Lucene search
K

87 matches found

CVE
CVE
added 2004/11/16 5:0 a.m.136 views

CVE-2004-1036

CVE-2004-1036 affects SquirrelMail prior to versions 1.4.3a and earlier, and 1.5.1-cvs before 23 Oct 2004. The vulnerability is a cross-site scripting (XSS) flaw in the decoding of encoded text in certain headers within mime.php, enabling remote attackers to run arbitrary web script or HTML in th...

6.8CVSS5.9AI score0.02818EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.122 views

CVE-2004-0930

CVE-2004-0930 affects Samba 3.0.4, 3.0.7 (and possibly other versions). The issue is in the ms_fnmatch function, allowing remote authenticated users to cause high CPU denial of service via a SAMBA request containing multiple asterisks (*) in the wildcard pattern. The provided documents confirm th...

5CVSS5.9AI score0.04906EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.122 views

CVE-2004-0975

The CVE-2004-0975 issue affects the der_chop script in OpenSSL implementations (notably Trustix Secure Linux 1.5–2.1 and other OSes). The vulnerability arises from insecure temporary file handling, enabling a local user to overwrite files via a symlink attack. Documented impact is local privilege...

2.1CVSS5.4AI score0.00415EPSS
CVE
CVE
added 2013/12/13 6:0 p.m.117 views

CVE-2013-0348

CVE-2013-0348 affects thttpd/thttpd-derived sthttpd: versions prior to 2.26.4-r2 and 2.25b expose a world-readable /var/log/thttpd.log. The root cause is incorrect file permissions, permitting local users to read sensitive information from the log file. Implication: local information disclosure w...

2.1CVSS6AI score0.00523EPSS
CVE
CVE
added 2005/06/20 4:0 a.m.110 views

CVE-2005-1267

The CVE-2005-1267 issue affects the BGP dissector in tcpdump (v3.x). The vuln arises when bgp_update_print fails to handle a -1 return from decode_prefix4, enabling a remote attacker to trigger a denial-of-service via an infinite loop by sending a crafted BGP packet. The impact is a DoS on affect...

5CVSS6AI score0.13502EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.108 views

CVE-2004-0889

CVE-2004-0889 involves multiple integer overflows in xpdf 3.0 and in code paths that reuse xpdf (e.g., in CUPS) that can be exploited remotely to crash the service (DoS) and potentially execute arbitrary code. The description confirms a remote impact and the possibility of code execution, tied to...

10CVSS7.3AI score0.06209EPSS
CVE
CVE
added 2005/02/15 5:0 a.m.105 views

CVE-2005-0206

Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.

7.5CVSS6.7AI score0.02986EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.105 views

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

5CVSS6.3AI score0.02301EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.102 views

CVE-2004-0981

CVE-2004-0981 affects ImageMagick and concerns a buffer overflow in the TIFF/EXIF parsing routine that can lead to remote code execution via a crafted image file. The initial record states the vulnerability exists in ImageMagick before 6.1.0, with a network-based attack vector and critical impact...

10CVSS7.3AI score0.05843EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.99 views

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

10CVSS6.2AI score0.03855EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.98 views

CVE-2004-0914

Concrete details: CVE-2004-0914 concerns multiple vulnerabilities in libXpm (as used by XFree86/X.Org) including integer overflows, out-of-bounds reads, directory traversal, shell metacharacter issues, endless loops, and memory leaks in parsing XPM images. If exploited via a crafted XPM file, rem...

10CVSS7.6AI score0.08698EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.97 views

CVE-2005-3626

CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...

5CVSS6.1AI score0.0341EPSS
CVE
CVE
added 2004/10/26 4:0 a.m.95 views

CVE-2004-0888

CVE-2004-0888 : Multiple integer overflows in xpdf (v2.0/v3.0) and in code that uses xpdf (e.g., CUPS, gpdf, kdegraphics) allow remote attackers to crash services and possibly execute arbitrary code. Some reports note 64-bit builds can exacerbate the overflow (pdftops/filter path). Remediation is...

10CVSS7.6AI score0.09334EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.92 views

CVE-2004-0996

CVE-2004-0996 affects cscope 15-4 and 15-5 where main.c creates temporary files with predictable names, enabling local symlink attacks to overwrite arbitrary files. The issue is a local-security vulnerability arising from insecure temporary file creation. Publicly documented fixes show upgrades t...

2.1CVSS6AI score0.01145EPSS
CVE
CVE
added 2004/07/06 4:0 a.m.91 views

CVE-2004-0497

CVE-2004-0497 describes a local privilege escalation in the Linux kernel 2.x family (notably 2.4/2.6-rc3) due to missing DAC controls in sys_chown, enabling a local user to modify the group ownership of files (including NFS-exported files) they do not own. The underlying issue allows changing fil...

