Weekly Vulnerabilities Reports > January 10 to 16, 2005
Overview
232 new vulnerabilities reported during this period, including 100 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 217 products from 158 vendors including Redhat, Suse, Ubuntu, Gentoo, and Trustix. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Improper Input Validation", "Resource Exhaustion", "Permissions, Privileges, and Access Controls", and "Injection".
- 188 reported vulnerabilities are remotely exploitables.
- 231 reported vulnerabilities are exploitable by an anonymous user.
- Redhat has the most reported vulnerabilities, with 25 reported vulnerabilities.
- Redhat has the most reported critical vulnerabilities, with 10 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
100 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-01-11 | CVE-2004-0897 | Microsoft | Buffer Overflow vulnerability in Microsoft Windows 2003 Server and Windows XP The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack. | 10.0 |
2005-01-10 | CVE-2004-1311 | Mplayer | Denial-Of-Service vulnerability in Mplayer 1.0Pre5 Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow. | 10.0 |
2005-01-10 | CVE-2004-1310 | Mplayer | Remote Security vulnerability in Mplayer 1.0Pre5 Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet. | 10.0 |
2005-01-10 | CVE-2004-1309 | Mplayer | Remote Security vulnerability in Mplayer Unix Mplayer 1.0Pre5 Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field. | 10.0 |
2005-01-10 | CVE-2004-1308 | Libtiff | Unspecified vulnerability in Libtiff Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow. | 10.0 |
2005-01-10 | CVE-2004-1304 | File Gentoo Trustix | Buffer Overflow vulnerability in File ELF Header Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. | 10.0 |
2005-01-10 | CVE-2004-1303 | Yanf | Remote Security vulnerability in Yanf 0.4 Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses. | 10.0 |
2005-01-10 | CVE-2004-1302 | Yamt | Unspecified vulnerability in Yamt 0.5 The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag. | 10.0 |
2005-01-10 | CVE-2004-1301 | Xlreader | Remote Security vulnerability in Xlreader 0.9 Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file. | 10.0 |
2005-01-10 | CVE-2004-1300 | Xine | Unspecified vulnerability in Xine Xine-Lib 1Rc7 Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file. | 10.0 |
2005-01-10 | CVE-2004-1299 | Vilistextum | Unspecified vulnerability in Vilistextum 2.6.6 Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page. | 10.0 |
2005-01-10 | CVE-2004-1298 | Michael Kohn | Remote Security vulnerability in Michael Kohn Vb2C 0.02 Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file. | 10.0 |
2005-01-10 | CVE-2004-1297 | Zack Smith | Remote Security vulnerability in Zack Smith Unrtf 0.19.3 Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file. | 10.0 |
2005-01-10 | CVE-2004-1293 | Rtf2Latex2E | Remote Security vulnerability in Rtf2Latex2E 1.0Fc2 Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file. | 10.0 |
2005-01-10 | CVE-2004-1292 | Michael Kohn | Unspecified vulnerability in Michael Kohn Ringtonetools 2.22 Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file. | 10.0 |
2005-01-10 | CVE-2004-1290 | William Hoggarth | Remote Security vulnerability in William Hoggarth Pgn2Web 0.3 Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file. | 10.0 |
2005-01-10 | CVE-2004-1289 | Pcal | Unspecified vulnerability in Pcal Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file. | 10.0 |
2005-01-10 | CVE-2004-1288 | Siag | Unspecified vulnerability in Siag O3Read .3 Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file. | 10.0 |
2005-01-10 | CVE-2004-1286 | Napshare | Remote Security vulnerability in Napshare 1.2 Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response. | 10.0 |
2005-01-10 | CVE-2004-1285 | Mplayer | Remote Security vulnerability in MPlayer Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream. | 10.0 |
2005-01-10 | CVE-2004-1284 | Mpg123 | Unspecified vulnerability in Mpg123 Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist. | 10.0 |
2005-01-10 | CVE-2004-1283 | Mesh Viewer | Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows remote attackers to execute arbitrary code via crafted mesh files. | 10.0 |
2005-01-10 | CVE-2004-1282 | Linpopup | Unspecified vulnerability in Linpopup 1.2 Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation. | 10.0 |
2005-01-10 | CVE-2004-1280 | Junkie | Remote Security vulnerability in Junkie FTP Client 0.3.1 The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename. | 10.0 |
2005-01-10 | CVE-2004-1279 | Jpegtoavi | Remote Security vulnerability in Jpegtoavi 1.5 Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames. | 10.0 |
2005-01-10 | CVE-2004-1278 | Abc2Ps John Chambers | Remote Security vulnerability in abc2ps Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attackers to execute arbitrary code via a crafted ABC file. | 10.0 |
2005-01-10 | CVE-2004-1275 | Html2Hdml | Remote Security vulnerability in Html2Hdml 1.0.3 Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file. | 10.0 |
2005-01-10 | CVE-2004-1274 | Greed | Unspecified vulnerability in Greed 0.81P The DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a filename with shell metacharacters. | 10.0 |
2005-01-10 | CVE-2004-1273 | Greed | Remote Security vulnerability in Greed 0.81P Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename. | 10.0 |
2005-01-10 | CVE-2004-1272 | Bolthole | Remote Security vulnerability in Bolthole Filter 2.6.1 Buffer overflow in the save_embedded_address function in filter.c for elm/bolthole filter 2.6.1 allows remote attackers to execute arbitrary code via a crafted email message. | 10.0 |
2005-01-10 | CVE-2004-1271 | Dxfscope | Remote Security vulnerability in Dxfscope DXF File Format Viewer 0.2 Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file. | 10.0 |
