Latest CVE Feed
-
5.0
MEDIUMCVE-2004-1768
The character converters in the Spamhunter and Language ID modules for Symantec Brightmail AntiSpam 6.0.1 before patch 132 allow remote attackers to cause a denial of service (crash) via messages with the ISO-8859-10 character set, which is not recognized... Read more
Affected Products : brightmail_antispam- Published: Dec. 17, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1323
Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow local users to cause a denial of service (kernel crash) via a large signal number to (1) xxx_sys_kill, (2) xxx_sys_sigaction, and possibly other translation functions.... Read more
Affected Products : netbsd- Published: Dec. 16, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1322
Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange, has several hard coded usernames and passwords, which allows remote attackers to gain unauthorized access and change configuration settings or read outgoing or incoming e-mail message... Read more
Affected Products : unity_server- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1320
Asante FM2008 running firmware 1.06 is shipped with a default username and password, which could allow remote attackers to gain unauthorized access.... Read more
Affected Products : fm2008_managed_ethernet_switch- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1319
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent i... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1142
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1334
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-1321
The configuration backup in Asante FM2008 running firmware 1.06 stores the username and password in cleartext, which could allow remote attackers to gain unauthorized access.... Read more
Affected Products : fm2008_managed_ethernet_switch- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1145
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1333
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-1335
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-1139
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).... Read more
- Published: Dec. 15, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-1059
Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2.26 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) next and (2) prev result search pages, and the (3) extended and (4) simple search forms.... Read more
Affected Products : mnogosearch- Published: Dec. 10, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-1351
Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.... Read more
- Published: Dec. 07, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0455
Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to execute arbitrary code via a web page that is processed by www-sql.... Read more
- Published: Dec. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0604
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference.... Read more
- Published: Dec. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0627
The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.... Read more
Affected Products : mysql- Published: Dec. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0625
SQL injection vulnerability in Infinity WEB 1.0 allows remote attackers to bypass authentication and gain privileges via the login page.... Read more
Affected Products : infinity_web- Published: Dec. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0621
admin.php in Newsletter ZWS allows remote attackers to gain administrative privileges via a list_user operation with the ulevel parameter set to 1 (administrator level), which lists all users and their passwords.... Read more
Affected Products : newsletter_zws- Published: Dec. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0395
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call.... Read more
Affected Products : gatos- Published: Dec. 06, 2004
- Modified: Apr. 03, 2025