

Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.

10.0
2005-01-10 CVE-2004-1129 Youngzsoft Remote vulnerability in Youngzsoft Cmailserver 5.2.0

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

10.0
2005-01-10 CVE-2004-1128 Youngzsoft Remote vulnerability in Youngzsoft CMailServer

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename.

10.0
2005-01-10 CVE-2004-1127 Open DC HUB Remote Buffer Overflow vulnerability in Open DC HUB Direct Connect Peer-To-Peer Client 0.7.14

Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command.

10.0
2005-01-10 CVE-2004-1120 Prozilla Remote Buffer Overflow vulnerability in ProZilla

Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.

10.0
2005-01-10 CVE-2004-1119 Nullsoft Remote Buffer Overflow vulnerability in Nullsoft Winamp

Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.

10.0
2005-01-10 CVE-2004-1118 Weonlydo Remote Buffer Overflow vulnerability in Weonlydo Wodftpdlx Activex Component 2.1.18

Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.

10.0
2005-01-10 CVE-2004-1113 Sqlgrey SQL Injection vulnerability in SQLgrey Postfix Greylisting Service

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.

10.0
2005-01-10 CVE-2004-1099 Cisco Remote Authentication Bypass vulnerability in Cisco products

Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username.

10.0
2005-01-10 CVE-2004-1097 Cherokee Remote Format String vulnerability in Cherokee HTTPD Auth_Pam Authentication

Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL.

10.0
2005-01-10 CVE-2004-1095 ZGV
Debian
Remote Integer Overflow vulnerability in ZGV And XZGV Image Viewer

Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows.

10.0
2005-01-10 CVE-2004-1094 Checkmark
Innermedia
Realnetworks
Remote Stack Based Buffer Overflow vulnerability in InnerMedia DynaZip

Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products.

10.0
2005-01-10 CVE-2004-1080 Microsoft Remote Memory Corruption vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT

The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."

10.0
2005-01-10 CVE-2004-1067 Carnegie Mellon University
Redhat
Ubuntu
Remote Unspecified vulnerability in Cyrus IMAPD

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

10.0
2005-01-10 CVE-2004-1065 Openpkg
PHP
Trustix
Ubuntu
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
10.0
2005-01-10 CVE-2004-1064 PHP
Canonical
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode.
10.0
2005-01-10 CVE-2004-1063 PHP
Canonical
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name.
10.0
2005-01-10 CVE-2004-1026 Enlightenment
Gentoo
Redhat
XPM Image Decoding Buffer Overflow vulnerability in IMLib

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10.0
2005-01-10 CVE-2004-1025 Enlightenment
Gentoo
Redhat
XPM Image Decoding Buffer Overflow vulnerability in IMLib

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

10.0
2005-01-10 CVE-2004-1019 Openpkg
PHP
Trustix
Ubuntu
Improper Input Validation vulnerability in multiple products

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.

10.0
2005-01-10 CVE-2004-1018 PHP
Canonical
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function.
10.0
2005-01-10 CVE-2004-1015 Carnegie Mellon University
Redhat
Ubuntu
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
10.0
2005-01-10 CVE-2004-1013 Carnegie Mellon University
Openpkg
Conectiva
Redhat
Trustix
Ubuntu
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
10.0
2005-01-10 CVE-2004-1012 Carnegie Mellon University
Openpkg
Conectiva
Redhat
Trustix
Ubuntu
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
10.0
2005-01-10 CVE-2004-1011 Carnegie Mellon University
Openpkg
Conectiva
Redhat
Trustix
Ubuntu
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
10.0
2005-01-10 CVE-2004-1008 Putty
Tortoisecvs
Remote SSH2_MSG_DEBUG Buffer Overflow vulnerability in PuTTY

Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.

10.0
2005-01-10 CVE-2004-0994 ZGV
Debian
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c.
10.0
2005-01-10 CVE-2004-0993 HP Remote Buffer Overflow vulnerability in HP HPSockd 0.4/0.5

Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.