2005-01-10 | CVE-2004-1266 | Jacob Rhoden | Remote Security vulnerability in Jacob Rhoden Csv2Xml 0.5.1 Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file. | 10.0 |
2005-01-10 | CVE-2004-1265 | Alex Dunaevsky | Remote Security vulnerability in Alex Dunaevsky Convex 3D 0.8Pre1 Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the convex-tool program in Convex 3D 0.8pre1 allows remote attackers to execute arbitrary code via a crafted 3DS file. | 10.0 |
2005-01-10 | CVE-2004-1264 | Chbg | Unspecified vulnerability in Chbg 1.5 Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file. | 10.0 |
2005-01-10 | CVE-2004-1262 | Stuart Cunningham | Remote Security vulnerability in Stuart Cunningham Bsb2Ppm 0.0.6 Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm 0.0.6 allows remote attackers to execute arbitrary code via crafted BSB pictures. | 10.0 |
2005-01-10 | CVE-2004-1261 | Asp2Php | Remote Security vulnerability in Asp2PHP 0.76.23 Multiple buffer overflows in the preparse function in asp2php 0.76.23 allow remote attackers to execute arbitrary code via crafted ASP scripts. | 10.0 |
2005-01-10 | CVE-2004-1260 | Abctab2Ps | Remote Security vulnerability in Abctab2Ps 1.6.3 Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function in parse.cpp for abctab2ps 1.6.3 allow remote attackers to execute arbitrary code via crafted ABC files. | 10.0 |
2005-01-10 | CVE-2004-1259 | Abcpp | Remote Security vulnerability in Abcpp 1.3.0 Multiple buffer overflows in the handle_directive function in abcpp.c for abcpp 1.3.0 allow remote attackers to execute arbitrary code via crafted ABC files. | 10.0 |
2005-01-10 | CVE-2004-1258 | Moinejf | Buffer Errors vulnerability in Moinejf Abcm2Ps 3.7.20 Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files. | 10.0 |
2005-01-10 | CVE-2004-1257 | Abc2Mtex | Remote Security vulnerability in Abc2Mtex 1.6.1 Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6.1 allows remote attackers to execute arbitrary code via crafted ABC files. | 10.0 |
2005-01-10 | CVE-2004-1256 | Abcmidi | Remote Security vulnerability in Abcmidi 20041204 Multiple buffer overflows in the (1) event_text and (2) event_specific functions in abc2midi 2004.12.04 allow remote attackers to execute arbitrary code via crafted ABC files. | 10.0 |
2005-01-10 | CVE-2004-1255 | 2Fax | Remote Security vulnerability in 2Fax 3.04 Buffer overflow in the expandtabs function in 2fax 3.04 allows remote attackers to execute arbitrary code via a text file that is converted to TIFF. | 10.0 |
2005-01-10 | CVE-2004-1254 | Rarlab | Remote Security vulnerability in WinRar WinRAR 3.40, and possibly earlier versions, allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, possibly causing an integer overflow that leads to a buffer overflow. | 10.0 |
2005-01-10 | CVE-2004-1232 | Gadu Gadu | Remote Security vulnerability in Gadu-Gadu Instant Messenger Stack-based buffer overflow in the code that sends images in Gadu-Gadu allows remote attackers to execute arbitrary code via a large image filename. | 10.0 |
2005-01-10 | CVE-2004-1227 | Sugarcrm | Input Validation vulnerability in SugarCRM Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to read arbitrary files and possibly execute arbitrary PHP code via .. | 10.0 |
2005-01-10 | CVE-2004-1225 | Sugarcrm | Input Validation vulnerability in SugarCRM SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allows remote attackers to execute arbitrary SQL commands and gain privileges via the record parameter in a DetailView action to index.php, and record parameters in other functionality. | 10.0 |
2005-01-10 | CVE-2004-1222 | Darryl Burgdorf | Directory Traversal vulnerability in Darryl Burgdorf Weblibs 1.0 weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the TextFile parameter. | 10.0 |
2005-01-10 | CVE-2004-1214 | Burut | Remote vulnerability in Burut Kreed 1.5 Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text. | 10.0 |
2005-01-10 | CVE-2004-1211 | David Harris | Buffer Errors vulnerability in David Harris Mercury 4.0.1A Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long arguments to the (1) EXAMINE, (2) SUBSCRIBE, (3) STATUS, (4) APPEND, (5) CHECK, (6) CLOSE, (7) EXPUNGE, (8) FETCH, (9) RENAME, (10) DELETE, (11) LIST, (12) SEARCH, (13) CREATE, or (14) UNSUBSCRIBE commands. | 10.0 |
2005-01-10 | CVE-2004-1208 | 21 6 Productions | Remote Buffer Overflow vulnerability in 21-6 Productions Orbz Buffer overflow in Orbz 2.10 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long password field in a join request. | 10.0 |
2005-01-10 | CVE-2004-1192 | Citadel | Remote Security vulnerability in Citadel/UX Format string vulnerability in the lprintf function in Citadel/UX 6.27 and earlier allows remote attackers to execute arbitrary code via format string specifiers sent to the server. | 10.0 |
2005-01-10 | CVE-2004-1188 | Mplayer Xine Mandrakesoft | The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187. | 10.0 |
2005-01-10 | CVE-2004-1187 | Mplayer Xine Mandrakesoft | Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. | 10.0 |
2005-01-10 | CVE-2004-1172 | Symantec Veritas | Remote Buffer Overflow vulnerability in VERITAS Backup Exec Agent Browser Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname. | 10.0 |
2005-01-10 | CVE-2004-1170 | GNU SUN Suse | a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename. | 10.0 |
2005-01-10 | CVE-2004-1168 | Mysql | Remote Security vulnerability in MaxDB Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header. | 10.0 |
2005-01-10 | CVE-2004-1154 | Samba Redhat Suse Trustix | Remote Integer Overflow vulnerability in Samba Directory Access Control List Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow. | 10.0 |
