Lista CVE - 2004 / Gennaio
Visualizzazione 1 - 68 di 68 CVE per Gennaio 2004 (Pagina 1 di 1)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2003-1023 | 2004-01-06 | Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion. |
| CVE-2003-1024 | 2004-01-06 | Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges. |
| CVE-2003-1025 | 2004-01-06 | Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof the domain of a URL via a "%01" character before an @ sign in the user@domain portion of the... |
| CVE-2003-0696 | 2004-01-08 | The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close sockets, which allows attackers to cause a denial of service (resource exhaustion). |
| CVE-2003-0904 | 2004-01-08 | Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured to use NTLM authentication, does not properly reuse HTTP connections, which can cause OWA users to view mailboxes of other... |
| CVE-2003-1026 | 2004-01-08 | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed... |
| CVE-2003-1027 | 2004-01-08 | Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access... |
| CVE-2003-1028 | 2004-01-08 | The download function of Internet Explorer 6 SP1 allows remote attackers to obtain the cache directory name via an HTTP response with an invalid ContentType and a .htm file, which... |
| CVE-2004-0014 | 2004-01-08 | Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings. |
| CVE-2004-0029 | 2004-01-08 | Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. |
| CVE-2004-0030 | 2004-01-08 | PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to... |
| CVE-2004-0034 | 2004-01-08 | Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError... |
| CVE-2004-0037 | 2004-01-08 | FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. |
| CVE-2002-0712 | 2004-01-14 | Entrust Authority Security Manager (EASM) 6.0 does not properly require multiple master users to change the password of a master user, which could allow a master user to perform operations... |
| CVE-2003-0119 | 2004-01-14 | The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socket when communicating with the loadmodule, which allows remote attackers to directly connect to the daemon and conduct... |
| CVE-2003-0175 | 2004-01-14 | SGI IRIX before 6.5.21 allows local users to cause a denial of service (kernel panic) via a certain call to the PIOCSWATCH ioctl. |
| CVE-2003-0368 | 2004-01-14 | Nokia Gateway GPRS support node (GGSN) allows remote attackers to cause a denial of service (kernel panic) via a malformed IP packet with a 0xFF TCP option. |
| CVE-2003-0814 | 2004-01-14 | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and execute Javascript by setting the window's "href" to the malicious Javascript, then calling execCommand("Refresh") to refresh... |
| CVE-2003-0815 | 2004-01-14 | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions and read arbitrary files by (1) modifying the createTextRange method and using CreateLink, as demonstrated using LinkillerSaveRef,... |
| CVE-2003-0816 | 2004-01-14 | Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU,... |
| CVE-2003-0817 | 2004-01-14 | Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions and read arbitrary files via an XML object. |
| CVE-2003-0823 | 2004-01-14 | Internet Explorer 6 SP1 and earlier allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by calling the window.moveBy method, aka HijackClick,... |
| CVE-2003-0949 | 2004-01-14 | xsok 1.02 does not properly drop privileges before finding and executing the "gunzip" program, which allows local users to execute arbitrary commands. |
| CVE-2004-0017 | 2004-01-14 | Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. |
| CVE-2004-0041 | 2004-01-14 | The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions. |
| CVE-2004-0042 | 2004-01-14 | vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. |
| CVE-2004-0043 | 2004-01-14 | Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the... |
| CVE-2004-0046 | 2004-01-14 | Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. |
| CVE-2002-0034 | 2004-01-14 | The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windows XP systems, does not apply the default NTFS permissions when converting a FAT32 file system, which could cause the... |
| CVE-2003-0902 | 2004-01-14 | Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and possibly other versions, allows remote attackers to execute arbitrary commands. |
| CVE-2003-0819 | 2004-01-15 | Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic,... |
| CVE-2003-0965 | 2004-01-15 | Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. |
| CVE-2003-0989 | 2004-01-15 | tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. |
| CVE-2003-0992 | 2004-01-15 | Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. |
| CVE-2003-1029 | 2004-01-15 | The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to... |
| CVE-2003-1030 | 2004-01-15 | Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. |
| CVE-2004-0054 | 2004-01-15 | Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by... |
| CVE-2004-0055 | 2004-01-15 | The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. |
| CVE-2004-0056 | 2004-01-15 | Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers... |
| CVE-2004-0057 | 2004-01-15 | The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that... |
| CVE-2004-0058 | 2004-01-15 | Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. |
| CVE-2004-0059 | 2004-01-15 | Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter... |
| CVE-2004-0060 | 2004-01-15 | WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. |
| CVE-2004-0061 | 2004-01-15 | WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a... |
| CVE-2004-0062 | 2004-01-15 | Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. |
| CVE-2004-0064 | 2004-01-15 | The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. |
