Openpkg@current Security Vulnerabilities and Issues — Openpkg@current CVE List

Lucene search

OpenpkgOpenpkgcurrent

11 matches found

CVE•added 2005/01/10 5:0 a.m.•108 views

CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" re...

10CVSS9.7AI score0.08105EPSS

CVE•added 2007/11/07 11:46 p.m.•108 views

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

7.5CVSS9.8AI score0.11413EPSS

Web

CVE•added 2005/01/10 5:0 a.m.•70 views

CVE-2004-1011

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

10CVSS9.7AI score0.16617EPSS

CVE•added 2005/03/01 5:0 a.m.•69 views

CVE-2004-0990

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPng...

10CVSS7.9AI score0.34839EPSS

CVE•added 2005/02/09 5:0 a.m.•65 views

CVE-2004-0957

Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.

6.8CVSS5.9AI score0.00386EPSS

CVE•added 2005/01/27 5:0 a.m.•64 views

CVE-2004-0918

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

5CVSS6.2AI score0.68742EPSS

CVE•added 2005/01/10 5:0 a.m.•64 views

CVE-2004-1013

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corru...

10CVSS9.5AI score0.10245EPSS

CVE•added 2005/01/10 5:0 a.m.•59 views

CVE-2004-1065

Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.

10CVSS7.5AI score0.06905EPSS

CVE•added 2005/01/10 5:0 a.m.•57 views

CVE-2004-1012

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memo...

10CVSS9.3AI score0.10245EPSS

CVE•added 2005/02/13 5:0 a.m.•54 views

CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

7.1CVSS7.7AI score0.05947EPSS

CVE•added 2003/08/27 4:0 a.m.•49 views

CVE-2003-0615

Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.

4.3CVSS5.4AI score0.07248EPSS