15 matches found
CVE-2004-1082
CVE-2004-1082 affects Apache 1.3.31 and 1.3.32 on Mac OS X Server. The vulnerability arises in mod_digest_apple where the server does not properly verify the nonce in a client response, allowing remote attackers to replay credentials. The NVD entry (CVSS v2 base score 7.5, HIGH) indicates a netwo...
CVE-2004-0495
Summary: CVE-2004-0495 refers to multiple vulnerabilities in Linux kernel 2.4 and 2.6, identified by the Sparse source-checking tool, that can allow local privilege escalation or access to kernel memory. Affected software: Linux kernel for 2.4 and 2.6 series. Root cause/impact: local attacker cou...
CVE-2004-0554
CVE-2004-0554 affects the Linux kernel (2.4.x and 2.6.x on x86). The root cause is a local-denial-of-service condition triggered by an infinite loop that abuses a sequence of fsave/frstor instructions in a signal handler (as demonstrated by crash.c). The practical impact is a system crash/DoS wit...
CVE-2004-1235
CVE-2004-1235 documents a race condition in the Linux kernel (load_elf_library and binfmt_aout paths used by uselib) affecting 2.4 (through 2.429-rc2) and 2.6 (through 2.6.10). Exploitation allows a local user to execute arbitrary code by manipulating the VMA descriptor. The initial description p...
CVE-2004-1050
CVE-2004-1050 affects Internet Explorer 6. A heap-based buffer overflow occurs when parsing long NAME or SRC attributes in IFRAME/FRAME/EMBED elements, allowing remote code execution. Exploitation typically involves loading a crafted page; CVSS notes high risk (network exploit, no user interactio...
CVE-2004-0842
The CVE-2004-0842 issue affects Internet Explorer 6.0 SP1 and earlier (Windows platforms) and is caused by an unchecked buffer in CSS parsing that can trigger heap memory corruption via crafted CSS (for example, the “@;/*”” sequence). Successful exploitation could lead to remote code execution or...
CVE-2004-0212
CVE-2004-0212 describes a stack-based buffer overflow in the Windows Task Scheduler (mstask) that affects Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0. The vulnerability occurs in how Task Scheduler handles long parameters in .job files, allowing a remote or local attacker to ex...
CVE-2005-0003
CVE-2005-0003 affects 64‑bit Linux kernel 2.6 before 2.6.10. The issue is in 64‑bit ELF support where overlapping VMA allocations are not properly checked, enabling local attackers to crash the system (denial of service) or run arbitrary code via a crafted ELF or a.out. Affected component: kernel...
CVE-2004-0201
The CVE-2004-0201 entry documents a heap-based buffer overflow in the HTML Help viewer hh.exe used by HTML Help (.chm) on Windows platforms (Windows 98, Me, NT 4.0, 2000, XP, and Server 2003). The vulnerability allows remote code execution via a .CHM file with a large length field, enabling an at...
CVE-2004-0841
The CVE-2004-0841 entry corresponds to Internet Explorer 6.x vulnerability commonly called Script in Image Tag File Download (also HijackClick 3). The connected advisories describe this as an IE vulnerability that allows a remote attacker to escalate privileges by abusing script execution in imag...
CVE-2004-1307
CVE-2004-1307 describes a heap-based buffer overflow in libtiff 3.6.1 triggered by a TIFF file using the STRIPOFFSETS flag with many strips, due to an overflow in TIFFFetchStripThing in tif_dirread.c. The vulnerability could allow remote code execution as a result of processing crafted TIFF files...
CVE-2004-0839
CVE-2004-0839 is the IE Drag-and-Drop Vulnerability. The connected docs show it as a publicly disclosed CAN-2005-0053 vulnerability, which was addressed by Microsoft security updates MS05-014 and related MS05-008. The vulnerability arises from Internet Explorer handling drag-and-drop events, allo...
CVE-2004-0215
CVE-2004-0215 describes a denial-of-service vulnerability in Microsoft Outlook Express 5.5 SP2 and Outlook Express 6 (including SP1 and 64‑bit/Windows Server 2003 variants) where a specially crafted or malformed e-mail header could crash the application. The issue is documented in MS04-018 (CAN-2...
CVE-2004-0205
The CVE-2004-0205 entry corresponds to a buffer overrun in the IIS 4.0 redirect function that could allow remote code execution on affected systems. Concrete details in the connected MS04-021 bulletin indicate IIS 4.0 (Windows NT 4.0 with SP6a) is affected, while IIS 5.x/6.x are not. The vulnerab...
CVE-2005-4471
CVE-2005-4471 concerns the POP3 service in Avaya Modular Messaging Message Storage Server (MSS) 2.0 SP4 and earlier. The vulnerability allows remote attackers to cause a denial-of-service (infinite loop) by sending crafted packets over the network. The available records explicitly identify the af...