Unknown · CVSS Not scored
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earlier allows remote attackers to modify product prices by changing the price parameter.
Published Sep 12, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
Published Sep 1, 2004 · Updated Aug 8, 2024