2.1CVSS5.7AI score0.00801EPSS
Web
CVE
CVE
added 2004/12/10 5:0 a.m.91 views

CVE-2004-1026

CVE-2004-1026 involves multiple integer overflows in the image handler of the imlib library (versions up to 1.9.14 and earlier) that is used by gkrellm and several window managers. The issue, documented across OpenVAS and Gentoo GLSA entries, is rooted in the image processing code and can be trig...

10CVSS7.4AI score0.04934EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.90 views

CVE-2004-1106

CVE-2004-1106 affects Gallery up to version 1.4.4-pl3, with the vulnerability located in index.php include handling. The issue is a cross-site scripting (XSS) flaw that lets remote attackers provide specially formed URLs to inject arbitrary web script or HTML, via the include parameter, potential...

6.8CVSS5.9AI score0.01477EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.89 views

CVE-2005-0077

CVE-2005-0077 affects the perl-DBI (libdbi-perl) library. The issue is insecure handling of temporary files via a symlink attack on a temporary PID file, enabling local users to overwrite arbitrary files. Multiple connected advisories reference updates or patches addressing this vulnerability (e....

2.1CVSS6AI score0.00412EPSS
CVE
CVE
added 2004/07/06 4:0 a.m.88 views

CVE-2004-0496

The CVE-2004-0496 entry refers to multiple local vulnerabilities in the Linux kernel 2.6, distinct from CVE-2004-0495, discovered via Sparse. Connected sources (Gentoo GLSA advisories GLSA-200407-02 and GLSA-200407-16, OpenVAS NASLs, and NVD/NVD-style listings) corroborate that CAN-2004-0496 conc...

7.2CVSS6.5AI score0.00393EPSS
CVE
CVE
added 2005/04/06 4:0 a.m.88 views

CVE-2005-0988

CVE-2005-0988 describes a race condition in gzip prior to 1.3.5 that affects permission handling during decompression. Specifically, when decompressing a file, a local attacker could exploit a hard-link or timing issue to change the permissions of an arbitrary file (or overwrite it) in the target...

3.7CVSS5.9AI score0.00655EPSS
CVE
CVE
added 2004/10/28 4:0 a.m.86 views

CVE-2004-0990

CVE-2004-0990 describes an integer overflow in the GD Graphics Library (libgd) 2.0.28 (and possibly earlier/other versions) that can be triggered by PNG image files with large image row values. This leads to a heap-based buffer overflow in gdImageCreateFromPngCtx, enabling remote denial of servic...

10CVSS7.9AI score0.28255EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.83 views

CVE-2004-0565

CVE-2004-0565 affects Linux 2.4.x kernel code where the MFH bit is checked without verifying the FPH owner in the context switch path. This enables local attackers to read register values of other processes, exposing partial confidentiality. The vulnerability description explicitly states the iss...

2.1CVSS5.7AI score0.00444EPSS
CVE
CVE
added 2004/10/21 4:0 a.m.83 views

CVE-2004-0891

GAIM is affected by CVE-2004-0891: a buffer overflow in the MSN protocol handler (MSNSLP) for gaim versions 0.79 through 1.0.1, caused by an unbounded copy that writes to the wrong buffer during processing of an unexpected MSNSLP sequence. This can cause remote denial of service (crash) and poten...

10CVSS8AI score0.06862EPSS
CVE
CVE
added 2004/12/15 5:0 a.m.83 views

CVE-2004-1025

CVE-2004-1025 concerns multiple heap-based buffer overflows in imlib 1.9.14 and earlier, a library used by gkrellm and several window managers. The vulnerability allows remote attackers to crash the application and, per the description, to execute arbitrary code via crafted image files, effective...

10CVSS7.5AI score0.05178EPSS
CVE
CVE
added 2004/10/21 4:0 a.m.82 views

CVE-2004-0918

CVE-2004-0918: Squid’s SNMP parser (asn_parse_header in asn1.c) before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) by sending SNMP packets with negative length fields that trigger a memory allocation error. The issue yields a partial availability impact and i...

5CVSS6.2AI score0.1603EPSS
CVE
CVE
added 2004/12/22 5:0 a.m.82 views

CVE-2004-1304

CVE-2004-1304 affects the file utility; a stack-based buffer overflow in the ELF header parsing code (in file before 4.12) could allow arbitrary code execution when processing a crafted ELF file. Impact: arbitrary code execution with full privileges as described in the vulnerability entry. Remedi...

10CVSS7.6AI score0.11396EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.81 views

CVE-2004-0983

Ruby CGI module vulnerability CVE-2004-0983 allows remote denial of service via a crafted HTTP request. Affected are Ruby 1.6 up to 1.6.7 and Ruby 1.8 up to 1.8.1 (i.e., versions before 1.6.8 and before 1.8.2). The issue is described as causing an infinite loop and CPU consumption. Remediation is...

