Количество 309 169
Количество 309 169
CVE-2004-1124
Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities.
CVE-2004-1123
Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte.
CVE-2004-1122
Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314.
CVE-2004-1121
Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags.
CVE-2004-1120
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
CVE-2004-1119
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
CVE-2004-1118
Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.
CVE-2004-1117
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
CVE-2004-1116
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
CVE-2004-1115
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
CVE-2004-1114
Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777.
CVE-2004-1113
SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses.
CVE-2004-1112
The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period.
CVE-2004-1111
Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size.
CVE-2004-1110
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.
CVE-2004-1109
The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field.
CVE-2004-1108
qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.
CVE-2004-1107
dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2004-1106
Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.
CVE-2004-1105
Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information.
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2004-1124 Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. | CVSS2: 4.6 | 0% Низкий | больше 21 года назад |
| CVE-2004-1123 Darwin Streaming Server 5.0.1, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via a DESCRIBE request with a location that contains a null byte. | CVSS2: 5 | 1% Низкий | больше 20 лет назад |
| CVE-2004-1122 Safari 1.x to 1.2.4, and possibly other versions, allows inactive windows to launch dialog boxes, which can allow remote attackers to spoof the dialog boxes from web sites in other windows, aka the "Dialog Box Spoofing Vulnerability," a different vulnerability than CVE-2004-1314. | CVSS2: 7.5 | 1% Низкий | больше 20 лет назад |
| CVE-2004-1121 Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the URL displayed in the status bar via TABLE tags. | CVSS2: 5 | 3% Низкий | почти 21 год назад |
| CVE-2004-1120 Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header. | CVSS2: 10 | 10% Средний | больше 20 лет назад |
| CVE-2004-1119 Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file. | CVSS2: 10 | 52% Средний | больше 20 лет назад |
| CVE-2004-1118 Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename. | CVSS2: 10 | 14% Средний | больше 20 лет назад |
| CVE-2004-1117 The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | CVSS2: 7.2 | 0% Низкий | больше 20 лет назад |
| CVE-2004-1116 The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | CVSS2: 7.2 | 0% Низкий | больше 20 лет назад |
| CVE-2004-1115 The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. | CVSS2: 7.2 | 0% Низкий | больше 20 лет назад |
| CVE-2004-1114 Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a different vulnerability than CVE-2004-1777. | CVSS2: 9.3 | 15% Средний | больше 20 лет назад |
| CVE-2004-1113 SQL injection vulnerability in SQLgrey Postfix greylisting service before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) sender or (2) recipient e-mail addresses. | CVSS2: 10 | 1% Низкий | больше 20 лет назад |
| CVE-2004-1112 The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 build 728 waits five minutes for a user response before terminating the process, which could allow remote attackers to bypass the buffer overflow protection by sending additional buffer overflow attacks within the five minute timeout period. | CVSS2: 5.1 | 1% Низкий | больше 20 лет назад |
| CVE-2004-1111 Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 12.2(18)SV, 12.2(18)SW, and other versions without the "no service dhcp" command, keep undeliverable DHCP packets in the queue instead of dropping them, which allows remote attackers to cause a denial of service (dropped traffic) via multiple undeliverable DHCP packets that exceed the input queue size. | CVSS2: 5 | 3% Низкий | больше 20 лет назад |
| CVE-2004-1110 The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. | CVSS2: 2.1 | 0% Низкий | больше 20 лет назад |
| CVE-2004-1109 The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allows remote attackers to cause a denial of service (CPU consumption and system freeze from infinite loop) via a (1) TCP, (2) UDP, or (3) ICMP packet with a zero length IP Option field. | CVSS2: 5 | 5% Низкий | больше 20 лет назад |
| CVE-2004-1108 qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. | CVSS2: 2.1 | 0% Низкий | больше 20 лет назад |
| CVE-2004-1107 dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files. | CVSS2: 2.1 | 0% Низкий | больше 20 лет назад |
| CVE-2004-1106 Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. | CVSS2: 6.8 | 2% Низкий | больше 20 лет назад |
| CVE-2004-1105 Nortel Networks Contivity VPN Client displays a different error message depending on whether the username is valid or invalid, which could allow remote attackers to gain sensitive information. | CVSS2: 5 | 4% Низкий | больше 20 лет назад |
Уязвимостей на страницу