10.0
2005-01-10 CVE-2004-0987 Yard Radius
Yard Radius Project
Remote Buffer Overflow vulnerability in Yard Radius

Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.

10.0
2005-01-10 CVE-2004-0953 Jabber Software Foundation Remote Buffer Overflow vulnerability in Jabber Software Foundation Jabber Server 2.0

Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.

10.0
2005-01-10 CVE-2004-0946 NFS
Redhat
Remote Buffer Overflow vulnerability in Linux NFS 64-Bit Architecture

rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.

10.0
2005-01-10 CVE-2004-0914 Lesstif
X ORG
Xfree86 Project
Gentoo
Redhat
Suse
Multiple Unspecified vulnerability in LibXPM

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file.

10.0
2005-01-10 CVE-2004-0901 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571.

10.0
2005-01-10 CVE-2004-0900 Microsoft Unspecified vulnerability in Microsoft Windows NT 4.0

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability."

10.0
2005-01-10 CVE-2004-0571 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.

10.0
2005-01-10 CVE-2004-0568 Microsoft Unspecified vulnerability in Microsoft products

HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.

10.0
2005-01-10 CVE-2004-0139 SGI Unspecified vulnerability in SGI Irix

Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors.

10.0
2005-01-10 CVE-2004-1125 Easy Software Products
Xpdf
KDE
Improper Input Validation vulnerability in multiple products

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

9.3
2005-01-10 CVE-2004-1114 Skype Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.

9.3

34 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-13 CVE-2005-0111 Mysql Remote Buffer Overflow vulnerability in Mysql Maxdb 7.5.00

Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.

7.5
2005-01-12 CVE-2005-0376 Sergey Kiselev Remote Security vulnerability in Sergey Kiselev Sgallery 1.01

PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.

7.5
2005-01-11 CVE-2004-0991 Mpg123
Suse
Heap Overflow vulnerability in MPG123 Layer 2 Frame Header

Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.

7.5
2005-01-10 CVE-2005-0284 Woltlab SQL-Injection vulnerability in Woltlab Burning Book 1.0Gold/1.1.1E

SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.

7.5
2005-01-10 CVE-2004-1314 Apple Unspecified vulnerability in Apple Safari

Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.

7.5
2005-01-10 CVE-2004-1291 Amir Malik Remote Security vulnerability in Qwik Smtpd

Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.

7.5
2005-01-10 CVE-2004-1229 Gadu Gadu Remote vulnerability in Gadu-Gadu

Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410.

7.5
2005-01-10 CVE-2004-1165 KDE Unspecified vulnerability in KDE Kdelibs and Konqueror

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command.

7.5
2005-01-10 CVE-2004-1162 Scponly
Gentoo
Remote Arbitrary Command Execution vulnerability in SCPOnly

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.

7.5
2005-01-10 CVE-2004-1161 Rssh
Gentoo
Remote Arbitrary Command Execution vulnerability in RSSH

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

7.5
2005-01-10 CVE-2004-1160 Netscape Remote Window Hijacking vulnerability in Netscape

Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

7.5
2005-01-10 CVE-2004-1158 KDE
Mandrakesoft
Redhat
Remote Window Hijacking vulnerability in KDE Konqueror

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

7.5
2005-01-10 CVE-2004-1157 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 7.54

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.

7.5
2005-01-10 CVE-2004-1122 Apple Unspecified vulnerability in Apple Safari 1.2.3

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

7.5
2005-01-10 CVE-2004-1098 Roaring Penguin
Mandrakesoft
Suse
Multiple Unspecified vulnerability in Roaring Penguin Software MIMEDefang

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

7.5
2005-01-10 CVE-2004-1096 Broadcom
CA
Eset Software
Kaspersky LAB
Mcafee
RAV Antivirus
Sophos
Gentoo
Mandrakesoft
Suse
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
7.5
2005-01-14 CVE-2005-0113 SGI Local Privilege Escalation vulnerability in SGI Irix 6.5

inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.