2005-01-10 | CVE-2004-1153 | Adobe | Denial-Of-Service vulnerability in Adobe Acrobat Reader 6.0/6.0.2/8.0 Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an .ETD document containing format string specifiers in (1) title or (2) baseurl fields. | 10.0 |
2005-01-10 | CVE-2004-1152 | Adobe | Unspecified vulnerability in Adobe Acrobat Reader 5.0.9 Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment. | 10.0 |
2005-01-10 | CVE-2004-1147 | Phpmyadmin | Unspecified vulnerability in PHPmyadmin phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external transformations enabled, allows remote attackers to execute arbitrary commands via shell metacharacters. | 10.0 |
2005-01-10 | CVE-2004-1137 | Linux Ubuntu | Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read. | 10.0 |
2005-01-10 | CVE-2004-1134 | Microsoft | Unspecified vulnerability in Microsoft W3Who.Dll Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string. | 10.0 |
2005-01-10 | CVE-2004-1129 | Youngzsoft | Remote vulnerability in Youngzsoft Cmailserver 5.2.0 SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter. | 10.0 |
2005-01-10 | CVE-2004-1128 | Youngzsoft | Remote vulnerability in Youngzsoft CMailServer Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename. | 10.0 |
2005-01-10 | CVE-2004-1127 | Open DC HUB | Remote Buffer Overflow vulnerability in Open DC HUB Direct Connect Peer-To-Peer Client 0.7.14 Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command. | 10.0 |
2005-01-10 | CVE-2004-1120 | Prozilla | Remote Buffer Overflow vulnerability in ProZilla Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | 10.0 |
2005-01-10 | CVE-2004-1119 | Nullsoft | Remote Buffer Overflow vulnerability in Nullsoft Winamp Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | 10.0 |
2005-01-10 | CVE-2004-1118 | Weonlydo | Remote Buffer Overflow vulnerability in Weonlydo Wodftpdlx Activex Component 2.1.18 Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename. | 10.0 |
2005-01-10 | CVE-2004-1113 | Sqlgrey | SQL Injection vulnerability in SQLgrey Postfix Greylisting Service SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. | 10.0 |
2005-01-10 | CVE-2004-1099 | Cisco | Remote Authentication Bypass vulnerability in Cisco products Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco Secure Access Control Server Solution Engine (ACS Solution Engine) 3.3.1, when the EAP-TLS protocol is enabled, does not properly handle expired or untrusted certificates, which allows remote attackers to bypass authentication and gain unauthorized access via a "cryptographically correct" certificate with valid fields such as the username. | 10.0 |
2005-01-10 | CVE-2004-1097 | Cherokee | Remote Format String vulnerability in Cherokee HTTPD Auth_Pam Authentication Format string vulnerability in the cherokee_logger_ncsa_write_string function in Cherokee 0.4.17 and earlier, when authenticating via auth_pam, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in the URL. | 10.0 |
2005-01-10 | CVE-2004-1095 | ZGV Debian | Remote Integer Overflow vulnerability in ZGV And XZGV Image Viewer Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. | 10.0 |
2005-01-10 | CVE-2004-1094 | Checkmark Innermedia Realnetworks | Remote Stack Based Buffer Overflow vulnerability in InnerMedia DynaZip Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. | 10.0 |
2005-01-10 | CVE-2004-1080 | Microsoft | Remote Memory Corruption vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability." | 10.0 |
2005-01-10 | CVE-2004-1067 | Carnegie Mellon University Redhat Ubuntu | Remote Unspecified vulnerability in Cyrus IMAPD Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. | 10.0 |
2005-01-10 | CVE-2004-1065 | Openpkg PHP Trustix Ubuntu | Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. | 10.0 |
2005-01-10 | CVE-2004-1064 | PHP Canonical | The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. | 10.0 |
2005-01-10 | CVE-2004-1063 | PHP Canonical | PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. | 10.0 |
2005-01-10 | CVE-2004-1026 | Enlightenment Gentoo Redhat | XPM Image Decoding Buffer Overflow vulnerability in IMLib Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | 10.0 |
2005-01-10 | CVE-2004-1025 | Enlightenment Gentoo Redhat | XPM Image Decoding Buffer Overflow vulnerability in IMLib Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | 10.0 |
2005-01-10 | CVE-2004-1019 | Openpkg PHP Trustix Ubuntu | Improper Input Validation vulnerability in multiple products The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. | 10.0 |
2005-01-10 | CVE-2004-1018 | PHP Canonical | Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. | 10.0 |
2005-01-10 | CVE-2004-1015 | Carnegie Mellon University Redhat Ubuntu | Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011. | 10.0 |
2005-01-10 | CVE-2004-1013 | Carnegie Mellon University Openpkg Conectiva Redhat Trustix Ubuntu | The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. | 10.0 |
2005-01-10 | CVE-2004-1012 | Carnegie Mellon University Openpkg Conectiva Redhat Trustix Ubuntu | The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. | 10.0 |
2005-01-10 | CVE-2004-1011 | Carnegie Mellon University Openpkg Conectiva Redhat Trustix Ubuntu | Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. | 10.0 |
2005-01-10 | CVE-2004-1008 | Putty Tortoisecvs | Remote SSH2_MSG_DEBUG Buffer Overflow vulnerability in PuTTY Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow. | 10.0 |
2005-01-10 | CVE-2004-0994 | ZGV Debian | Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. | 10.0 |
2005-01-10 | CVE-2004-0993 | HP | Remote Buffer Overflow vulnerability in HP HPSockd 0.4/0.5 Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code. | 10.0 |
2005-01-10 | CVE-2004-0987 | Yard Radius Yard Radius Project | Remote Buffer Overflow vulnerability in Yard Radius Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code. | 10.0 |
