cpe:/o:cisco:ios:12.1%283%29 cpe:/o:cisco:ios:12.1%283%29t CVE-2004-1776 2001-02-28T00:00:00.000-05:00 2008-09-05T16:42:19.710-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-30T20:49:00.000-04:00 ALLOWS_OTHER_ACCESS CERT-VN VU#840665 XF cisco-ios-cable-docsis(6180) CISCO 20041008 Cisco IOS Software Multiple SNMP Community String Vulnerabilities Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and modify device configuration data via the cable-docsis read-write community string used by the Data Over Cable Service Interface Specification (DOCSIS) standard. cpe:/a:webcam_corp:webcam_watchdog:1.0 cpe:/a:webcam_corp:webcam_watchdog:1.1 cpe:/a:webcam_corp:webcam_watchdog:3.63 CVE-2004-1784 2004-01-03T00:00:00.000-05:00 2008-09-05T16:42:20.897-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-30T20:31:00.000-04:00 ALLOWS_USER_ACCESS SECUNIA 10527 XF webcam-watchdog-get-bo(14131) MISC http://www.webcamsoft.com/en/watchdog_h.html BID 9351 BUGTRAQ 20040103 Webcam Watchdog Stack Overflow Vulnerability OSVDB 3312 MISC http://www.elitehaven.net/webcamwatchdog.txt Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. cpe:/a:invision_power_services:invision_board:1.3 cpe:/a:invision_power_services:invision_board:1.2 cpe:/a:invision_power_services:invision_board:1.0.1 cpe:/a:invision_power_services:invision_board:1.0 cpe:/a:invision_power_services:invision_board:1.1.1 cpe:/a:invision_power_services:invision_board:1.1.2 CVE-2004-1785 2004-01-03T00:00:00.000-05:00 2008-09-05T16:42:21.053-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-30T19:43:00.000-04:00 ALLOWS_OTHER_ACCESS BID 9353 OSVDB 3319 SECUNIA 10530 BUGTRAQ 20040103 [SCSA-025] Invision Power Board SQL Injection Vulnerability SECTRACK 1008589 SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. cpe:/a:iatek:portalapp CVE-2004-1786 2004-01-04T00:00:00.000-05:00 2008-09-05T16:42:21.210-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-05-30T19:38:00.000-04:00 XF portalapp-url-access-database(14169) BID 9354 SECTRACK 1008627 PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb. cpe:/a:debian:lintian:1.2_0.17.1 CVE-2004-1000 2004-01-10T00:00:00.000-05:00 2008-09-05T16:40:02.827-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-06-17T14:29:00.000-04:00 XF lintian-symlink(18808) SECUNIA 13771 lintian 1.23 and earlier removes the working directory even if it was not created by lintian, which may allow local users to delete arbitrary files or directories via a symlink attack. cpe:/o:sco:openserver:5.0.7 cpe:/o:sco:unixware:7.1.1 cpe:/o:sco:unixware:7.1.3 cpe:/o:sco:unixware:7.1.4 cpe:/o:sco:openserver:5.0.6 CVE-2004-1124 2004-01-14T00:00:00.000-05:00 2008-09-05T16:40:27.263-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-06-17T18:52:00.000-04:00 XF chroot-jail-security-bypass(18970) SCO SCOSA-2005.2 BID 12300 SECUNIA 15339 SECUNIA 13915 SCO SCOSA-2005.22 Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 allows local users to escape the chroot jail and conduct unauthorized activities. cpe:/o:hp:hp-ux:11.4 cpe:/o:hp:hp-ux:11.22 cpe:/o:hp:hp-ux:11.11 cpe:/o:hp:hp-ux:11.00 CVE-2004-1764 2004-01-14T00:00:00.000-05:00 2009-03-04T00:26:14.877-05:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2005-05-30T21:36:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#406406 XF hp-libdtsvc-bo(14828) HP HPSBUX0401-308 CIAC O-057 Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors. cpe:/a:debian:fsp:2.81.b18 CVE-2004-0011 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:18.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9377 DEBIAN DSA-416 XF fsp-boundry-error-bo(14155) CIAC O-048 Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. cpe:/a:nd:nd:0.8.2 CVE-2004-0014 2004-01-20T00:00:00.000-05:00 2008-09-10T15:24:50.710-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9365 DEBIAN DSA-412 XF nd-long-string-bo(14141) SECTRACK 1008616 SECUNIA 10550 SECUNIA 10549 Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings. cpe:/a:opentext:opentext_firstclass_desktop_client:7.1 CVE-2004-0037 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:20.303-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF firstclassclient-execute-code(14151) BID 9370 OSVDB 3442 SECUNIA 10556 BUGTRAQ 20040105 FirstClass Client 7.1: Command Execution via Email Web Link SECTRACK 1008609 FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. cpe:/a:jelsoft:vbulletin:2.3.0 CVE-2004-0036 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:20.163-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection XF vbulletin-calendar-sql-injection(14144) CONFIRM http://www.vbulletin.com/forum/showthread.php?postid=588825 BID 9360 OSVDB 3344 SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. cpe:/a:phorum:phorum:3.4.5 CVE-2004-0035 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:20.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF phorum-register-sql-injection(14146) BID 9363 BUGTRAQ 20040105 Multiple Vulnerabilities in Phorum 3.4.5 OSVDB 3508 SECUNIA 10567 SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. cpe:/a:phorum:phorum:3.4.5 CVE-2004-0034 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.867-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF phorum-common-xss(14145) BID 9361 SECUNIA 10567 CONFIRM http://phorum.org/ BUGTRAQ 20040105 Multiple Vulnerabilities in Phorum 3.4.5 SECTRACK 1008633 OSVDB 3510 OSVDB 3506 OSVDB 3434 Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0033 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.727-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem XF phpgedview-admin-info-disclosure(14162) BID 9371 OSVDB 3404 SECUNIA 10565 admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0032 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.570-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem