Latest CVE Feed
-
5.0
MEDIUMCVE-2004-1294
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.... Read more
Affected Products : tnftp- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
6.2
MEDIUMCVE-2004-1068
A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.... Read more
Affected Products : linux_kernel enterprise_linux enterprise_linux_desktop ubuntu_linux linux_advanced_workstation- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0899
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) v... Read more
Affected Products : windows_nt- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1019
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and ... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-1130
Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.... Read more
Affected Products : cmailserver- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1264
Buffer overflow in the simplify_path function in config.c for ChBg 1.5 allows remote attackers to execute arbitrary code via a crafted chbg scenario file.... Read more
Affected Products : chbg- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1022
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from with... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1020
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are ot... Read more
Affected Products : php- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1014
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1308
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-b... Read more
Affected Products : libtiff- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0946
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1177
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1160
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window o... Read more
Affected Products : navigator- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
6.5
MEDIUMCVE-2004-1267
Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-1116
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.... Read more
Affected Products : linux- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1096
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed f... Read more
Affected Products : brightstor_arcserve_backup suse_linux etrust_ez_antivirus etrust_intrusion_detection kaspersky_anti-virus linux mandrake_linux etrust_secure_content_manager sophos_anti-virus etrust_antivirus +12 more products- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1188
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads ... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-1071
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1310
Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.... Read more
Affected Products : mplayer- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1282
Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation.... Read more
Affected Products : linpopup- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025