7.2
2005-01-10 CVE-2004-1313 Webroot Software Local Security vulnerability in Webroot Software MY Firewall Plus 5.0

The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.

7.2
2005-01-10 CVE-2004-1263 Changepassword Denial-Of-Service vulnerability in ChangePassword

changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program.

7.2
2005-01-10 CVE-2004-1151 Linux
Ubuntu
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges.
7.2
2005-01-10 CVE-2004-1149 Broadcom Unspecified vulnerability in Broadcom Etrust EZ Antivirus

Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe.

7.2
2005-01-10 CVE-2004-1138 VIM Development Group Unspecified vulnerability in VIM Development Group VIM

VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu.

7.2
2005-01-10 CVE-2004-1117 Gentoo Local Security vulnerability in Linux

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

7.2
2005-01-10 CVE-2004-1116 Gentoo Local Security vulnerability in Linux

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

7.2
2005-01-10 CVE-2004-1115 Gentoo Local Security vulnerability in Linux

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

7.2
2005-01-10 CVE-2004-1079 Ncpfs Local Buffer Overflow vulnerability in NCPFS

Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option.

7.2
2005-01-10 CVE-2004-1076 Atari800
Debian
Local Buffer Overflow vulnerability in Atari800 Emulator

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file.

7.2
2005-01-10 CVE-2004-1072 Linux
Redhat
Suse
Trustix
Turbolinux
Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

7.2
2005-01-10 CVE-2004-1071 Linux
Redhat
Suse
Trustix
Turbolinux
Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

7.2
2005-01-10 CVE-2004-1070 Linux
Redhat
Suse
Trustix
Turbolinux
Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

7.2
2005-01-10 CVE-2004-1054 IBM Unspecified vulnerability in IBM AIX

Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.

7.2
2005-01-10 CVE-2004-1028 IBM Unspecified vulnerability in IBM AIX

Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod.

7.2
2005-01-10 CVE-2004-0894 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.

7.2
2005-01-10 CVE-2004-0893 Microsoft Unspecified vulnerability in Microsoft products

The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability."

7.2

77 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-10 CVE-2004-1213 Advanced Guestbook Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.2/2.3.1

Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter.

6.8
2005-01-10 CVE-2004-1210 Ipcop HTML Injection vulnerability in Ipcop 1.4.1

Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables.

6.8
2005-01-10 CVE-2004-1202 Phpcms Cross-Site Scripting vulnerability in PHPcms 1.1.9/1.2/1.2.1

Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter.

6.8
2005-01-10 CVE-2004-1197 Insite Cross-Site Scripting vulnerability in InShop and InMail

Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter.

6.8
2005-01-10 CVE-2004-1196 Insite Cross-Site Scripting vulnerability in InShop and InMail

Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter.

6.8
2005-01-10 CVE-2004-1133 Microsoft Unspecified vulnerability in Microsoft W3Who.Dll

Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message.

6.8
2005-01-10 CVE-2004-1130 Youngzsoft Remote vulnerability in Youngzsoft Cmailserver 5.2.0

Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.

6.8
2005-01-10 CVE-2004-1106 Gallery Project
Gentoo
Remote HTML Injection vulnerability in Gallery

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.

6.8
2005-01-10 CVE-2004-1100 Tips Cross-Site Scripting vulnerability in Tips Mailpost 5.1.1Sv

Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter.

6.8
2005-01-10 CVE-2004-1075 Zwiki Cross-Site Scripting vulnerability in Zwiki

Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message.

6.8
2005-01-10 CVE-2004-1193 Prevx Permissions, Privileges, and Access Controls vulnerability in Prevx Home 1.0

Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable.

6.6
2005-01-10 CVE-2004-1267 Easy Software Products
Redhat
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

6.5
2005-01-10 CVE-2004-1228 Sugarcrm Denial-Of-Service vulnerability in Sugar Sales

The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default.