XF phpgedview-search-xss(14160) BID 9369 OSVDB 3402 SECUNIA 10565 Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0031 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.430-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem XF phpgedview-modify-admin-password(14161) OSVDB 3403 SECUNIA 10565 PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0030 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF phpgedview-pgvbasedirectory-file-include(14159) BID 9368 OSVDB 3343 SECUNIA 10565 BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem SECTRACK 1008632 PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code. cpe:/a:ibm:lotus_domino:6.0.2 CVE-2004-0029 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.133-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF lotus-notes-insecure-permissions(14153) BID 9366 SECTRACK 1008623 OSVDB 3424 MISC http://www.excluded.org/advisories/advisory05.txt SECUNIA 10566 BUGTRAQ 20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. CVE-2004-1766 2004-01-20T00:00:00.000-05:00 2008-09-05T16:42:17.943-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-05-30T21:32:00.000-04:00 CONFIRM http://www.kb.cert.org/vuls/id/CRDY-5VEU8N CERT-VN VU#927630 XF netscreen-information-disclosure(14886) BID 9455 SECUNIA 10675 OSVDB 3613 CONFIRM http://www.juniper.net/support/security/alerts/58290.txt The default installation of NetScreen-Security Manager before Feature Pack 1 does not enable encryption for communication with devices running ScreenOS 5.0, which allows remote attackers to obtain sensitive information via sniffing. cpe:/a:leif_m._wright:web_blog:1.1 CVE-2004-2127 2004-01-20T00:00:00.000-05:00 2008-09-05T16:43:16.267-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-05-27T16:14:00.000-04:00 XF webblog-dotdot-directory-traversal(14978) MISC http://www.zone-h.org/en/advisories/read/id=3822/ BID 9517 BUGTRAQ 20040128 ZH2004-01SA (security advisory): Web Blog 1.1 Remote arbitrary OSVDB 3739 SECUNIA 10740 Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. cpe:/h:ibm:mcs-7815i-2.0 cpe:/h:cisco:call_manager:1.0 cpe:/a:cisco:personal_assistant:1.3%282%29 cpe:/h:cisco:call_manager:3.1%282%29 cpe:/a:cisco:personal_assistant:1.3%284%29 cpe:/a:cisco:personal_assistant:1.4%282%29 cpe:/h:cisco:call_manager:3.1%283a%29 cpe:/h:ibm:x345 cpe:/h:ibm:mcs-7815-1000 cpe:/h:ibm:x340 cpe:/h:ibm:x330:8674 cpe:/h:ibm:x342 cpe:/h:ibm:x330:8654 cpe:/a:cisco:ip_call_center_express_standard:3.0 cpe:/h:cisco:call_manager:2.0 cpe:/o:cisco:conference_connection:1.1%281%29 cpe:/a:cisco:ip_call_center_express_enhanced:3.0 cpe:/h:cisco:call_manager:3.0 cpe:/h:cisco:call_manager:3.3 cpe:/h:cisco:call_manager:3.1 cpe:/h:cisco:call_manager:3.2 cpe:/a:cisco:personal_assistant:1.3%283%29 cpe:/a:cisco:personal_assistant:1.4%281%29 cpe:/a:cisco:personal_assistant:1.3%281%29 cpe:/a:cisco:emergency_responder:1.1 cpe:/a:cisco:ip_interactive_voice_response:3.0 cpe:/o:cisco:conference_connection:1.2 cpe:/a:ibm:director_agent:2.2 cpe:/h:cisco:call_manager:3.3%283%29 cpe:/a:ibm:director_agent:3.11 cpe:/h:ibm:mcs-7835i-3.0 cpe:/h:ibm:mcs-7835i-2.4 cpe:/h:cisco:call_manager:4.0 cpe:/h:cisco:internet_service_node CVE-2004-1759 2004-01-21T00:00:00.000-05:00 2008-09-05T16:42:16.630-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-31T08:43:00.000-04:00 CERT-VN VU#721092 BID 9469 CISCO 20040121 Voice Product Vulnerabilities on IBM Servers SECUNIA 10696 XF ciscovoice-ibmservers-dos(14901) SECTRACK 1008814 OSVDB 3691 CIAC O-066 Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, allows remote attackers to cause a denial of service (CPU consumption) via arbitrary packets to TCP port 14247, as demonstrated using port scanning. cpe:/h:ibm:mcs-7815i-2.0 cpe:/h:cisco:call_manager:1.0 cpe:/a:cisco:personal_assistant:1.3%282%29 cpe:/h:cisco:call_manager:3.1%282%29 cpe:/a:cisco:personal_assistant:1.3%284%29 cpe:/a:cisco:personal_assistant:1.4%282%29 cpe:/h:cisco:call_manager:3.1%283a%29 cpe:/h:ibm:x345 cpe:/h:ibm:mcs-7815-1000 cpe:/h:ibm:x340 cpe:/h:ibm:x330:8674 cpe:/h:ibm:x342 cpe:/h:ibm:x330:8654 cpe:/a:cisco:ip_call_center_express_standard:3.0 cpe:/h:cisco:call_manager:2.0 cpe:/o:cisco:conference_connection:1.1%281%29 cpe:/a:cisco:ip_call_center_express_enhanced:3.0 cpe:/h:cisco:call_manager:3.0 cpe:/h:cisco:call_manager:3.3 cpe:/h:cisco:call_manager:3.1 cpe:/h:cisco:call_manager:3.2 cpe:/a:cisco:personal_assistant:1.3%283%29 cpe:/a:cisco:personal_assistant:1.4%281%29 cpe:/a:cisco:personal_assistant:1.3%281%29 cpe:/a:cisco:emergency_responder:1.1 cpe:/a:cisco:ip_interactive_voice_response:3.0 cpe:/o:cisco:conference_connection:1.2 cpe:/a:ibm:director_agent:2.2 cpe:/h:cisco:call_manager:3.3%283%29 cpe:/a:ibm:director_agent:3.11 cpe:/h:ibm:mcs-7835i-3.0 cpe:/h:ibm:mcs-7835i-2.4 cpe:/h:cisco:call_manager:4.0 cpe:/h:cisco:internet_service_node CVE-2004-1760 2004-01-21T00:00:00.000-05:00 2008-09-05T16:42:16.867-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2005-05-31T08:40:00.000-04:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#602734 XF ciscovoice-ibmservers-admin-access(14900) BID 9468 CISCO 20040121 Voice Product Vulnerabilities on IBM Servers SECUNIA 10696 SECTRACK 1008814 OSVDB 3692 CIAC O-066 The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247. cpe:/a:reptile_web_server:reptile_web_server:2002-01-05 CVE-2004-2120 2004-01-23T00:00:00.000-05:00 2008-09-05T16:43:15.143-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-27T16:33:00.000-04:00 XF reptilewebserver-get-dos(14932) BID 9482 MISC http://www.autistici.org/fdonato/advisory/reptilewsDailyVersion-adv.txt SECTRACK 1008842 BUGTRAQ 20040124 Resources consumption in Reptile webserver daily version Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. cpe:/a:tinyserver:tinyserver:1.1 CVE-2004-2117 