Latest CVE Feed
-
10.0
HIGHCVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" i... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1096
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed f... Read more
Affected Products : brightstor_arcserve_backup suse_linux etrust_ez_antivirus etrust_intrusion_detection kaspersky_anti-virus linux mandrake_linux etrust_secure_content_manager sophos_anti-virus etrust_antivirus +12 more products- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1167
mirrorselect before 0.89 creates temporary files in a world-writable location with predictable file names, which allows remote attackers to overwrite arbitrary files via a symlink attack.... Read more
Affected Products : mirrorselect- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1310
Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.... Read more
Affected Products : mplayer- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-1071
The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1022
Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from with... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1160
Netscape 7.x to 7.2, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window o... Read more
Affected Products : navigator- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1014
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0900
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition does not properly validate the length of certain messages, which allows remote attackers to execute arbitrary code via a malformed DHCP message, aka the "DHCP Request ... Read more
Affected Products : windows_nt- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1177
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1020
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but are ot... Read more
Affected Products : php- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1308
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-b... Read more
Affected Products : libtiff- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0946
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1165
Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using ... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2004-0883
Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1284
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.... Read more
Affected Products : mpg123- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0993
Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.... Read more
Affected Products : sockd- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2004-0949
The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) ... Read more
- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0899
The DHCP Server service for Microsoft Windows NT 4.0 Server and Terminal Server Edition, with DHCP logging enabled, does not properly validate the length of certain messages, which allows remote attackers to cause a denial of service (application crash) v... Read more
Affected Products : windows_nt- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1294
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.... Read more
Affected Products : tnftp- Published: Jan. 10, 2005
- Modified: Apr. 03, 2025