Latest CVE Feed
-
6.8
MEDIUMCVE-2004-0519
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compo... Read more
- EPSS Score: %0.12
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0233
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.... Read more
- EPSS Score: %0.21
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0761
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote attackers to use certain redirect sequences to spoof the security lock icon that makes a web page appear to be encrypted.... Read more
- EPSS Score: %1.03
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0764
Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, allow remote web sites to hijack the user interface via the "chrome" flag and XML User Interface Language (XUL) files.... Read more
- EPSS Score: %2.54
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0513
Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact and attack vectors related to "logging when tracing system calls."... Read more
- EPSS Score: %0.50
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0520
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.... Read more
- EPSS Score: %18.73
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0234
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA arch... Read more
Affected Products : winzip f-secure_anti-virus internet_gatekeeper f-secure_internet_security winrar propack fedora_core f-secure_personal_express mailsweeper f-secure_for_firewalls +3 more products- EPSS Score: %8.48
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-0229
The framebuffer driver in Linux kernel 2.6.x does not properly use the fb_copy_cmap function, with unknown impact.... Read more
- EPSS Score: %0.08
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0769
Buffer overflow in LHA allows remote attackers to execute arbitrary code via long pathnames in LHarc format 2 headers for a .LHZ archive, as originally demonstrated using the "x" option but also exploitable through "l" and "v", and fixed in header.c, a di... Read more
Affected Products : bugzilla- EPSS Score: %3.89
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0419
XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.requestPort is 0, which could allow remote attackers to connect to the port, in violation of the intended restrictions.... Read more
- EPSS Score: %2.80
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-0175
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.... Read more
Affected Products : openssh- EPSS Score: %0.75
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0433
Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) client for (1) MPlayer before 1.0pre4 and (2) xine lib (xine-lib) before 1-rc4, when playing Real RTSP (realrtsp) streams, allow remote attackers to cause a denial of service (crash) and... Read more
- EPSS Score: %3.09
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0722
Integer overflow in the SOAPParameter object constructor in (1) Netscape version 7.0 and 7.1 and (2) Mozilla 1.6, and possibly earlier versions, allows remote attackers to execute arbitrary code.... Read more
- EPSS Score: %23.11
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0765
The cert_TestHostName function in Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, only checks the hostname portion of a certificate when the hostname portion of the URI is not a fully qualified domain name (FQDN), which allows remote a... Read more
- EPSS Score: %0.77
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0763
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.... Read more
Affected Products : firefox- EPSS Score: %17.69
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0425
Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows remote attackers to execute arbitrary code via a large SMPROFILE cookie.... Read more
Affected Products : sideminder_affiliate_agent- EPSS Score: %5.32
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0839
Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to dr... Read more
Affected Products : internet_explorer windows_2000 windows_2003_server windows_xp windows_98 ie modular_messaging_message_storage_server windows_98se windows_me ip600_media_servers +8 more products- EPSS Score: %38.83
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2003-0193
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html").... Read more
Affected Products : catdoc- EPSS Score: %0.10
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0767
NGSEC StackDefender 1.10 allows attackers to cause a denial of service (system crash) via an invalid address for the ObjectAttribues parameter to the hooks for the (1) ZwCreateFile or (2) ZwOpenFile functions.... Read more
Affected Products : stackdefender- EPSS Score: %0.48
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0501
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, wh... Read more
Affected Products : outlook- EPSS Score: %50.42
- Published: Aug. 18, 2004
- Modified: Apr. 03, 2025