Latest CVE Feed
-
2.1
LOWCVE-2004-0136
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0661
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thi... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1712
Cross-site scripting (XSS) vulnerability in TypePad allows remote attackers to inject arbitrary Javascript via the name parameter.... Read more
Affected Products : typepad- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0540
Microsoft Windows 2000, when running in a domain whose Fully Qualified Domain Name (FQDN) is exactly 8 characters long, does not prevent users with expired passwords from logging on to the domain.... Read more
Affected Products : windows_2000- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0543
Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and Oracle E-Business Suite 11.5.1 through 11.5.8 allow remote attackers to execute arbitrary SQL procedures and queries.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1710
page.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the url parameter.... Read more
Affected Products : page_cgi- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0650
UploadServlet in Cisco Collaboration Server (CCS) running ServletExec before 3.0E allows remote attackers to upload and execute arbitrary files via a direct call to the UploadServlet URL.... Read more
Affected Products : servletexec- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0417
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume di... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0588
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.... Read more
Affected Products : usermin- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header line... Read more
Affected Products : http_server linux secure_linux converged_communications_server s8300 s8500 s8700 http_server- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0416
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0495
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.... Read more
Affected Products : linux_kernel enterprise_linux suse_linux modular_messaging_message_storage_server linux linux converged_communications_server intuity_audix s8300 s8500 +8 more products- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-0589
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.... Read more
Affected Products : ios- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0212
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Exp... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0554
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a ... Read more
Affected Products : linux_kernel enterprise_linux suse_linux modular_messaging_message_storage_server linux linux converged_communications_server intuity_audix s8300 s8500 +8 more products- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0641
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.... Read more
Affected Products : speedtouch- Published: Aug. 05, 2004
- Modified: Apr. 03, 2025
-
9.0
HIGHCVE-2004-1371
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1369
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
7.8
HIGHCVE-2004-1368
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-1366
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025