2493 matches found
CVE-2004-0970
The 1 gzexe, 2 zdiff, and 3 znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367...
CVE-2005-0072
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files...
CVE-2004-0560
Integer overflow in gopher daemon gopherd 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted content of a certain size that triggers the overflow...
newspost -- server response buffer overflow vulnerability
The newspost program uses a function named socketgetline to read server responses from the network socket. Unfortunately this function does not check the length of the buffer in which the read data is stored and only stops reading when a newline character is found. A malicious NNTP server could u...
CVE-2004-0996
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack...
CVE-2004-1284
Buffer overflow in the findnextfile function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist...
CVE-2004-1064
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute...
CVE-2004-0987
Buffer overflow in the processmenu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code...
CVE-2004-1309
Heap-based buffer overflow in the demuxopenbmp function in demuxbmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap BMP file containing a large biClrUsed field...
CVE-2004-1183
Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted TIFF file...
CVE-2004-1392
PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...
CVE-2004-2014
Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via a symlink attack on the name of the file being downloaded...
CVE-2004-2265
UUDeview 0.5.20 and earlier handles temporary files insecurely during decoding, with unknown attack vectors and impact...
CVE-2004-1377
The 1 fixps aka fixps.in and 2 psmandup aka psmandup.in scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files...
CVE-2004-0564
Roaring Penguin pppoe rp-ppoe, if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this...
CVE-2004-1309
Heap-based buffer overflow in the demuxopenbmp function in demuxbmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap BMP file containing a large biClrUsed field...
CVE-2004-1287
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194...
CVE-2004-1170
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename...
CVE-2004-0982
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ at sign in a URL...
ez-ipupdate -- format string vulnerability
Data supplied by a remote server is used as the format string instead of as parameters in a syslog call. This may lead to crashes or potential running of arbitrary code. It is only a problem when running in daemon mode very common and when using some service types...