2005-01-10 | CVE-2004-0953 | Jabber Software Foundation | Remote Buffer Overflow vulnerability in Jabber Software Foundation Jabber Server 2.0 Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username. | 10.0 |
2005-01-10 | CVE-2004-0946 | NFS Redhat | Remote Buffer Overflow vulnerability in Linux NFS 64-Bit Architecture rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request. | 10.0 |
2005-01-10 | CVE-2004-0914 | Lesstif X ORG Xfree86 Project Gentoo Redhat Suse | Multiple Unspecified vulnerability in LibXPM Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. | 10.0 |
2005-01-10 | CVE-2004-0901 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in WordPad, does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Font Conversion Vulnerability," a different vulnerability than CVE-2004-0571. | 10.0 |
2005-01-10 | CVE-2004-0900 | Microsoft | Unspecified vulnerability in Microsoft Windows NT 4.0 The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request Vulnerability." | 10.0 |
2005-01-10 | CVE-2004-0571 | Microsoft | Unspecified vulnerability in Microsoft products Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901. | 10.0 |
2005-01-10 | CVE-2004-0568 | Microsoft | Unspecified vulnerability in Microsoft products HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow. | 10.0 |
2005-01-10 | CVE-2004-0139 | SGI | Unspecified vulnerability in SGI Irix Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors. | 10.0 |
2005-01-10 | CVE-2004-1125 | Easy Software Products Xpdf KDE | Improper Input Validation vulnerability in multiple products Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | 9.3 |
2005-01-10 | CVE-2004-1114 | Skype Technologies | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777. | 9.3 |
33 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-01-13 | CVE-2005-0111 | Mysql | Remote Buffer Overflow vulnerability in Mysql Maxdb 7.5.00 Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter. | 7.5 |
2005-01-12 | CVE-2005-0376 | Sergey Kiselev | Remote Security vulnerability in Sergey Kiselev Sgallery 1.01 PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php. | 7.5 |
2005-01-11 | CVE-2004-0991 | Mpg123 Suse | Heap Overflow vulnerability in MPG123 Layer 2 Frame Header Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files. | 7.5 |
2005-01-10 | CVE-2005-0284 | Woltlab | SQL-Injection vulnerability in Woltlab Burning Book 1.0Gold/1.1.1E SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter. | 7.5 |
2005-01-10 | CVE-2004-1314 | Apple | Unspecified vulnerability in Apple Safari Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122. | 7.5 |
2005-01-10 | CVE-2004-1291 | Amir Malik | Remote Security vulnerability in Qwik Smtpd Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer. | 7.5 |
2005-01-10 | CVE-2004-1229 | Gadu Gadu | Remote vulnerability in Gadu-Gadu Cross-site scripting vulnerability in the parser for Gadu-Gadu allows remote attackers to inject arbitrary web script or HTML via (1) http:// or (2) news:// URLs, a different vulnerability than CVE-2004-1410. | 7.5 |
2005-01-10 | CVE-2004-1165 | KDE | Unspecified vulnerability in KDE Kdelibs and Konqueror Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. | 7.5 |
2005-01-10 | CVE-2004-1162 | Scponly Gentoo | Remote Arbitrary Command Execution vulnerability in SCPOnly The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. | 7.5 |
2005-01-10 | CVE-2004-1161 | Rssh Gentoo | Remote Arbitrary Command Execution vulnerability in RSSH rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. | 7.5 |
2005-01-10 | CVE-2004-1160 | Netscape | Remote Window Hijacking vulnerability in Netscape Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
2005-01-10 | CVE-2004-1158 | KDE Mandrakesoft Redhat | Remote Window Hijacking vulnerability in KDE Konqueror Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
2005-01-10 | CVE-2004-1157 | Opera | Injection vulnerability in Opera Browser Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | 7.5 |
2005-01-10 | CVE-2004-1122 | Apple | Unspecified vulnerability in Apple Safari 1.2.3 Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. | 7.5 |
2005-01-10 | CVE-2004-1098 | Roaring Penguin Mandrakesoft Suse | Multiple Unspecified vulnerability in Roaring Penguin Software MIMEDefang MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. | 7.5 |
2005-01-10 | CVE-2004-1096 | Broadcom CA Eset Software Kaspersky LAB Mcafee RAV Antivirus Sophos Gentoo Mandrakesoft Suse | Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. | 7.5 |
2005-01-14 | CVE-2005-0113 | SGI | Local Privilege Escalation vulnerability in SGI Irix 6.5 inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges. | 7.2 |
2005-01-10 | CVE-2004-1313 | Webroot Software | Local Security vulnerability in Webroot Software MY Firewall Plus 5.0 The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges. | 7.2 |
2005-01-10 | CVE-2004-1263 | Changepassword | Denial-Of-Service vulnerability in ChangePassword changepassword.cgi in ChangePassword 0.8, when installed setuid, allows local users to execute arbitrary code by modifying the PATH environment variable to point to a malicious "make" program. | 7.2 |
2005-01-10 | CVE-2004-1149 | Broadcom | Unspecified vulnerability in Broadcom Etrust EZ Antivirus Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0.1.4, installs its files with insecure permissions (ACLs), which allows local users to gain privileges by replacing critical programs with malicious ones, as demonstrated using VetMsg.exe. | 7.2 |
2005-01-10 | CVE-2004-1138 | VIM Development Group | Unspecified vulnerability in VIM Development Group VIM VIM before 6.3 and gVim before 6.3 allow local users to execute arbitrary commands via a file containing a crafted modeline that is executed when the file is viewed using options such as (1) termcap, (2) printdevice, (3) titleold, (4) filetype, (5) syntax, (6) backupext, (7) keymap, (8) patchmode, or (9) langmenu. | 7.2 |
