LiveActive security incident?Get immediate response
CVE archive

May 2004

Browse CVE records published in May 2004, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 410 matching CVEs · Page 2 of 9.

Unknown · CVSS Not scored

CVE-2004-2093: Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users...

Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.

Published May 19, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2097: Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (...

Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbitrary files via a symlink attack on (1) /tmp/fvwm-bug created by fvwm-bug, (2) /tmp/wmmenu created by wm-oldmenu2new, (3) /tmp/rates created by x11perfcomp, (4) /tmp/xf86debug.1.log created by xf86debug, (5) /tmp/.winpopup-new created by winpopup-send.sh, or (6) /tmp/initrd created by lvmcreate_initrd.

Published May 27, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2103: Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote...

Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attackers to process arbitrary script or HTML as other users via (1) a malformed request for a Perl program with script in the filename, (2) the User.id parameter to the webacc servlet, (3) the GWAP.version parameter to webacc, or (4) a URL request for a .bas file with script in the filename.

Published May 27, 2005 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2004-2059: Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary w...

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp, or (4) SQL parameter in export.asp.

Published May 10, 2005 · Updated Aug 8, 2024