Unknown · CVSS Not scored
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients.
Published Sep 24, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients.
Published Sep 24, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients.
Published Sep 24, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
Published Sep 1, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
Published Sep 1, 2004 · Updated Aug 8, 2024