2004-01-24T00:00:00.000-05:00 2008-09-10T15:32:59.197-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-27T16:46:00.000-04:00 XF tinyserver-string-dos(14928) BID 9485 MISC http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt BUGTRAQ 20040124 Tiny Server 1.1 (1.0.5) Multiple Vulnerabilities OSVDB 3709 SECUNIA 10707 Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET or the HTTP version. cpe:/a:intra_forum:intra_forum CVE-2004-2122 2004-01-24T00:00:00.000-05:00 2009-01-29T00:35:46.267-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-05-27T16:25:00.000-04:00 XF intraforum-intraforumcgi-xss(14933) SECTRACK 1008839 BUGTRAQ 20040124 Inrtra Forum Cross Site Scripting Vulnerabillity Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. cpe:/a:ibm:informix_dynamic_server:9.40.uc2 cpe:/a:ibm:informix_dynamic_server:9.40.uc1 cpe:/a:ibm:informix_extended_parallel_server:8.40_uc1 CVE-2004-2131 2004-01-27T00:00:00.000-05:00 2008-09-05T16:43:16.910-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2005-05-27T15:58:00.000-04:00 ALLOWS_ADMIN_ACCESS BID 9512 CONFIRM http://www-1.ibm.com/support/docview.wss?uid=swg21153336 BUGTRAQ 20040129 ----------========== OPEN3S-2003-08-08-eng-informix-ontape XF informix-ontape-binary-bo(14970) OSVDB 3759 SECUNIA 10737 Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable. cpe:/a:oracle:application_server:9.0.2.3 cpe:/a:oracle:application_server:9.0.2 cpe:/a:oracle:application_server:9.0.3 cpe:/a:oracle:application_server:9.0.2.2 cpe:/a:oracle:application_server:9.0.2.1 cpe:/a:oracle:application_server:9.0.2.0.0 cpe:/a:oracle:application_server:9.0.2.0.1 CVE-2004-2134 2004-01-28T00:00:00.000-05:00 2008-09-05T16:43:17.377-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-27T15:40:00.000-04:00 ALLOWS_OTHER_ACCESS BID 9515 VULN-DEV 20040128 Re: Oracle toplink mapping workbench password algorithm MISC http://www.planet-source-code.com/vb/scripts/ShowCode.asp?txtCodeId=803&lngWId=5 BUGTRAQ 20040128 Oracle toplink mapping workbench password algorithm BUGTRAQ 20040128 Re: Oracle toplink mapping workbench password algorithm Oracle toplink mapping workBench uses a weak encryption algorithm for passwords, which allows local users to decrypt the passwords. cpe:/a:wildtangent:webdriver:4.0 CVE-2004-2034 2004-01-29T00:00:00.000-05:00 2008-09-05T16:43:01.473-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-25T16:57:00.000-04:00 ALLOWS_USER_ACCESS XF wildtangent-wthoster-webdriver-bo(16266) BID 10421 OSVDB 6445 MISC http://www.ngssoftware.com/advisories/wildtangent.txt SECUNIA 11727 BUGTRAQ 20040527 WildTangent Web Driver Long FileName Stack Overflow Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename. cpe:/a:pj_cgi_neo_review:pj_cgi_neo_review CVE-2004-2132 2004-01-29T00:00:00.000-05:00 2008-09-05T16:43:17.067-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-05-27T15:52:00.000-04:00 XF pjcgineoreview-dotdot-directory-traversal(14980) MISC http://www.zone-h.org/advisories/read/id=3824 BID 9524 BUGTRAQ 20040129 ZH2004-02SA (security advisory): PJ CGI Neo review (NeoBoard review) Remote arbitrary file retrieving SECUNIA 10734 OSVDB 3746 Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo review allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. cpe:/a:cvsup:cvsup:cvsup-16.1h-43.i586.rpm cpe:/a:cvsup:cvsup:cvsup-16.1h-36.i586.rpm cpe:/a:cvsup:cvsup:cvsup-16.1h-2.i386.rpm CVE-2004-2133 2004-01-29T00:00:00.000-05:00 2008-09-05T16:43:17.220-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-27T15:47:00.000-04:00 ALLOWS_USER_ACCESS XF cvsup-rpath-gain-privileges(14994) BID 9523 BUGTRAQ 20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs VULNWATCH 20040129 Security Announcement: untrusted ELF library path in some cvsup binary RPMs Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages. cpe:/a:samba:jitterbug:1.6.2 CVE-2004-0028 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-420 BID 9397 XF jitterbug-execute-code(14207) jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. cpe:/a:phpgroupware:phpgroupware:0.9.14 CVE-2004-0017 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.773-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-419 BID 9386 SECTRACK 1008662 SECUNIA 10591 Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. cpe:/a:phpgroupware:phpgroupware:0.9.14 CVE-2004-0016 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.633-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-419 BID 9387 XF phpgroupware-calendar-file-include(13489) OSVDB 6860 The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. cpe:/a:vbox3:vbox3:0.1.8 CVE-2004-0015 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.477-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS DEBIAN DSA-418 BID 9381 XF vbox3-gain-privileges(14170) vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. cpe:/a:jabber_software_foundation:jabber_server:1.4.2a cpe:/a:jabber_software_foundation:jabber_server:1.4.3 CVE-2004-0013 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.180-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MANDRAKE MDKSA-2004:005 DEBIAN DSA-414 XF jabber-ssl-connections-dos(14158) BID 9376 OSVDB 3345 SECUNIA 10559 jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). CVE-2004-0046 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.697-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF snapstream-quotation-xss(14164) BID 9375 OSVDB 3440 SECTRACK 1008646 SECUNIA 10575 BUGTRAQ 20040106 SnapStream PVS LITE Cross Site Scripting Vulnerabillity Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. cpe:/a:isc:inn:2.4.0 CVE-2004-0045 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.553-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#759020 BID 9382 BUGTRAQ 20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn) BUGTRAQ 20040107 [SECURITY] INN: Buffer overflow in control message handling XF inn-artpost-control-message-bo(14190) SLACKWARE SSA:2004-014-02 SECUNIA 10578 Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. cpe:/a:cisco:personal_assistant:1.4%281%29 cpe:/a:cisco:personal_assistant:1.4%282%29 CVE-2004-0044 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CISCO 20040108 Cisco Personal Assistant User Password Bypass Vulnerability XF ciscopersonalassistant-config-file-access(14172) BID 9384 OSVDB 3430 Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. cpe:/a:yahoo:messenger:5.6.0.1351 CVE-2004-0043 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.243-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9383 FULLDISC 20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow XF yahoo-messenger-filename-bo(14171) SECTRACK 1008651 OSVDB 3437 SECUNIA 10573 BUGTRAQ 20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. cpe:/a:beasts:vsftpd:1.1.3 CVE-2004-0042 2004-02-03T00:00:00.000-05:00 2008-09-10T15:24:55.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008628 vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. cpe:/a:mod_auth_shadow:mod_auth_shadow:1.0 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.2 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.1 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.3 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.4 CVE-2004-0041 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:20.947-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-421 SECTRACK 1008675 BID 9404 OSVDB 3454 SECUNIA 10612 The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions. cpe:/a:avaya:communication_manager:1.3.1 cpe:/o:sun:solaris:9.0::sparc cpe:/a:avaya:mn100 cpe:/a:hp:virtualvault:4.6 cpe:/a:hp:virtualvault:4.5 cpe:/a:hp:virtualvault:4.7 cpe:/a:avaya:network_routing cpe:/a:apache:http_server:1.3.18 cpe:/a:apache:http_server:1.3.1 cpe:/o:sun:solaris:9.0::x86 cpe:/a:apache:http_server:1.3.17 cpe:/o:sun:solaris:8.0 cpe:/a:avaya:intuity_audix_lx cpe:/a:apache:http_server:1.3.19 cpe:/o:avaya:modular_messaging_message_storage_server:2.0 cpe:/a:apache:http_server:1.3.14 cpe:/a:hp:webproxy:a.02.00 cpe:/o:avaya:modular_messaging_message_storage_server:1.1 cpe:/a:apache:http_server:1.3.9 cpe:/a:avaya:communication_manager:2.0.1 cpe:/a:apache:http_server:1.3.12 cpe:/a:apache:http_server:1.3.11 cpe:/a:apache:http_server:1.3.6 cpe:/a:apple:apache_mod_digest_apple cpe:/a:apache:http_server:1.3.4 cpe:/a:apache:http_server:1.3.3 cpe:/a:apache:http_server:1.3.7::dev cpe:/o:sco:openserver:5.0.7 cpe:/a:avaya:communication_manager:2.0 cpe:/o:sco:openserver:5.0.6 cpe:/o:sun:solaris:8.0::x86 cpe:/a:avaya:communication_manager:1.1 cpe:/a:apache:http_server:1.3.27 cpe:/a:apache:http_server:1.3.26 cpe:/a:apache:http_server:1.3.25 cpe:/a:apache:http_server:1.3.24 cpe:/o:openbsd:openbsd:current cpe:/a:ibm:http_server:1.3.19 cpe:/a:apache:http_server:1.3.29 cpe:/a:apache:http_server:1.3.28 cpe:/o:openbsd:openbsd:3.4 cpe:/a:hp:webproxy:a.02.10 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.3.23 cpe:/a:apache:http_server:1.3.22 cpe:/o:openbsd:openbsd:3.5 cpe:/a:apache:http_server:1.3.20 CVE-2004-1082 2004-02-03T00:00:00.000-05:00 2008-09-05T16:40:19.187-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-06-17T17:15:00.000-04:00 ALLOWS_OTHER_ACCESS XF macos-moddigest-response-replay(18347) SECTRACK 1012414 BID 9571 CIAC P-049 APPLE APPLE-SA-2004-12-02 mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials. cpe:/a:brad_fears:phpcodecabinet:0.1 cpe:/a:brad_fears:phpcodecabinet:0.4 cpe:/a:brad_fears:phpcodecabinet:0.2 cpe:/a:brad_fears:phpcodecabinet:0.3 CVE-2004-2085 2004-02-04T00:00:00.000-05:00 2008-09-05T16:43:09.723-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-05-25T13:12:00.000-04:00 XF phpcodecabinet-multiple-xss(15190) BID 9645 BID 9601 OSVDB 3887 OSVDB 3886 OSVDB 3885 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=214860 CONFIRM http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/phpcc/header.php?r1=1.4&r2=1.5 CONFIRM http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/themes/facade/header.php?r1=1.4&r2=1.5 CONFIRM http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/input.php?r1=1.7&r2=1.8 CONFIRM http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/comments.php?r1=1.1&r2=1.2 CONFIRM http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/category.php?r1=1.4&r2=1.5 CONFIRM http://cvs.sourceforge.net/viewcvs.py/phpcodecabinet/phpcc/browse.php?r1=1.5&r2=1.6 OSVDB 16711 OSVDB 16710 SECTRACK 1009012 SECUNIA 10862 Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php. CVE-2004-2073 2004-02-06T00:00:00.000-05:00 2008-09-05T16:43:07.817-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2005-05-25T14:32:00.000-04:00 ALLOWS_ADMIN_ACCESS CONFIRM http://www.linux-vserver.org/index.php?page=ChangeLog XF linux-vserver-gain-privileges(15073) BID 9596 BUGTRAQ 20040206 Linux 2.4.24 with vserver 1.24 exploit OSVDB 3875 SECUNIA 10816 Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command. cpe:/a:sambar:sambar_server:6.0 cpe:/a:sambar:sambar_server:6.0:beta3 CVE-2004-2086 2004-02-06T00:00:00.000-05:00 2008-09-05T16:43:09.877-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T13:03:00.000-04:00 CONFIRM http://www.sambar.com/security.htm OSVDB 5786 XF sambar-http-post-bo(15071) BID 9607 VULN-DEV 20040207 Sambar 6.0 stack overflow SECTRACK 1008979 Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter. CVE-2004-2089 2004-02-06T00:00:00.000-05:00 2008-09-05T16:43:10.330-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T12:47:00.000-04:00 XF matrixftp-login-list-dos(15075) SECTRACK 1008970 Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. cpe:/a:jshop_e-commerce:jshop_server:1.0.2 cpe:/a:jshop_e-commerce:jshop_server:1.0.1 