Propack Security Vulnerabilities and Issues — Propack CVE List

Lucene search

SgiPropack

20 matches found

CVE•added 2004/08/06 4:0 a.m.•413 views

CVE-2004-0492

Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

10CVSS8.1AI score0.19739EPSS

CVE•added 2004/08/18 4:0 a.m.•105 views

CVE-2004-0521

SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

10CVSS7.5AI score0.0614EPSS

CVE•added 2004/08/18 4:0 a.m.•84 views

CVE-2004-0234

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testin...

10CVSS7.5AI score0.08482EPSS

CVE•added 2004/08/18 4:0 a.m.•80 views

CVE-2004-0235

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

6.4CVSS6.5AI score0.06964EPSS

CVE•added 2004/08/18 4:0 a.m.•69 views

CVE-2004-0226

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

10CVSS7AI score0.01177EPSS

CVE•added 2004/08/06 4:0 a.m.•63 views

CVE-2004-0418

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.

10CVSS7.3AI score0.14279EPSS

CVE•added 2004/08/18 4:0 a.m.•62 views

CVE-2004-0523

Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

10CVSS9.8AI score0.13596EPSS

CVE•added 2004/08/06 4:0 a.m.•62 views

CVE-2004-0639

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $ev...

6.8CVSS5.8AI score0.04755EPSS

CVE•added 2004/08/06 4:0 a.m.•60 views

CVE-2004-0416

Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.

10CVSS7AI score0.43031EPSS

CVE•added 2004/08/18 4:0 a.m.•58 views

CVE-2004-0519

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

6.8CVSS6.2AI score0.00124EPSS

CVE•added 2004/08/18 4:0 a.m.•55 views

CVE-2004-0233

Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

2.1CVSS6AI score0.00213EPSS

CVE•added 2004/08/06 4:0 a.m.•55 views

CVE-2004-0417

Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.

5CVSS6.5AI score0.04491EPSS

CVE•added 2004/08/18 4:0 a.m.•55 views

CVE-2004-0520

Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

6.8CVSS5.6AI score0.18726EPSS

CVE•added 2004/08/18 4:0 a.m.•53 views

CVE-2004-0232

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

5CVSS7.1AI score0.01032EPSS

CVE•added 2004/08/06 4:0 a.m.•53 views

CVE-2004-0414

CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

10CVSS7AI score0.05252EPSS

CVE•added 2004/08/18 4:0 a.m.•53 views

CVE-2004-0504

Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

5CVSS6.3AI score0.0378EPSS

CVE•added 2004/08/18 4:0 a.m.•49 views

CVE-2004-0505

The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

5CVSS6.2AI score0.03072EPSS

CVE•added 2004/08/18 4:0 a.m.•48 views

CVE-2004-0231

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

2.1CVSS6.4AI score0.00092EPSS

CVE•added 2004/08/18 4:0 a.m.•44 views

CVE-2004-0507

Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

10CVSS7.4AI score0.03018EPSS

CVE•added 2004/08/18 4:0 a.m.•43 views

CVE-2004-0506

The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

5CVSS6.2AI score0.0371EPSS