RHEL 2.1 / 3 : mozilla (RHSA-2004:486)

Updated mozilla packages that fix a number of security issues are now available. Mozilla is an open source Web browser, advanced email and newsgroup client, IRC chat client, and HTML editor. Jesse Ruderman discovered a cross-domain scripting bug in Mozilla. If a user is tricked into dragging a...

Debian DSA-532-2 : libapache-mod-ssl - several vulnerabilities

Two vulnerabilities were discovered in libapache-mod-ssl : - CAN-2004-0488 Stack-based buffer overflow in the sslutiluuencodebinary function in sslutil.c for Apache modssl, when modssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client...

CVE-2004-0903

CVE-2004-0903 describes a stack-based buffer overflow in the writeGroup function of nsVCardObj.cpp, affecting Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8. An attacker could remotely execute arbitrary code by processing malformed VCard attachments d...

CVE-2004-0356

CVE-2004-0356: A stack-based buffer overflow in the Supervisor Report Center of SL Mail Pro 2.0.9 and earlier allows remote code execution via an HTTP request containing a long HTTP sub-version. Affects SL Mail Pro up to version 2.0.9; exploitation details are not provided in the connected docume...

CVE-2004-0234

Multiple stack-based buffer overflows in the getheader function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testi...

libpng stack-based buffer overflow and other code concerns

Chris Evans has discovered multiple vulnerabilities in libpng, which can be exploited by malicious people to compromise a vulnerable system or cause a DoS Denial of Service...

CVE-2004-0695

Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command...

IBM Lotus Notes 6.0/6.5 - Multiple Java Applet Vulnerabilities

source: https://www.securityfocus.com/bid/10704/info IBM Lotus Notes is affected by three vulnerabilities concerning Java applets. An attacker can exploit these issues to disclose potentially sensitive information, cause a web browser to open an arbitrary web page, and cause a stack-based buffer...

CVE-2004-0397

Stack-based buffer overflow during the aprtimet data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a 1 DAV2 REPORT query or 2 get-dated-rev svn-protocol command...

CVE-2004-0456

Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header...

Pavuk HTTP Location header overflow

When pavuk sends a request to a web server and the server sends back the HTTP status code 305 Use Proxy, pavuk copies data from the HTTP Location header in an unsafe manner. This leads to a stack-based buffer overflow with control over EIP...

CVE-2003-0533

Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service LSASS in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute...

CVE-2004-0397

Stack-based buffer overflow during the aprtimet data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a 1 DAV2 REPORT query or 2 get-dated-rev svn-protocol command...

CVE-2004-0399

CVE-2004-0399 describes a stack-based buffer overflow in Exim 3.35 and earlier versions before 4 when sender_verify is enabled. Exploitation can cause denial of service and may allow remote code execution during sender verification. Multiple connected advisories confirm the issue and state that a...

CVE-2004-0399

Stack-based buffer overflow in Exim 3.35, and other versions before 4, when the senderverify option is true, allows remote attackers to cause a denial of service and possibly execute arbitrary code during sender verification...

CVE-2004-0234

CVE-2004-0234: LHA 1.14 contains multiple stack-based buffer overflows in get_header() of header.c, allowing remote attackers or local users to execute arbitrary code via long directory/file names in an LHA archive. The issue affects LHA as used in products such as Barracuda Spam Firewall; overfl...

CVE-2004-0409

Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code...

CVE-2004-0387

Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allows remote attackers to execute arbitrary code via a malformed .R3T file...

CVE-2004-0387

The CVE-2004-0387 issue is a stack-based buffer overflow in the RT3 plugin used by RealPlayer 8, RealOne Player, RealOne Player 10 beta, and RealOne Player Enterprise, allowing remote code execution via malformed .R3T files. Affected components: RT3 plugin within RealPlayer/RealOne Player family....

CVE-2004-0362

Multiple stack-based buffer overflows in the ICQ parsing routines of the ISS Protocol Analysis Module PAM component, as used in various RealSecure, Proventia, and BlackICE products, allow remote attackers to execute arbitrary code via a SRVMULTI response containing a SRVUSERONLINE response packet...