5CVSS6.2AI score0.01898EPSS
CVE
CVE
added 2004/11/18 5:0 a.m.81 views

CVE-2004-1052

CVE-2004-1052: A buffer overflow in the getnickuserhost function of BNC (notably version 2.8.9 and possibly older/newer variants) can be triggered by an IRC server response containing a sequence of many ! or @ characters, allowing remote code execution. Public sources (NVD entry and security advi...

10CVSS7.7AI score0.03577EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.79 views

CVE-2004-0935

CVE-2004-0935 affects Eset Anti-Virus prior to 1.020. A ZIP archive with both local and global headers set to zero could bypass antivirus protection and allow a malicious file to be opened on the target system. PoC/proofs of concept code and advisories (e.g., iDEFENSE CAN references) document det...

7.5CVSS6.4AI score0.15059EPSS
CVE
CVE
added 2004/10/20 4:0 a.m.79 views

CVE-2004-0972

CVE-2004-0972 concerns the lvmcreate_initrd helper in the Trustix/ lvm package (lvm1) where a temporary-directory creation flaw enables a local attacker to perform a symlink-based overwrite of arbitrary files. The described root cause is insecure handling of temporary files by the script, allowin...

2.1CVSS5.8AI score0.00393EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.79 views

CVE-2004-1029

The vulnerability CVE-2004-1029 affects Sun Java Plug-in in JRE 1.4.2_01, 1.4.2_04, and possibly earlier versions, where data transfer between JavaScript and Java applets fails to restrict access. The root cause is improper isolation that allows a remote attacker to use reflection to access priva...

9.3CVSS7.3AI score0.17018EPSS
CVE
CVE
added 2013/11/15 6:16 p.m.79 views

CVE-2013-2031

CVE-2013-2031 affects MediaWiki up to 1.19.6/1.20.x before 1.20.5 and is an XSS through a CDATA SVG UTF-7 sequence misinterpreted as UTF-8. Affected component: MediaWiki core (SVG handling and related sanitization). Impact: cross-site scripting possible in affected installations. Evidence/ground:...

4.3CVSS6.7AI score0.02502EPSS
CVE
CVE
added 2004/11/24 5:0 a.m.77 views

CVE-2004-0947

CVE-2004-0947 is confirmed across connected docs as a vulnerability in the unarj utility. The issue is a buffer overflow when handling long filenames in arj archives, enabling remote code execution. Related advisories additionally describe a directory-traversal weakness in the -x extract option t...

10CVSS7.6AI score0.07369EPSS
CVE
CVE
added 2005/09/28 4:0 a.m.76 views

CVE-2005-2557

CVE-2005-2557 is a cross-site scripting (XSS) flaw in MantisBT (0.19.0a1 through 1.0.0a3) exploitable via the dir parameter to view_all_set.php (bug#0005959). The available documents confirm the vulnerability class and affected range; no explicit remediation or exploitation details are provided b...

4.3CVSS5.4AI score0.02576EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.75 views

CVE-2004-1037

CVE-2004-1037 affects TWiki prior to fix where the search function accepts a user-supplied search string. The vulnerability allows remote attackers to execute arbitrary OS commands by injecting shell metacharacters in the search parameter to the WebSearch script, potentially compromising the TWik...

10CVSS7.3AI score0.61668EPSS
Web
CVE
CVE
added 2004/12/10 5:0 a.m.75 views

CVE-2004-1161

The CVE-2004-1161 entry concerns rssh 2.2.2 and earlier, where the program restricting logic fails to properly limit which programs can be run. This could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp...

7.5CVSS6.8AI score0.07327EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.75 views

CVE-2004-1307

CVE-2004-1307 describes a heap-based buffer overflow in libtiff 3.6.1 triggered by a TIFF file using the STRIPOFFSETS flag with many strips, due to an overflow in TIFFFetchStripThing in tif_dirread.c. The vulnerability could allow remote code execution as a result of processing crafted TIFF files...

7.5CVSS7.7AI score0.0634EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.74 views

CVE-2004-0980

The CVE-2004-0980 entry concerns a format string vulnerability in ez-ipupdate.c affecting ez-ipupdate 3.0.10 through 3.0.11b8. When running in daemon mode with certain service types, a remote attacker could cause arbitrary code execution. The provided documents consistently reference vulnerable v...

10CVSS7AI score0.03818EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.74 views

CVE-2004-1176

CVE-2004-1176 : A buffer underflow in extfs.c of Midnight Commander (mc) prior to 4.5.56 allows remote attackers to cause a denial of service and possibly execute arbitrary code. Documents consistently describe the issue as a remote vulnerability affecting mc with the buffer underflow in the extf...