cpe:/a:jshop_e-commerce:jshop_server:1.0.4 cpe:/a:jshop_e-commerce:jshop_server:1.0.3 cpe:/a:jshop_e-commerce:jshop_server:1.2.0 cpe:/a:jshop_e-commerce:jshop_professional:3.0 cpe:/a:jshop_e-commerce:jshop_server:1.1.0 cpe:/a:jshop_e-commerce:jshop_professional:3.2 cpe:/a:jshop_e-commerce:jshop_professional:3.1 cpe:/a:jshop_e-commerce:jshop_professional:3.4 cpe:/a:jshop_e-commerce:jshop_professional:3.3 CVE-2004-2084 2004-02-07T00:00:00.000-05:00 2008-09-05T16:43:09.550-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-05-25T13:18:00.000-04:00 XF jshop-searchphp-xss(15100) OSVDB 3889 MISC http://www.systemsecure.org/advisories/ssadvisory09022004.php BID 9609 SECTRACK 1008988 SECUNIA 10825 Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter. cpe:/a:microsoft:ie:5.5 cpe:/a:microsoft:ie:5.5:sp1 cpe:/a:microsoft:ie:5.5:sp2 cpe:/a:microsoft:ie:6.0 cpe:/a:microsoft:ie:5.0.1:sp1 cpe:/a:microsoft:ie:5.0.1:sp2 cpe:/a:microsoft:ie:5.0.1:sp3 cpe:/a:microsoft:ie:6.0:sp1 cpe:/a:microsoft:ie:5.0.1:sp4 cpe:/a:microsoft:ie:5.0.1 CVE-2004-2090 2004-02-07T00:00:00.000-05:00 2008-09-05T16:43:10.487-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-05-25T12:43:00.000-04:00 XF ie-error-obtain-information(15078) BID 9611 SECUNIA 10820 FULLDISC 20040207 (no subject) Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist. cpe:/a:microsoft:windows_media_player:9 CVE-2004-1244 2004-02-08T00:00:00.000-05:00 2008-09-10T15:29:40.757-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-06-20T10:50:00.000-04:00 ALLOWS_USER_ACCESS CERT TA05-039A CERT-VN VU#259890 XF win-ms05kb890261-update(19096) MS MS05-009 Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability." cpe:/a:nadeo:trackmania cpe:/a:nadeo:game_engine cpe:/a:nadeo:virtual_skipper:3 CVE-2004-2077 2004-02-08T00:00:00.000-05:00 2008-09-05T16:43:08.440-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T13:59:00.000-04:00 XF trackmania-dos(15081) BID 9604 BUGTRAQ 20040209 Re: TrackMania Demo Denial of Service BUGTRAQ 20040208 TrackMania Demo Denial of Service MISC http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. cpe:/a:nadeo:trackmania cpe:/a:nadeo:game_engine cpe:/a:nadeo:virtual_skipper:3 CVE-2004-2077 2004-02-08T00:00:00.000-05:00 2008-09-05T16:43:08.440-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T13:59:00.000-04:00 XF trackmania-dos(15081) BID 9604 BUGTRAQ 20040209 Re: TrackMania Demo Denial of Service BUGTRAQ 20040208 TrackMania Demo Denial of Service MISC http://www.securiteinfo.com/attaques/hacking/trackmaniados.shtml Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields. cpe:/h:red-m:red-alert:2.7.5_v3.1_build_24 CVE-2004-2078 2004-02-09T00:00:00.000-05:00 2008-09-05T16:43:08.597-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T13:45:00.000-04:00 SECTRACK 1009001 XF redalert-long-request-dos(15086) BID 9618 BUGTRAQ 20040209 Red-M Red-Alert Multiple Vulnerabilities MISC http://www.securiteam.com/securitynews/5SP0C0KC0A.html OSVDB 3891 SECUNIA 10832 MISC http://genhex.org/releases/031003.txt FULLDISC 20040209 Red-M Red-Alert Multiple Vulnerabilities Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow. cpe:/h:red-m:red-alert:2.7.5_v3.1_build_24 CVE-2004-2079 2004-02-09T00:00:00.000-05:00 2008-09-10T15:32:55.523-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-25T13:41:00.000-04:00 ALLOWS_OTHER_ACCESS SECTRACK 1009001 XF redalert-gain-access(15088) BID 9618 BUGTRAQ 20040209 Red-M Red-Alert Multiple Vulnerabilities MISC http://www.securiteam.com/securitynews/5SP0C0KC0A.html MISC http://genhex.org/releases/031003.txt OSVDB 3952 FULLDISC 20040209 Red-M Red-Alert Multiple Vulnerabilities Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user. cpe:/h:red-m:red-alert:2.7.5_v3.1_build_24 CVE-2004-2080 2004-02-09T00:00:00.000-05:00 2008-09-10T15:32:55.617-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T13:34:00.000-04:00 SECTRACK 1009001 XF redalert-bypass-security(15089) BID 9618 BUGTRAQ 20040209 Red-M Red-Alert Multiple Vulnerabilities MISC http://www.securiteam.com/securitynews/5SP0C0KC0A.html MISC http://genhex.org/releases/031003.txt OSVDB 3953 FULLDISC 20040209 Red-M Red-Alert Multiple Vulnerabilities Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID. cpe:/a:ca:inoculateit:6.0 CVE-2004-2092 2004-02-09T00:00:00.000-05:00 2008-09-05T16:43:10.817-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-25T12:33:00.000-04:00 ALLOWS_OTHER_ACCESS XF etrust-inoculateit-insecure-permissions(15103) BID 9616 OSVDB 3896 SECUNIA 10833 BUGTRAQ 20040209 [local problems] eTrust Virus Protection 6.0 InoculateIT for linux eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information. CVE-2004-2093 2004-02-09T00:00:00.000-05:00 2008-09-05T16:43:10.973-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-05-25T12:48:00.000-04:00 ALLOWS_USER_ACCESS XF linux-rsync-opensocketout-bo(15108) VULN-DEV 20040209 rsync <= 2.5.7 local buffer overflow (no root today:) Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future. cpe:/a:microsoft:baseline_security_analyzer:1.2 CVE-2004-2091 2004-02-10T00:00:00.000-05:00 2008-09-05T16:43:10.660-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-05-25T12:37:00.000-04:00 BID 9634 BUGTRAQ 20040210 Another Low Blow From Microsoft: MBSA Failure! Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security. cpe:/a:opera_software:opera_web_browser:7.0_beta2::win32 cpe:/a:opera_software:opera_web_browser:7.11j cpe:/a:opera_software:opera_web_browser:7.0::win32 cpe:/a:opera_software:opera_web_browser:7.0.2::win32 cpe:/a:opera_software:opera_web_browser:7.20_beta1_build2981 cpe:/a:opera_software:opera_web_browser:7.0.1::win32 cpe:/a:opera_software:opera_web_browser:7.11b cpe:/a:opera_software:opera_web_browser:7.11 cpe:/a:opera_software:opera_web_browser:7.23 cpe:/a:opera_software:opera_web_browser:7.0_beta1::win32 cpe:/a:opera_software:opera_web_browser:7.10 cpe:/a:opera_software:opera_web_browser:7.22 cpe:/a:opera_software:opera_web_browser:7.21 cpe:/a:opera_software:opera_web_browser:7.20 cpe:/a:opera_software:opera_web_browser:7.0.3::win32 CVE-2004-2083 2004-02-11T00:00:00.000-05:00 2008-09-05T16:43:09.363-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-05-25T13:19:00.000-04:00 BID 9640 MISC http://secunia.com/Internet_Explorer_File_Download_Extension_Spoofing_Test/ SECUNIA 10760 XF opera-cslid-extension-spoof(21698) OSVDB 3917 CONFIRM http://www.opera.com/docs/changelogs/windows/750b1/ Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing." cpe:/a:sophos:sophos_anti-virus:3.4.6 cpe:/a:sophos:sophos_anti-virus:3.78 CVE-2004-2088 2004-02-12T00:00:00.000-05:00 2008-09-05T16:43:10.177-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-05-25T12:51:00.000-04:00 XF sophos-email-virus-undetected(15192) CONFIRM http://www.sophos.com/support/news/#mime-378 BID 9650 SECTRACK 1009042 SECUNIA 10855 Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message. cpe:/a:karjasoft:sami_ftp_server:1.1.3 CVE-2004-2082 2004-02-13T00:00:00.000-05:00 2008-09-05T16:43:09.207-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-05-25T13:24:00.000-04:00 MISC http://www.karja.com/samiftp/news.html XF sami-cd-get-dos(15204) BID 9657 BUGTRAQ 20040213 Sami FTP Server 1.1.3 multiple vulnerabilities The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters. cpe:/o:mandrakesoft:mandrake_linux:10.0::amd64 cpe:/o:sun:solaris cpe:/o:mandrakesoft:mandrake_linux:10.1 cpe:/o:mandrakesoft:mandrake_linux:10.0 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1 cpe:/o:debian:debian_linux:3.0::woody cpe:/o:sun:solaris:9.0 cpe:/o:mandrakesoft:mandrake_linux:10.1::x86_64 cpe:/o:mandrakesoft:mandrake_linux_corporate_server:2.1::x86_64 CVE-2004-1180 2004-02-16T00:00:00.000-05:00 2008-09-10T15:29:26.947-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-06-20T10:07:00.000-04:00 DEBIAN DSA-678 MANDRAKE MDKSA-2005:039 SECUNIA 14309 Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). cpe:/o:linux:linux_kernel:2.6.20.1 CVE-2004-0001 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:16.257-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#337238 REDHAT RHSA-2004:017 XF linux-ptrace-gain-privilege(14888) BID 9429 GENTOO GLSA-200402-06 Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. cpe:/a:openca:openca:0.9.1.6 CVE-2004-0004 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:16.853-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#336446 BID 9435 CONFIRM http://www.openca.org/news/CAN-2004-0004.txt XF openca-improper-signature-verification(14847) OSVDB 3615 BUGTRAQ 20040116 [OpenCA Advisory] Vulnerability in signature verification The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.1 cpe:/o:cisco:ios:12.2t cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:12.1t cpe:/o:cisco:ios:12.1e cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:11.3t CVE-2004-0054 2004-02-17T00:00:00.000-05:00 2009-03-04T00:21:09.437-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#749342 CERT CA-2004-01 CISCO 20040113 Vulnerabilities in H.323 Message Processing MISC http://www.uniras.gov.uk/vuls/2004/006489/h323.htm SECTRACK 1008685 BID 9406 Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. cpe:/a:lbl:tcpdump:3.6.2 cpe:/a:lbl:tcpdump:3.7 cpe:/a:lbl:tcpdump:3.7.1 cpe:/a:lbl:tcpdump:3.5.2 CVE-2004-0055 2004-02-17T00:00:00.000-05:00 2009-02-06T00:29:19.907-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#955526 BID 7090 REDHAT RHSA-2004:008 MLIST [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1 FEDORA FEDORA-2004-092 FEDORA FEDORA-2004-090 DEBIAN DSA-425 SECUNIA 12179 SECUNIA 11032 SECUNIA 11022 SECUNIA 10718 SECUNIA 10652 SECUNIA 10644 SECUNIA 10639 SECUNIA 10636 TRUSTIX 2004-0004 APPLE APPLE-SA-2004-02-23 SGI 20040103-01-U SCO SCOSA-2004.9 CALDERA CSSA-2004-008.0 SECTRACK 1008735 FEDORA FLSA:1222 MANDRAKE MDKSA-2004:008 MLIST [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1 BUGTRAQ 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) CONECTIVA CLSA-2003:832 SGI 20040202-01-U The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. cpe:/h:nortel:802.11_wireless_ip_gateway cpe:/a:nortel:business_communications_manager cpe:/h:nortel:succession_communication_server_1000 CVE-2004-0056 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#749342 CERT CA-2004-01 MISC http://www.uniras.gov.uk/vuls/2004/006489/h323.htm SECTRACK 1008687 BID 9406 Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. cpe:/a:lbl:tcpdump:3.8.1 CVE-2004-0057 2004-02-17T00:00:00.000-05:00 2009-02-20T00:29:04.030-05:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#174086 BID 9423 REDHAT RHSA-2004:007 DEBIAN DSA-425 XF tcpdump-rawprint-isakmp-dos(14837) BUGTRAQ 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. REDHAT RHSA-2004:008 MLIST [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1 FEDORA FEDORA-2004-092 FEDORA FEDORA-2004-090 SECUNIA 12179 SECUNIA 11032 SECUNIA 11022 SECUNIA 10718 SECUNIA 10668 SECUNIA 10652 SECUNIA 10644 SECUNIA 10639 SECUNIA 10636 MLIST [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1 ENGARDE ESA-20040119-002 TRUSTIX 2004-0004 APPLE APPLE-SA-2004-02-23 SGI 20040103-01-U SCO SCOSA-2004.9 CALDERA CSSA-2004-008.0 SECTRACK 1008716 FEDORA FLSA:1222 MANDRAKE MDKSA-2004:008 BUGTRAQ 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) SGI 20040202-01-U The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. cpe:/o:linux:linux_kernel:2.0.9.9 CVE-2004-0058 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.523-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF antivir-tmpfile-insecure(14214) SECTRACK 1008702 OSVDB 3496 SECUNIA 10620 BUGTRAQ 20040113 symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. cpe:/a:lionmax_software:www_file_share_pro:2.42 CVE-2004-0059 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.663-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008779 BUGTRAQ 20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header. cpe:/a:lionmax_software:www_file_share_pro:2.42 CVE-2004-0060 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.803-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008779 BUGTRAQ 20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. cpe:/a:lionmax_software:www_file_share_pro:2.42 CVE-2004-0061 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.960-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS SECTRACK 1008779 BUGTRAQ 20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. cpe:/a:fishnet:fishcart:3.1 CVE-2004-0062 2004-02-17T00:00:00.000-05:00 2008-09-10T15:24:59.557-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040114 FishCart Integer Overflow / Rounding Error SECTRACK 1008731 Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. cpe:/a:ncipher:payshield_spp_library:1.3.12 cpe:/a:ncipher:payshield_spp_library:1.6.18 cpe:/a:ncipher:payshield_spp_library:1.5.18 CVE-2004-0063 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.290-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://www.ncipher.com/support/advisories/advisory8_payshield.html XF payshield-incorrect-request-verification(14832) BID 9422 OSVDB 3537 BUGTRAQ 20040114 nCipher Advisory #8: payShield library may verify bad requests The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. cpe:/o:suse:suse_linux:9.0 CVE-2004-0064 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.430-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9411 SECTRACK 1008703 OSVDB 3460 SECUNIA 10623 BUGTRAQ 20040113 SuSE linux 9.0 YaST config Skribt [exploit] The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0065 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.587-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040112 More phpGedView Vulnerabilities BID 11925 BID 11910 Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0066 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.727-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040112 More phpGedView Vulnerabilities XF phpgedview-path-disclosure(14215) OSVDB 3464 phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0067 2004-02-17T00:00:00.000-05:00 2009-01-29T00:28:44.907-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040112 More phpGedView Vulnerabilities XF phpgedview-login-xss(36285) XF phpgedview-multiple-xss(14212) BID 11907 BID 11906 BID 11905 BID 11904 BID 11903 BID 11894 BID 11891 BID 11890 BID 11888 BID 11882 BID 11880 BID 11868 BUGTRAQ 20070827 PhpGedView login page multiple XSS OSVDB 3479 OSVDB 3478 OSVDB 3477 OSVDB 3476 OSVDB 3475 OSVDB 3474 OSVDB 3473 VUPEN ADV-2007-2995 SECTRACK 1018613 SECUNIA 26628 Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1. cpe:/a:phpdig.net:phpdig:1.6.5 CVE-2004-0068 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9424 CONFIRM http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393 BUGTRAQ 20040114 PhpDig 1.6.x: remote command execution XF phpdig-config-file-include(14826) PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. cpe:/a:hd_soft:windows_ftp_server:1.6 CVE-2004-0069 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.180-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9385 BUGTRAQ 20040113 exploit for HD Soft Windows FTP Server 1.6 BUGTRAQ 20040108 Windows FTP Server Format String Vulnerability SECTRACK 1008658 Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. cpe:/a:visualshapers:ezcontents CVE-2004-0070 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.337-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF ezcontents-php-file-include(14199) BID 9396 OSVDB 6878 CONFIRM http://www.ezcontents.org/forum/viewtopic.php?t=361 BUGTRAQ 20040110 Remote Code Execution in ezContents PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. CVE-2004-0071 2004-02-17T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF manpagelookup-directory-traversal(14203) BID 9395 BUGTRAQ 20040110 PHP Manpage lookup directory transversal / file disclosing SECTRACK 1008689 Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. cpe:/a:accipiter:accipiter_direct_server:6.0 CVE-2004-0072 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.570-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9389 XF accipterdirectserver-directory-traversal(14198) BUGTRAQ 20040109 Directory Traversal in Accipiter Direct Server 6.0 FULLDISC 20040109 Directory Traversal in Accipiter Direct Server 6.0 OSVDB 3433 SECUNIA 10600 Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request. cpe:/a:stoitsov:easydynamicpages:2.0 CVE-2004-0073 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9338 XF easydynamicpages-php-file-include(14136) OSVDB 3408 OSVDB 3318 SECTRACK 1008584 SECUNIA 10535 BUGTRAQ 20040102 include() vuln in EasyDynamicPages v.2.0 PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. cpe:/a:michael_bischoff:xsok:1.02 CVE-2004-0074 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.867-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9341 XF xsok-lang-bo(14910) XF xsok-long-xsokdir-bo(14906) BID 9352 BUGTRAQ 20040103 xsok local games exploit (2) BUGTRAQ 20040102 xsok local games exploit Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949. cpe:/a:realnetworks:helix_universal_server:9.0.2.881 cpe:/a:realnetworks:helix_universal_mobile_server:10.1.1.120 CVE-2004-0049 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:21.993-04:00 6.8 NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CONFIRM http://service.real.com/help/faq/security/040112_dos/ BID 9421 CONFIRM