2005-01-10 | CVE-2004-1117 | Gentoo | Local Security vulnerability in Linux The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | 7.2 |
2005-01-10 | CVE-2004-1116 | Gentoo | Local Security vulnerability in Linux The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | 7.2 |
2005-01-10 | CVE-2004-1115 | Gentoo | Local Security vulnerability in Linux The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | 7.2 |
2005-01-10 | CVE-2004-1079 | Ncpfs | Local Buffer Overflow vulnerability in NCPFS Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs 2.2.4, and possibly other versions, may allow local users to gain privileges via a long -T option. | 7.2 |
2005-01-10 | CVE-2004-1076 | Atari800 Debian | Local Buffer Overflow vulnerability in Atari800 Emulator Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file. | 7.2 |
2005-01-10 | CVE-2004-1072 | Linux Redhat Suse Trustix Turbolinux | Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code. | 7.2 |
2005-01-10 | CVE-2004-1071 | Linux Redhat Suse Trustix Turbolinux | Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code. | 7.2 |
2005-01-10 | CVE-2004-1070 | Linux Redhat Suse Trustix Turbolinux | Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code. | 7.2 |
2005-01-10 | CVE-2004-1054 | IBM | Unspecified vulnerability in IBM AIX Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. | 7.2 |
2005-01-10 | CVE-2004-1028 | IBM | Unspecified vulnerability in IBM AIX Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2.0, and 5.3.0 allows local users to execute arbitrary programs by modifying the PATH environment variable to point to a malicious "grep" program, which is executed from chcod. | 7.2 |
2005-01-10 | CVE-2004-0894 | Microsoft | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program. | 7.2 |
2005-01-10 | CVE-2004-0893 | Microsoft | Unspecified vulnerability in Microsoft products The Local Procedure Call (LPC) interface of the Windows Kernel for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the lengths of messages sent to the LPC port, which allows local users to gain privileges, aka "Windows Kernel Vulnerability." | 7.2 |
76 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-01-10 | CVE-2004-1213 | Advanced Guestbook | Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.2/2.3.1 Cross-site scripting (XSS) vulnerability in index.php in Advanced Guestbook 2.3.1, 2.2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the entry parameter. | 6.8 |
2005-01-10 | CVE-2004-1210 | Ipcop | HTML Injection vulnerability in Ipcop 1.4.1 Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the (1) url or (2) part variables. | 6.8 |
2005-01-10 | CVE-2004-1202 | Phpcms | Cross-Site Scripting vulnerability in PHPcms 1.1.9/1.2/1.2.1 Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to inject arbitrary web script or HTML via the file parameter. | 6.8 |
2005-01-10 | CVE-2004-1197 | Insite | Cross-Site Scripting vulnerability in InShop and InMail Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop allows remote attackers to inject arbitrary web script or HTML via the screen parameter. | 6.8 |
2005-01-10 | CVE-2004-1196 | Insite | Cross-Site Scripting vulnerability in InShop and InMail Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail allows remote attackers to inject arbitrary web script or HTML via the acao parameter. | 6.8 |
2005-01-10 | CVE-2004-1133 | Microsoft | Unspecified vulnerability in Microsoft W3Who.Dll Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ISAPI (w3who.dll) allow remote attackers to inject arbitrary HTML and web script via (1) HTTP headers such as "Connection" or (2) invalid parameters whose values are echoed in the resulting error message. | 6.8 |
2005-01-10 | CVE-2004-1130 | Youngzsoft | Remote vulnerability in Youngzsoft Cmailserver 5.2.0 Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments. | 6.8 |
2005-01-10 | CVE-2004-1100 | Tips | Cross-Site Scripting vulnerability in Tips Mailpost 5.1.1Sv Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter. | 6.8 |
2005-01-10 | CVE-2004-1075 | Zwiki | Cross-Site Scripting vulnerability in Zwiki Cross-site scripting (XSS) vulnerability in standard_error_message.dtml for Zwiki after 0.10.0rc1 to 0.36.2 allows remote attackers to inject arbitrary HTML and web script via a malformed URL, which is not properly cleansed when generating an error message. | 6.8 |
2005-01-10 | CVE-2004-1193 | Prevx | Permissions, Privileges, and Access Controls vulnerability in Prevx Home 1.0 Prevx Home 1.0 allows local users with administrator privileges to bypass the intrusion prevention features by directly writing to \device\physicalmemory, which restores the running kernel's original SDT ServiceTable. | 6.6 |
2005-01-10 | CVE-2004-1267 | Easy Software Products Redhat | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file. | 6.5 |
2005-01-10 | CVE-2004-1228 | Sugarcrm | Denial-Of-Service vulnerability in Sugar Sales The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not removed after installation, which allows attackers to obtain the MySQL administrative password in cleartext from an installation form, or to cause a denial of service by changing database settings to the default. | 6.4 |
2005-01-10 | CVE-2004-1056 | Linux Ubuntu | Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output. | 6.4 |
2005-01-10 | CVE-2004-0949 | Linux Redhat Suse Trustix Ubuntu | Remote vulnerability in Linux Kernel SMBFS The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times. | 6.4 |
2005-01-10 | CVE-2004-0883 | Linux Redhat Suse Trustix Ubuntu | Remote vulnerability in Linux Kernel SMBFS Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function. | 6.4 |
2005-01-10 | CVE-2004-1068 | Linux Redhat Ubuntu | A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition. | 6.2 |