6.4
2005-01-10 CVE-2004-1056 Linux
Ubuntu
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.
6.4
2005-01-10 CVE-2004-0949 Linux
Redhat
Suse
Trustix
Ubuntu
Remote vulnerability in Linux Kernel SMBFS

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

6.4
2005-01-10 CVE-2004-0883 Linux
Redhat
Suse
Trustix
Ubuntu
Remote vulnerability in Linux Kernel SMBFS

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

6.4
2005-01-10 CVE-2004-1068 Linux
Redhat
Ubuntu
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.
6.2
2005-01-10 CVE-2004-1101 Tips Cross-Site Scripting vulnerability in Tips Mailpost 5.1.1Sv

mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message.

5.8
2005-01-10 CVE-2004-1112 Cisco
Okena
Buffer Overflow Protection Bypass vulnerability in Cisco Security Agent

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

5.1
2005-01-16 CVE-2005-0294 Minis Unspecified vulnerability in Minis 0.2.1

minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter.

5.0
2005-01-15 CVE-2005-0095 Squid Denial Of Service vulnerability in Squid Proxy Web Cache Communication Protocol

The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

5.0
2005-01-15 CVE-2005-0094 Squid Remote Buffer Overflow vulnerability in Squid Proxy Gopher To HTML

Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

5.0
2005-01-13 CVE-2005-0740 Openbsd Remote Denial Of Service vulnerability in OpenBSD TCP Timestamp

The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout.

5.0
2005-01-12 CVE-2005-0456 Opera Software Unspecified vulnerability in Opera Software Opera web Browser

Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.

5.0
2005-01-11 CVE-2005-0108 Apache Integer Overflow vulnerability in Apache MOD Auth Radius 1.5.4

Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

5.0
2005-01-11 CVE-2005-0097 Squid Remote Denial of Service vulnerability in Squid Proxy Malformed NTLM Type 3 Message

The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

5.0
2005-01-11 CVE-2004-1039 SCO Denial of Service vulnerability in SCO UnixWare NFS Mountd

The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request.

5.0
2005-01-10 CVE-2005-0287 Bottomline Remote Security vulnerability in Bottomline Webseries Payment Application 4.0

Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.

5.0
2005-01-10 CVE-2004-1294 Luke Mewburn Unspecified vulnerability in Luke Mewburn Tnftp 20030825

The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.

5.0
2005-01-10 CVE-2004-1281 Junkie Remote Security vulnerability in Junkie FTP Client 0.3.1

The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary files via ..

5.0
2005-01-10 CVE-2004-1277 Iglooftp Remote Security vulnerability in Iglooftp 0.6.1

The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.

5.0
2005-01-10 CVE-2004-1269 Easy Software Products
Redhat
lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
5.0
2005-01-10 CVE-2004-1233 Gadu Gadu Denial-Of-Service vulnerability in Gadu-Gadu Instant Messenger

Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length.

5.0
2005-01-10 CVE-2004-1231 Gadu Gadu Directory Traversal vulnerability in Gadu-Gadu Instant Messenger

Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via ..

5.0
2005-01-10 CVE-2004-1230 Gadu Gadu Information Disclosure vulnerability in Gadu-Gadu Instant Messenger

Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype.

5.0
2005-01-10 CVE-2004-1226 Sugarcrm Information Disclosure vulnerability in SugarCRM

SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter.

5.0
2005-01-10 CVE-2004-1223 F Secure Path Disclosure vulnerability in F-Secure Policy Manager 5.11

The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters.

5.0
2005-01-10 CVE-2004-1221 Darryl Burgdorf Directory Traversal vulnerability in Darryl Burgdorf Weblibs 1.0

Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via ..

5.0
2005-01-10 CVE-2004-1220 Digital Illusions Games Remote Denial of Service vulnerability in Digital Illusions

Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference.

5.0
2005-01-10 CVE-2004-1219 PHP Arena Unspecified vulnerability in PHP Arena Pafiledb 3.1

paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session.

5.0
2005-01-10 CVE-2004-1218 Ibex Software Remote Execute Remote Denial of Service vulnerability in Ibex Software Remote Execute 2.3

Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections.

