Latest CVE Feed
-
7.2
HIGHCVE-2004-0579
Format string vulnerability in super before 3.23 allows local users to execute arbitrary code as root.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0674
Enterasys XSR-1800 series Security Routers, when running firmware 7.0.0.0 and using Policy-Based Routing, allow remote attackers to cause a denial of service (crash) via a packet with the IP record route option set.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0528
Netscape Navigator 7.1 allows remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the malicious site, which facilitates ... Read more
Affected Products : navigator- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0538
LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers and executes new applications, which could allow attackers to execute arbitrary code without warning the user.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0539
The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which could allow remote attackers to execute arbitrary code.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0639
Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and ... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0640
Format string vulnerability in the SSL_set_verify function in telnetd.c for SSLtelnet daemon (SSLtelnetd) 0.13 allows remote attackers to execute arbitrary code.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0649
Buffer overflow in write_packet in control.c for l2tpd may allow remote attackers to execute arbitrary code.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0591
Cross-site scripting (XSS) vulnerability in the print_header_uc function for SqWebMail 4.0.4 and earlier, and possibly 3.x, allows remote attackers to inject arbitrary web script or HRML via (1) e-mail headers or (2) a message with a "message/delivery-sta... Read more
Affected Products : sqwebmail- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0522
Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0136
The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary."... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0205
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0137
Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues."... Read more
Affected Products : irix- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-0581
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0641
Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and possibly earlier versions, generates predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.... Read more
Affected Products : speedtouch- Published: Aug. 05, 2004
- Modified: Apr. 03, 2025
-
9.0
HIGHCVE-2004-1371
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1369
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.4
MEDIUMCVE-2004-1367
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local use... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
4.6
MEDIUMCVE-2004-1366
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025
-
9.8
CRITICALCVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.... Read more
- Published: Aug. 04, 2004
- Modified: Apr. 03, 2025