Latest CVE Feed
-
10.0
HIGHCVE-2004-0418
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program d... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0492
Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a la... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0550
Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.... Read more
Affected Products : realplayer- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0530
The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path.... Read more
Affected Products : slackware_linux- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0205
Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0526
Unknown versions of Internet Explorer and Outlook allow remote attackers to spoof a legitimate URL in the status bar via A HREF tags with modified "alt" values that point to the legitimate site, combined with an image map whose href points to the maliciou... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0460
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVE... Read more
Affected Products : suse_linux dhcpd mandrake_linux fedora_core dns_one_appliance suse_email_server suse_linux_admin-cd_for_firewall suse_linux_connectivity_server suse_linux_database_server suse_linux_firewall_cd +1 more products- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0582
Unknown vulnerability in Webmin 1.140 allows remote attackers to bypass access control rules and gain read access to configuration information for a module.... Read more
Affected Products : webmin- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0645
Buffer overflow in the wvHandleDateTimePicture function in wv library (wvWare) 0.7.4 through 0.7.6 and 1.0.0 allows remote attackers to execute arbitrary code via a document with a long DateTime field.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.5
HIGHCVE-2004-0204
Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, an... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0212
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Exp... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
4.3
MEDIUMCVE-2004-0589
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.... Read more
Affected Products : ios- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
7.2
HIGHCVE-2004-0495
Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow local users to gain privileges or access kernel memory, as found by the Sparse source code checking tool.... Read more
Affected Products : linux_kernel enterprise_linux suse_linux modular_messaging_message_storage_server linux linux converged_communications_server intuity_audix s8300 s8500 +8 more products- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
2.1
LOWCVE-2004-0554
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a ... Read more
Affected Products : linux_kernel enterprise_linux suse_linux modular_messaging_message_storage_server linux linux converged_communications_server intuity_audix s8300 s8500 +8 more products- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
6.8
MEDIUMCVE-2004-0588
Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.... Read more
Affected Products : usermin- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0417
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume di... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
6.4
MEDIUMCVE-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header line... Read more
Affected Products : http_server linux secure_linux converged_communications_server s8300 s8500 s8700 http_server- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
10.0
HIGHCVE-2004-0416
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0668
Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a denial of service (server crash) via a large e-mail message, as demonstrated using a large image attachment.... Read more
Affected Products : lotus_domino- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025
-
5.0
MEDIUMCVE-2004-0215
Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of service (application crash) via a malformed e-mail header.... Read more
- Published: Aug. 06, 2004
- Modified: Apr. 03, 2025