2005-01-10 | CVE-2004-1101 | Tips | Cross-Site Scripting vulnerability in Tips Mailpost 5.1.1Sv mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash), leak sensitive pathname information in the resulting error message, and execute a cross-site scripting (XSS) attack via an HTTP request that contains a / (backslash) and arbitrary webscript before the requested file, which leaks the pathname and does not quote the script in the resulting Visual Basic error message. | 5.8 |
2005-01-10 | CVE-2004-1112 | Cisco Okena | Buffer Overflow Protection Bypass vulnerability in Cisco Security Agent The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. | 5.1 |
2005-01-16 | CVE-2005-0294 | Minis | Unspecified vulnerability in Minis 0.2.1 minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter. | 5.0 |
2005-01-15 | CVE-2005-0095 | Squid | Denial Of Service vulnerability in Squid Proxy Web Cache Communication Protocol The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers. | 5.0 |
2005-01-15 | CVE-2005-0094 | Squid | Remote Buffer Overflow vulnerability in Squid Proxy Gopher To HTML Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses. | 5.0 |
2005-01-13 | CVE-2005-0740 | Openbsd | Remote Denial Of Service vulnerability in OpenBSD TCP Timestamp The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote attackers to cause a denial of service (system panic) via crafted values in the TCP timestamp option, which causes invalid arguments to be used when calculating the retransmit timeout. | 5.0 |
2005-01-12 | CVE-2005-0456 | Opera | Unspecified vulnerability in Opera Browser Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code. | 5.0 |
2005-01-11 | CVE-2005-0108 | Apache | Integer Overflow vulnerability in Apache MOD Auth Radius 1.5.4 Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument. | 5.0 |
2005-01-11 | CVE-2005-0097 | Squid | Remote Denial of Service vulnerability in Squid Proxy Malformed NTLM Type 3 Message The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference. | 5.0 |
2005-01-11 | CVE-2004-1039 | SCO | Denial of Service vulnerability in SCO UnixWare NFS Mountd The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, and possibly other versions, when run from inetd, allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests, which causes inetd to launch a separate process for each request. | 5.0 |
2005-01-10 | CVE-2005-0287 | Bottomline | Remote Security vulnerability in Bottomline Webseries Payment Application 4.0 Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values. | 5.0 |
2005-01-10 | CVE-2004-1294 | Luke Mewburn | Unspecified vulnerability in Luke Mewburn Tnftp 20030825 The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters. | 5.0 |
2005-01-10 | CVE-2004-1281 | Junkie | Remote Security vulnerability in Junkie FTP Client 0.3.1 The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary files via .. | 5.0 |
2005-01-10 | CVE-2004-1277 | Iglooftp | Remote Security vulnerability in Iglooftp 0.6.1 The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters. | 5.0 |
2005-01-10 | CVE-2004-1269 | Easy Software Products Redhat | lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail. | 5.0 |
2005-01-10 | CVE-2004-1233 | Gadu Gadu | Denial-Of-Service vulnerability in Gadu-Gadu Instant Messenger Integer overflow in Gadu-Gadu allows remote attackers to cause a denial of service (disk consumption) via a user packet to the DCC file transfer capability with an invalid file length. | 5.0 |
2005-01-10 | CVE-2004-1231 | Gadu Gadu | Directory Traversal vulnerability in Gadu-Gadu Instant Messenger Directory traversal vulnerability in Gadu-Gadu allows remote attackers to read arbitrary files via .. | 5.0 |
2005-01-10 | CVE-2004-1230 | Gadu Gadu | Information Disclosure vulnerability in Gadu-Gadu Instant Messenger Gadu-Gadu allows remote attackers to gain sensitive information and read files from the _cache directory of other users via a DCC connection and a CTCP packet that contains a 1 as the type and a 4 as the subtype. | 5.0 |
2005-01-10 | CVE-2004-1226 | Sugarcrm | Information Disclosure vulnerability in SugarCRM SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gain sensitive information via certain requests to scripts that contain invalid input, which reveals the path in an error message, as demonstrated using phprint.php with an empty module parameter. | 5.0 |
2005-01-10 | CVE-2004-1223 | F Secure | Path Disclosure vulnerability in F-Secure Policy Manager 5.11 The Management Agent in F-Secure Policy Manager 5.11.2810 allows remote attackers to gain sensitive information, such as the absolute path for the web server, via an HTTP request to fsmsh.dll without any parameters. | 5.0 |
2005-01-10 | CVE-2004-1221 | Darryl Burgdorf | Directory Traversal vulnerability in Darryl Burgdorf Weblibs 1.0 Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows remote attackers to read arbitrary files via .. | 5.0 |
2005-01-10 | CVE-2004-1220 | Digital Illusions | Games Remote Denial of Service vulnerability in Digital Illusions Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and earlier, allows a remote master server to cause a denial of service (client crash) via a server reply that contains a large numplayers value, which triggers a null dereference. | 5.0 |
2005-01-10 | CVE-2004-1219 | PHP Arena | Unspecified vulnerability in PHP Arena Pafiledb 3.1 paFileDB 3.1, when using sessions authentication and while the administrator logs on, allows remote attackers to read the administrator's password hash and conduct brute force password guessing attacks by listing the contents of the sessions directory and reading the associated file for the administrator session. | 5.0 |
