Lucene search

K

15 matches found

CVE
CVE
added 2005/03/01 5:0 a.m.118 views

CVE-2004-1036

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

6.8CVSS5.9AI score0.04171EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.65 views

CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPng...

10CVSS7.9AI score0.34839EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.65 views

CVE-2004-1052

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

10CVSS7.7AI score0.01472EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.62 views

CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

5CVSS6.2AI score0.01117EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.60 views

CVE-2004-1029

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using ...

9.3CVSS7.3AI score0.42558EPSS
CVE
CVE
added 2005/03/07 5:0 a.m.53 views

CVE-2005-0667

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

5.1CVSS7.6AI score0.0334EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.52 views

CVE-2004-1027

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

5CVSS6.5AI score0.06284EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.50 views

CVE-2004-1033

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.

2.1CVSS6AI score0.00071EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.50 views

CVE-2004-1037

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

10CVSS7.3AI score0.85829EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.48 views

CVE-2004-1030

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.

2.1CVSS6AI score0.00071EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.47 views

CVE-2004-1034

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

10CVSS7.9AI score0.0593EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.47 views

CVE-2004-1055

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the in...

6.8CVSS5.6AI score0.01171EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.43 views

CVE-2004-1032

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the res...

2.1CVSS6.2AI score0.00059EPSS
CVE
CVE
added 2005/03/14 5:0 a.m.43 views

CVE-2005-0470

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

5CVSS6.8AI score0.01207EPSS
CVE
CVE
added 2005/03/01 5:0 a.m.38 views

CVE-2004-1031

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, s...

7.2CVSS6.2AI score0.00047EPSS