National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 133,428 matching records.
Displaying matches 122861 through 122880.
Vuln ID Summary CVSS Severity
CVE-2004-1108

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1109

The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1110

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 2.1 LOW
CVE-2004-1111

Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1112

The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 5.1 MEDIUM
CVE-2004-1113

SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1114

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 9.3 HIGH
CVE-2004-1115

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2004-1116

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2004-1117

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 7.2 HIGH
CVE-2004-1118

Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1119

Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1120

Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1122

Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 7.5 HIGH
CVE-2004-1123

Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 5.0 MEDIUM
CVE-2004-1125

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 9.3 HIGH
CVE-2004-1127

Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1128

Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1129

SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and possibly (3) postmail.asp and (4) fmvmail.asp in CMailServer 5.2 allow remote attackers to inject arbitrary SQL commands and delete mail metadata or e-mail addresses of contacts via the indexOfMail parameter.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 10.0 HIGH
CVE-2004-1130

Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5.2 allows remote attackers to execute arbitrary web script or HTML via personal information fields, such as (1) username, (2) name, or (3) comments.

Published: January 10, 2005; 12:00:00 AM -05:00
    V2: 6.8 MEDIUM