2005-01-10 | CVE-2004-1218 | Ibex Software | Remote Execute Remote Denial of Service vulnerability in Ibex Software Remote Execute 2.3 Remote Execute 2.30 allows remote attackers to cause a denial of service (application crash) by making 7 simultaneous connections. | 5.0 |
2005-01-10 | CVE-2004-1217 | Hosting Controller | Unspecified vulnerability in Hosting Controller Hosting Controller 6.1/6.1Hotfix1.4 Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter to (1) Statsbrowse.asp or (2) Generalbrowse.asp. | 5.0 |
2005-01-10 | CVE-2004-1216 | Burut | Remote vulnerability in Burut Kreed 1.5 The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via a long (1) nickname or (2) model type, which generates dialog boxes on the server that must be manually handled before the server continues the game. | 5.0 |
2005-01-10 | CVE-2004-1215 | Burut | Remote vulnerability in Burut Kreed 1.5 Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which causes a "message too long" socket error. | 5.0 |
2005-01-10 | CVE-2004-1212 | Blog Torrent | Remote Directory Traversal vulnerability in Blog Torrent Blog Torrent Preview 0.8 Directory traversal vulnerability in btdownload.php in Blog Torrent preview 0.8 allows remote attackers to download arbitrary files via a .. | 5.0 |
2005-01-10 | CVE-2004-1209 | Verisign | Remote Security vulnerability in Payflow Link Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase. | 5.0 |
2005-01-10 | CVE-2004-1207 | Serioussam | Remote Denial Of Service vulnerability in SeriousSam SeriousEngine User Management The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol 1.04 and earlier, (2) Nitro family, and (3) Serious Sam Second Encounter 1.07 allows remote attackers to cause a denial of service (server crash) via a large number of UDP join requests that exceeds the maximum player limit, as originally reported for Alpha Black Zero. | 5.0 |
2005-01-10 | CVE-2004-1206 | Pntresmailer | Directory Traversal vulnerability in PNTresMailer Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. | 5.0 |
2005-01-10 | CVE-2004-1205 | Pntresmailer | codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message. | 5.0 |
2005-01-10 | CVE-2004-1203 | Phpcms | Information Disclosure vulnerability in PHPcms 1.1.9/1.2.0/1.2.1 parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path. | 5.0 |
2005-01-10 | CVE-2004-1201 | Opera | Resource Exhaustion vulnerability in Opera Browser Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | 5.0 |
2005-01-10 | CVE-2004-1199 | Apple | Denial Of Service vulnerability in Apple Safari Web Browser Infinite Array Sort Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sorts the newly created arrays. | 5.0 |
2005-01-10 | CVE-2004-1195 | Lucasarts | Remote Denial Of Service vulnerability in Lucasarts Star Wars Battlefront 1.11 Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a join request that contains a memory address that causes the server to read arbitrary memory. | 5.0 |
2005-01-10 | CVE-2004-1194 | Lucasarts | Remote Denial Of Service vulnerability in Lucasarts Star Wars Battlefront 1.11 Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remote attackers to cause a denial of service (application crash) via a long nickname. | 5.0 |
2005-01-10 | CVE-2004-1169 | Mysql | Denial-Of-Service vulnerability in MaxDB MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause a denial of service (application crash) via an HTTP GET request for a file that does not exist, followed by two carriage returns, which causes a NULL dereference. | 5.0 |
2005-01-10 | CVE-2004-1167 | Gentoo | Remote Security vulnerability in mirrorselect mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack. | 5.0 |
2005-01-10 | CVE-2004-1164 | Cisco | Remote Denial of Service vulnerability in Cisco CNS Network Registrar DNS and DHCP Server The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (process crash) via a certain "unexpected packet sequence." | 5.0 |
2005-01-10 | CVE-2004-1163 | Cisco | Denial-Of-Service vulnerability in CNS Network Registrar Cisco CNS Network Registrar Central Configuration Management (CCM) server 6.0 through 6.1.1.3 allows remote attackers to cause a denial of service (CPU consumption) by ending a connection after sending a certain sequence of packets. | 5.0 |
2005-01-10 | CVE-2004-1148 | Phpmyadmin | Unspecified vulnerability in PHPmyadmin phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. | 5.0 |
2005-01-10 | CVE-2004-1136 | Globalscape | Denial-Of-Service vulnerability in Globalscape Cuteftp 6.0 Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands. | 5.0 |
2005-01-10 | CVE-2004-1135 | Ipswitch | Denial-Of-Service vulnerability in Ipswitch WS FTP Server 5.03 Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. | 5.0 |
2005-01-10 | CVE-2004-1123 | Apple | Unspecified vulnerability in Apple products Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | 5.0 |
2005-01-10 | CVE-2004-1111 | Cisco | Denial-Of-Service vulnerability in 7600 Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | 5.0 |
2005-01-10 | CVE-2004-1109 | Kerio | Denial Of Service vulnerability in Kerio Personal Firewall IP Options The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. | 5.0 |
2005-01-10 | CVE-2004-1105 | Nortel | Unspecified vulnerability in Nortel Contivity 4.91 Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | 5.0 |
2005-01-10 | CVE-2004-1103 | Tips | Remote Debug Mode Information Disclosure vulnerability in Tips Mailpost 5.1.1Sv MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version. | 5.0 |
2005-01-10 | CVE-2004-1102 | Tips | Remote File Enumeration vulnerability in Tips Mailpost 5.1.1Sv MailPost 5.1.1sv, and possibly earlier versions, displays a different error message depending on whether the requested file exists or not, which allows remote attackers to gain sensitive information. | 5.0 |
2005-01-10 | CVE-2004-1020 | PHP | Remote vulnerability in PHP The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are otherwise protected by the magic_quotes_gpc mechanism. | 5.0 |
