CVE-2004-0405

CVS before 1.11 allows CVS clients to read arbitrary files via .. dot dot sequences in filenames via CVS client requests, a different vulnerability than CVE-2004-0180...

CVE-2004-0403

Removed by vendor...

mplayer heap overflow in http requests

A remotely exploitable heap buffer overflow vulnerability was found in MPlayer's URL decoding code. If an attacker can cause MPlayer to visit a specially crafted URL, arbitrary code execution with the privileges of the user running MPlayer may occur. A visit' might be caused by social engineering...

oftpd denial-of-service vulnerability (PORT command)

Philippe Oechslin reported a denial-of-service vulnerability in oftpd. The oftpd server can be crashed by sending a PORT command containing an integer over 8 bits long over 255...

CVE-2004-0009

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user...

CVE-2003-0969

...

kdepim exploitable buffer overflow in VCF reader

A buffer overflow is present in some versions of the KDE personal information manager kdepim which may be triggered when processing a specially crafted VCF file...

[Full-Disclosure] Monit 4.1 HTTP interface multiple security vulnerabilities

S-Quadra Advisory 2003-11-24 Topic: Monit 4.1 HTTP interface Multiple Security Vulnerabilities Severity: High Vendor URL: http://www.tildeslash.com/monit/ Advisory URL: http://www.s-quadra.com/advisories/Adv-20031124.txt Release date: 22 Nov 2003 1. DESCRIPTION Monit...

[Full-Disclosure] sh-httpd `wildcard character' vulnerability

======================================== INetCop Security Advisory 2003-0x82-019 ======================================== Title: sh-httpd wildcard character' vulnerability 0x01. Description About: sh-httpd is a shell script-based Web server that supports GET and HEAD methods, and a CGI 1.1...

CVE-2003-0720

Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type...

CVE-2002-1566

netris 0.5, and possibly other versions before 0.52, when running with the -w wait option, allows remote attackers to cause a denial of service crash via a long string to port 9284...

CVE-2003-0476

...

CVE-2003-0620

Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via 1 MANDATORYMANPATH, MANPATHMAP, and MANDBMAP arguments to addtodirlist in manp.c, 2 a long pathname to ultsrc in ultsrc.c, 3 a long .so argument to testforinclude in ultsrc.c, 4 ...

CVE-2003-0577

mpg123 0.59r allows remote attackers to cause a denial of service and possibly execute arbitrary code via an MP3 file with a zero bitrate, which creates a negative frame size...

CVE-2003-0517

faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files...

CVE-2003-0253

The prefork MPM in Apache 2 before 2.0.47 does not properly handle certain errors from accept, which could lead to a denial of service...

CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

DEBIAN-CVE-2003-0189

The authentication module for Apache 2.0.40 through 2.0.45 on Unix does not properly handle threads safely when using the cryptr or crypt functions, which allows remote attackers to cause a denial of service failed Basic authentication with valid usernames and passwords when a threaded MPM is use...

Low: Red Hat Security Advisory: LPRng security update

Updated LPRng packages resolving a temporary file vulnerability are now available. LPRng is a print spooler. LPRng includes a program, psbanner, that can be used to produce Postscript banner pages to separate print jobs. A vulnerability has been found in psbanner, which creates in an insecure...

Low: Red Hat Security Advisory: man security update

Updated man packages fix a minor security vulnerability. The man package includes tools for finding information and documentation about commands on a system. Versions of man before 1.51 have a bug where a malformed man file can cause a program named "unsafe" to be run. To exploit this vulnerabili...