7.5CVSS7.1AI score0.03103EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.73 views

CVE-2004-1110

The CVE concerns mtink status monitor for Epson printers; versions prior to 1.0.5 allow local users to overwrite arbitrary files via a symlink attack on the Epson temporary file. Root cause: insecure temporary file handling. Impact: local integrity impact. Mitigation: upgrade to 1.0.5 or later.

2.1CVSS6.2AI score0.00362EPSS
CVE
CVE
added 2004/11/19 5:0 a.m.72 views

CVE-2004-0936

CVE-2004-0936 refers to a ZIP header manipulation vulnerability affecting anti-virus engines (notably RAV) where both local and global ZIP headers can be set to zero, allowing a compressed file to bypass protection and still be opened. The connected sources describe a proof-of-concept and public ...

7.5CVSS6.4AI score0.14785EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.72 views

CVE-2004-1004

CVE-2004-1004 affects Midnight Commander (mc) up to version 4.5.55 with multiple format string vulnerabilities. The provided connected advisories confirm that various distros release patches (e.g., SUSE SLES9 patch 5011441, Gentoo GLSA 200502-24, Debian DSA 639-1) to fix these issues. The CVE ent...

7.5CVSS6.5AI score0.01625EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.72 views

CVE-2004-1005

CVE-2004-1005 refers to multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier. The initial description notes remote attackers could trigger these issues with unknown impact, and connected advisories (e.g., Debian DSA 639-1, Gentoo GLSA 200502-24, SuSE OpenVAS entries) indicate t...

7.5CVSS6.5AI score0.01787EPSS
CVE
CVE
added 2004/12/01 5:0 a.m.72 views

CVE-2004-1108

CVE-2004-1108 affects Gentoo: Gentoo Portage (dispatch-conf) and Gentoolkit’s qpkg query tool, with the vulnerable component being temporary file handling. Gentoolkit 0.2.0_pre10 and earlier uses predictable names in the temporary directory, enabling a local attacker to create a symlink to a targ...

2.1CVSS6.3AI score0.00342EPSS
CVE
CVE
added 2005/04/24 4:0 a.m.72 views

CVE-2005-0754

CVE-2005-0754 affects KDE’s Kommander: KDE 3.2–3.4.0 allows remote attackers to cause arbitrary code execution by Kommander executing data files without user confirmation. The root cause is untrusted data/file handling by Kommander, enabling remote code execution if a user opens a malicious file....

7.5CVSS7AI score0.0298EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.71 views

CVE-2004-0634

The CVE-2004-0634 issue affects Ethereal (the SMB dissector) with the SMB SID snooping capability, in versions 0.9.15 through 0.10.4. The root cause is a null dereference triggered by a handle without a policy name in SMB processing, allowing a remote attacker to cause a denial of service (proces...

5CVSS6.1AI score0.05275EPSS
CVE
CVE
added 2004/07/08 4:0 a.m.71 views

CVE-2004-0635

CVE-2004-0635 affects Ethereal 0.8.15–0.10.4, where the SNMP dissector is vulnerable. A remote attacker can trigger a denial of service (process crash) via a malformed or missing community string, causing an out-of-bounds read. The description explicitly ties the issue to the SNMP dissector, the ...

5CVSS6.2AI score0.05275EPSS
CVE
CVE
added 2005/04/16 4:0 a.m.71 views

CVE-2005-1121

CVE-2005-1121 affects Oops! Proxy Server up to version 1.5.23. A format string vulnerability in the my_xlog function (lib.c), triggered via the passwd_mysql and passwd_pgsql authentication modules, may allow an attacker to execute arbitrary code remotely by crafting a URL. The CVSS v2 base score ...

5CVSS7.1AI score0.02298EPSS
CVE
CVE
added 2005/01/22 5:0 a.m.70 views

CVE-2004-1174

The CVE-2004-1174 vulnerability affects Midnight Commander (mc) up to and including version 4.5.55, in which direntry.c contains the flaw that allows a denial of service via manipulating non-existing file handles. The description clearly states this is a denial of service condition caused by the ...

5CVSS6.1AI score0.0143EPSS
CVE
CVE
added 2008/02/29 2:0 a.m.70 views

CVE-2008-1078

CVE-2008-1078 affects the expn component of am-utils (and related net-fs usage) on Gentoo, rPath Linux, and other distros. The issue is an insecure temporary-file handling in expn that allows a local user to perform a symlink attack on expn[PID], enabling overwriting of arbitrary files. This vuln...

7.2CVSS6AI score0.00514EPSS
Total number of security vulnerabilities87