2005-01-10 | CVE-2004-1014 | NFS Debian Mandrakesoft Redhat | Remote Denial Of Service vulnerability in Linux NFS RPC.STATD statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. | 5.0 |
2005-01-10 | CVE-2004-0956 | Oracle Suse Ubuntu | MySQL before 4.0.20 allows remote attackers to cause a denial of service (application crash) via a MATCH AGAINST query with an opening double quote but no closing double quote. | 5.0 |
2005-01-10 | CVE-2004-0915 | Viewcvs Debian | Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporting a repository as a tar archive, does not properly implement the hide_cvsroot and forbidden settings, which could allow remote attackers to gain sensitive information. | 5.0 |
2005-01-10 | CVE-2004-0899 | Microsoft | Unspecified vulnerability in Microsoft Windows NT 4.0 The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) via a malformed DHCP message, aka "Logging Vulnerability." | 5.0 |
2005-01-13 | CVE-2005-0069 | VIM Development Group | Unspecified vulnerability in VIM Development Group VIM The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files. | 4.6 |
2005-01-11 | CVE-2005-0117 | Xshisen | Local Security vulnerability in XShisen Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field. | 4.6 |
2005-01-10 | CVE-2004-1224 | MTR | Local Security vulnerability in mtr Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator. | 4.6 |
2005-01-13 | CVE-2005-0381 | Forumkit | Cross-Site Scripting vulnerability in Forumkit 1.0 Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter. | 4.3 |
2005-01-10 | CVE-2004-1177 | GNU | Unspecified vulnerability in GNU Mailman Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page. | 4.3 |
23 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-01-11 | CVE-2005-0288 | Bottomline | Unspecified vulnerability in Bottomline Webseries Payment Application 4.0 The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords. | 3.6 |
2005-01-10 | CVE-2004-1066 | Freebsd | Unspecified vulnerability in Freebsd The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. | 3.6 |
2005-01-14 | CVE-2005-0110 | Microsoft | Security Bypass vulnerability in Microsoft IE 6.0 Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function. | 2.6 |
2005-01-10 | CVE-2004-1295 | UML Utilities | Denial-Of-Service vulnerability in Uml-Utilities 20030903 The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled). | 2.1 |
2005-01-10 | CVE-2004-1276 | Iglooftp | Local Security vulnerability in Iglooftp 0.6.1 IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP. | 2.1 |
2005-01-10 | CVE-2004-1270 | Easy Software Products Redhat | lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message. | 2.1 |
2005-01-10 | CVE-2004-1268 | Easy Software Products Redhat | lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors. | 2.1 |
2005-01-10 | CVE-2004-1204 | Fluxbox Team | Denial-Of-Service vulnerability in Fluxbot FluxBox 0.9.10 and earlier versions allows local users to cause a denial of service (application crash) by calling Xman with a long -title value, possibly triggering a buffer overflow. | 2.1 |
2005-01-10 | CVE-2004-1190 | Suse | Unspecified vulnerability in Suse Linux 8.1/8.2/9.0 SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices. | 2.1 |
2005-01-10 | CVE-2004-1171 | KDE Mandrakesoft Redhat | KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | 2.1 |
2005-01-10 | CVE-2004-1110 | Jean Jacques Sarton Gentoo | The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | 2.1 |
2005-01-10 | CVE-2004-1108 | Gentoo | Unspecified vulnerability in Gentoo Linux qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | 2.1 |
2005-01-10 | CVE-2004-1107 | Gentoo | Unspecified vulnerability in Gentoo Linux dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 2.1 |
2005-01-10 | CVE-2004-1074 | Linux Redhat Suse Trustix Turbolinux | Local Denial Of Service And Memory Disclosure vulnerability in Linux Kernel The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary. | 2.1 |
2005-01-10 | CVE-2004-1073 | Linux Redhat Suse Trustix Turbolinux | Local Privilege Escalation vulnerability in Linux Kernel BINFMT_ELF Loader The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality. | 2.1 |
2005-01-10 | CVE-2004-1023 | Kerio | Local Security vulnerability in Kerio Mailserver, Serverfirewall and Winroute Firewall Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration. | 2.1 |
2005-01-10 | CVE-2004-1022 | Kerio | Unspecified vulnerability in Kerio Mailserver, Serverfirewall and Winroute Firewall Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software. | 2.1 |
2005-01-10 | CVE-2004-1016 | Linux Ubuntu | Local Denial of Service vulnerability in Linux Kernel SCM_SEND The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition. | 2.1 |
2005-01-10 | CVE-2004-0996 | Cscope Debian Gentoo SCO | main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. | 2.1 |
2005-01-10 | CVE-2004-0770 | Dgen Debian | Symbolic Link vulnerability in DGen Emulator romload.c in DGen Emulator 1.23 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files during decompression of (1) gzip or (2) bzip ROM files. | 2.1 |
2005-01-10 | CVE-2004-1191 | Suse | Local Security vulnerability in Linux 8.1/9.2 Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems that have more than 4GB of memory, could allow local users to read unauthorized memory from "foreign memory pages." | 1.2 |
2005-01-10 | CVE-2004-1069 | Linux Ubuntu | Race condition in SELinux 2.6.x through 2.6.9 allows local users to cause a denial of service (kernel crash) via SOCK_SEQPACKET unix domain sockets, which are not properly handled in the sock_dgram_sendmsg function. | 1.2 |
2005-01-10 | CVE-2004-1058 | Linux Ubuntu | Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline. | 1.2 |