| CVE-2004-0065 | 2004-01-15 | Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. |
| CVE-2004-0066 | 2004-01-15 | phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6)... |
| CVE-2004-0067 | 2004-01-15 | Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php,... |
| CVE-2004-0069 | 2004-01-15 | Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by... |
| CVE-2004-0071 | 2004-01-15 | Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. |
| CVE-2004-0072 | 2004-01-15 | Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request. |
| CVE-2004-0073 | 2004-01-15 | PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a... |
| CVE-2003-0700 | 2004-01-22 | The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation... |
| CVE-2004-0074 | 2004-01-22 | Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability... |
| CVE-2004-0091 | 2004-01-22 | NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script... |
| CVE-2003-1031 | 2004-01-22 | Cross-site scripting (XSS) vulnerability in register.php for vBulletin 3.0 Beta 2 allows remote attackers to inject arbitrary HTML or web script via optional fields such as (1) "Interests-Hobbies", (2) "Biography",... |
| CVE-2003-1032 | 2004-01-26 | Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured to use the "Name" column and sort using the column title as a hyperlink, allows remote attackers to... |
| CVE-2004-0006 | 2004-01-29 | Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in... |
| CVE-2004-0007 | 2004-01-29 | Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause... |
| CVE-2004-0008 | 2004-01-29 | Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that... |
| CVE-2004-0047 | 2004-01-29 | Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges. |
| CVE-2004-0085 | 2004-01-29 | Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. |
| CVE-2004-0086 | 2004-01-29 | Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. |
| CVE-2004-0087 | 2004-01-29 | The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. |
| CVE-2004-0088 | 2004-01-29 | The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. |
| CVE-2004-0092 | 2004-01-29 | Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. |
| CVE-2003-0987 | 2004-02-03 | mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret. |
| CVE-2004-0002 | 2004-02-03 | The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number... |
| CVE-2004-0003 | 2004-02-03 | Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." |
| CVE-2004-0005 | 2004-02-03 | Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null... |
| CVE-2004-0127 | 2004-02-04 | Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences... |
| CVE-2004-0130 | 2004-02-04 | login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which... |
| CVE-2002-1575 | 2004-02-11 | cgiemail allows remote attackers to use cgiemail as a spam proxy via CRLF injection of encoded newline (%0a) characters in parameters such as "required-subject," which can be used to modify... |
| CVE-2003-0818 | 2004-02-11 | Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to... |
| CVE-2004-0039 | 2004-02-11 | Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2,... |
| CVE-2004-0103 | 2004-02-11 | crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of... |
| CVE-2004-0083 | 2004-02-14 | Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long... |
| CVE-2004-0084 | 2004-02-14 | Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry... |
| CVE-2004-0132 | 2004-02-14 | Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp]... |
| CVE-2004-0143 | 2004-02-14 | Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. |
| CVE-2004-0106 | 2004-02-16 | Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. |
| CVE-2003-0441 | 2004-02-19 | Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges. |
| CVE-2004-0010 | 2004-02-19 | Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. |
| CVE-2004-0097 | 2004-02-19 | Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the... |
| CVE-2004-0104 | 2004-02-19 | Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. |
| CVE-2004-0105 | 2004-02-19 | Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. |
| CVE-2004-0164 | 2004-02-19 | KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c... |
| CVE-2004-0172 | 2004-02-23 | Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is... |
| CVE-2004-0110 | 2004-03-04 | Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. |
| CVE-2004-0166 | 2004-03-04 | Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." |
| CVE-2004-0168 | 2004-03-04 | Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." |
| CVE-2004-0192 | 2004-03-04 | Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains... |
| CVE-2003-0170 | 2004-03-10 | Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use Kerberos 5 for authentication, allows remote attackers to gain privileges via unknown attack vectors. |
| CVE-2003-0444 | 2004-03-10 | Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attackers to execute arbitrary code via a PNG image of certain color depths. |
| CVE-2003-0601 | 2004-03-10 | Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does not disable a password for a new account before it is saved for the first time, which allows... |
| CVE-2003-0607 | 2004-03-10 | Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the (1) USER or (2) DISPLAY environment variables. |
| CVE-2003-0612 | 2004-03-10 | Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin. |
| CVE-2003-0796 | 2004-03-10 | Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 allows remote attackers to mount from unprivileged ports even with the -n option disabled. |
| CVE-2003-0797 | 2004-03-10 | Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 allows remote attackers to cause a denial of service (process death) via unknown attack vectors. |