Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:trustix:secure_linux:2.0:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 47 matching records.
Displaying matches 41 through 47.
Vuln ID Summary CVSS Severity
CVE-2004-0594

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Published: July 27, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.1 MEDIUM
CVE-2004-0595

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Published: July 27, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2004-0600

Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.

Published: July 27, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2004-0686

Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors.

Published: July 27, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2004-0488

Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN.

Published: July 07, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-2044

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.

Published: June 01, 2004; 12:00:00 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2004-0077

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

Published: March 03, 2004; 12:00:00 AM -0500
V3.x:(not available)
V2.0: 7.2 HIGH