5.0
2005-01-10 CVE-2004-1217 Hosting Controller Unspecified vulnerability in Hosting Controller Hosting Controller 6.1/6.1Hotfix1.4

Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp.

5.0
2005-01-10 CVE-2004-1216 Burut Remote vulnerability in Burut Kreed 1.5

The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game.

5.0
2005-01-10 CVE-2004-1215 Burut Remote vulnerability in Burut Kreed 1.5

Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error.

5.0
2005-01-10 CVE-2004-1212 Blog Torrent Remote Directory Traversal vulnerability in Blog Torrent Blog Torrent Preview 0.8

Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a ..

5.0
2005-01-10 CVE-2004-1209 Verisign Remote Security vulnerability in Payflow Link

Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase.

5.0
2005-01-10 CVE-2004-1207 Serioussam Remote Denial Of Service vulnerability in SeriousSam SeriousEngine User Management

The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero.

5.0
2005-01-10 CVE-2004-1206 Pntresmailer Directory Traversal vulnerability in PNTresMailer

Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a ..

5.0
2005-01-10 CVE-2004-1205 Pntresmailer codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.
5.0
2005-01-10 CVE-2004-1203 Phpcms Information Disclosure vulnerability in PHPcms 1.1.9/1.2.0/1.2.1

parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.

5.0
2005-01-10 CVE-2004-1201 Opera Software Denial Of Service vulnerability in Opera Web Browser Infinite Array Sort

Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

5.0
2005-01-10 CVE-2004-1199 Apple Denial Of Service vulnerability in Apple Safari Web Browser Infinite Array Sort

Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays.

5.0
2005-01-10 CVE-2004-1195 Lucasarts Remote Denial Of Service vulnerability in Lucasarts Star Wars Battlefront 1.11

Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory.

5.0
2005-01-10 CVE-2004-1194 Lucasarts Remote Denial Of Service vulnerability in Lucasarts Star Wars Battlefront 1.11

Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname.

5.0
2005-01-10 CVE-2004-1169 Mysql Denial-Of-Service vulnerability in MaxDB

MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference.

5.0
2005-01-10 CVE-2004-1167 Gentoo Remote Security vulnerability in mirrorselect

mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.

5.0
2005-01-10 CVE-2004-1164 Cisco Remote Denial of Service vulnerability in Cisco CNS Network Registrar DNS and DHCP Server

The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence."

5.0
2005-01-10 CVE-2004-1163 Cisco Denial-Of-Service vulnerability in CNS Network Registrar

Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets.

5.0
2005-01-10 CVE-2004-1148 Phpmyadmin Unspecified vulnerability in PHPmyadmin

phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter.

5.0
2005-01-10 CVE-2004-1136 Globalscape Denial-Of-Service vulnerability in Globalscape Cuteftp 6.0

Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.

5.0
2005-01-10 CVE-2004-1135 Ipswitch Denial-Of-Service vulnerability in Ipswitch WS FTP Server 5.03

Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands.

5.0
2005-01-10 CVE-2004-1123 Apple Unspecified vulnerability in Apple products

Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.

5.0
2005-01-10 CVE-2004-1111 Cisco Denial-Of-Service vulnerability in 7600

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.

5.0
2005-01-10 CVE-2004-1109 Kerio Denial Of Service vulnerability in Kerio Personal Firewall IP Options

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.

5.0
2005-01-10 CVE-2004-1105 Nortel Unspecified vulnerability in Nortel Contivity 4.91

Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.

5.0
2005-01-10 CVE-2004-1103 Tips Remote Debug Mode Information Disclosure vulnerability in Tips Mailpost 5.1.1Sv

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version.

5.0
2005-01-10 CVE-2004-1102 Tips Remote File Enumeration vulnerability in Tips Mailpost 5.1.1Sv

MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information.

5.0
2005-01-10 CVE-2004-1020 PHP Remote vulnerability in PHP

The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism.

5.0
2005-01-10 CVE-2004-1014 NFS
Debian
Mandrakesoft
Redhat
Remote Denial Of Service vulnerability in Linux NFS RPC.STATD

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

5.0
2005-01-10 CVE-2004-0956 Oracle
Suse
Ubuntu
MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote.
5.0
2005-01-10 CVE-2004-0915 Viewcvs
Debian
Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information.
5.0
2005-01-10 CVE-2004-0899 Microsoft Unspecified vulnerability in Microsoft Windows NT 4.0

The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability."

5.0
2005-01-13 CVE-2005-0069 VIM Development Group Unspecified vulnerability in VIM Development Group VIM

The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.

4.6
2005-01-11 CVE-2005-0117 Xshisen Local Security vulnerability in XShisen

Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.

4.6
2005-01-10 CVE-2004-1224 MTR Local Security vulnerability in mtr

Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.

4.6
2005-01-13 CVE-2005-0381 Forumkit Cross-Site Scripting vulnerability in Forumkit 1.0

Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter.

4.3
2005-01-10 CVE-2004-1177 GNU Unspecified vulnerability in GNU Mailman

Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.

4.3

23 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-01-11 CVE-2005-0288 Bottomline Unspecified vulnerability in Bottomline Webseries Payment Application 4.0

The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.

3.6
2005-01-10 CVE-2004-1066 Freebsd Unspecified vulnerability in Freebsd

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory.

3.6
2005-01-14 CVE-2005-0110 Microsoft Security Bypass vulnerability in Microsoft IE 6.0

Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.

2.6
2005-01-10 CVE-2004-1295 UML Utilities Denial-Of-Service vulnerability in Uml-Utilities 20030903

The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).

2.1
2005-01-10 CVE-2004-1276 Iglooftp Local Security vulnerability in Iglooftp 0.6.1

IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.

2.1
2005-01-10 CVE-2004-1270 Easy Software Products
Redhat
lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
2.1
2005-01-10 CVE-2004-1268 Easy Software Products
Redhat
lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
2.1
2005-01-10 CVE-2004-1204 Fluxbox Team Denial-Of-Service vulnerability in Fluxbot

FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow.

2.1
2005-01-10 CVE-2004-1190 Suse Unspecified vulnerability in Suse Linux 8.1/8.2/9.0

SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.

2.1
2005-01-10 CVE-2004-1171 KDE
Mandrakesoft
Redhat
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
2.1
2005-01-10 CVE-2004-1110 Jean Jacques Sarton
Gentoo
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
2.1
2005-01-10 CVE-2004-1108 Gentoo Unspecified vulnerability in Gentoo Linux

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.

2.1
2005-01-10 CVE-2004-1107 Gentoo Unspecified vulnerability in Gentoo Linux

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-01-10 CVE-2004-1074 Linux
Redhat
Suse
Trustix
Turbolinux
Local Denial Of Service And Memory Disclosure vulnerability in Linux Kernel

The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.

2.1
2005-01-10 CVE-2004-1073 Linux
Redhat
Suse
Trustix
Turbolinux
Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

2.1
2005-01-10 CVE-2004-1023 Kerio Local Security vulnerability in Kerio Mailserver, Serverfirewall and Winroute Firewall

Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.

2.1
2005-01-10 CVE-2004-1022 Kerio Unspecified vulnerability in Kerio Mailserver, Serverfirewall and Winroute Firewall

Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.

2.1
2005-01-10 CVE-2004-1016 Linux
Ubuntu
Local Denial of Service vulnerability in Linux Kernel SCM_SEND

The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.

2.1
2005-01-10 CVE-2004-0996 Cscope
Debian
Gentoo
SCO
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
2.1
2005-01-10 CVE-2004-0770 Dgen
Debian
Symbolic Link vulnerability in DGen Emulator

romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files.

2.1
2005-01-10 CVE-2004-1191 Suse Local Security vulnerability in Linux 8.1/9.2

Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages."

1.2
2005-01-10 CVE-2004-1069 Linux
Ubuntu
Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function.
1.2
2005-01-10 CVE-2004-1058 Linux
Ubuntu
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline.
1.2