http://service.real.com/help/faq/security/security022604.html BUGTRAQ 20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow VULNWATCH 20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port. cpe:/a:mcafee:epolicy_orchestrator:3.6.0 CVE-2004-0095 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:31.240-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9476 CONFIRM http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip XF epolicy-contentlength-post-dos(14989) OSVDB 3744 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. cpe:/a:jelsoft:vbulletin:3.0_beta_2 CVE-2004-0091 2004-02-17T00:00:00.000-05:00 2008-09-10T15:25:06.507-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008780 VULN-DEV 20040123 RE: vBulletin Security Vulnerability VULN-DEV 20040120 Re: vBulletin Security Vulnerability VULN-DEV 20040120 vBulletin Security Vulnerability BUGTRAQ 20040120 vBulletin Security Vulnerability ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft." cpe:/o:linux:linux_kernel:2.6.0 CVE-2004-2136 2004-02-19T00:00:00.000-05:00 2008-09-05T16:43:18.143-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-06-01T09:57:00.000-04:00 MISC http://www.securiteam.com/exploits/5UP0P1PFPM.html MISC http://mareichelt.de/pub/notmine/diskenc.pdf MLIST [linux-kernel] 20040219 Re: Oopsing cryptoapi (or loop device?) on 2.6.* dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption. cpe:/a:openconnect:webconnect:6.5 cpe:/a:openconnect:webconnect:6.4.4 CVE-2004-0466 2004-02-21T00:00:00.000-05:00 2008-09-05T16:38:29.660-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2005-06-15T10:59:00.000-04:00 CONFIRM http://www.kb.cert.org/vuls/id/JSHA-69FVMM CERT-VN VU#552561 XF webconnect-device-name-dos(19393) SECUNIA 14006 MISC http://www.cirt.dk/advisories/cirt-29-advisory.pdf BUGTRAQ 20050220 The WebConnect 6.4.4 and 6.5 contains several vulnerabilities WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1. cpe:/a:xmb_forum:xmb:1.8 cpe:/a:xmb_forum:xmb:1.8_sp2 cpe:/a:xmb_forum:xmb:1.8_sp1 CVE-2004-0322 2004-02-23T00:00:00.000-05:00 2008-09-05T16:38:07.583-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-06-15T10:15:00.000-04:00 XF xmb-multiple-scripts-xss(15292) BID 9726 BUGTRAQ 20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2 XF xmb-bbcode-execute-code(15294) CONFIRM http://www.xmbforum.com/community/boards/viewthread.php?tid=746859 BUGTRAQ 20040225 Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2 Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final SP2 allow remote attackers to execute arbitrary script as other users via the (1) member parameter in member.php, (2) uid parameter in u2uadmin.php, (3) user parameter in editprofile.php, (4) an onmouseover event in an align tag when bbcode is allowed, or (5) img tag where bbcode is allowed. cpe:/a:confirm:confirm:0.60 cpe:/a:confirm:confirm:0.61 cpe:/a:confirm:confirm:0.50 cpe:/a:confirm:confirm:0.51 cpe:/a:confirm:confirm:0.52 cpe:/a:confirm:confirm:0.62 cpe:/a:confirm:confirm:0.53 cpe:/a:confirm:confirm:0.54 cpe:/a:confirm:confirm:0.55 CVE-2004-0324 2004-02-23T00:00:00.000-05:00 2008-09-05T16:38:07.897-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2005-06-15T10:27:00.000-04:00 ALLOWS_USER_ACCESS XF confirm-header-gain-access(15290) BID 9728 BUGTRAQ 20040223 Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $. CVE-2004-1360 2004-02-27T00:00:00.000-05:00 2008-09-10T15:29:58.773-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2005-06-22T10:50:00.000-04:00 CERT-VN VU#412566 XF solaris-covfix-gain-privileges(15331) CIAC O-089 AUSCERT ESB-2004.0169 SUNALERT 57509 SECUNIA 10991 OSVDB 4071 BID 9759 Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files. CVE-2004-0944 2004-02-28T00:00:00.000-05:00 2008-09-05T16:39:52.873-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2005-06-17T13:56:00.000-04:00 MISC http://www.niscc.gov.uk/niscc/docs/re-20050228-00178.pdf?lang=en CONFIRM http://www.mitel.com/DocController?documentId=14223 MISC http://www.corsaire.com/advisories/c040817-002.txt The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie. cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3.2 CVE-2004-0092 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:06.587-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9504 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. cpe:/a:andries_brouwer:util-linux:2.11 CVE-2004-0080 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:28.070-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#801526 REDHAT RHSA-2004:056 BID 9558 XF utillinux-information-leak(15016) OSVDB 3796 GENTOO GLSA-200404-06 SECUNIA 10773 BUGTRAQ 20040408 LNSA-#2004-0010: login may leak sensitive data BUGTRAQ 20040331 OpenLinux: util-linux could leak sensitive data SGI 20040406-01-U SGI 20040201-01-U The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. cpe:/o:openbsd:openbsd:2.6 cpe:/o:netbsd:netbsd:1.3 cpe:/o:freebsd:freebsd:5.2 CVE-2004-0114 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:34.490-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF bsd-shmat-gain-privileges(15061) BID 9586 FREEBSD FreeBSD-SA-04:02 MISC http://www.pine.nl/press/pine-cert-20040201.txt BUGTRAQ 20040205 [PINE-CERT-20040201] reference count overflow in shmat() OSVDB 3836 CONFIRM http://www.openbsd.org/errata33.html#sysvshm NETBSD NetBSD-SA2004-004 The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. cpe:/a:microsoft:virtual_pc:6.2::mac cpe:/a:microsoft:virtual_pc:6.0::mac cpe:/a:microsoft:virtual_pc:6.1::mac CVE-2004-0115 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:34.647-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9632 MS MS04-005 ATSTAKE A021004-1 XF virtual-pc-gain-privileges(15113) OSVDB 3893 CIAC O-076 VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. cpe:/a:phpgedview:phpgedview:2.60 cpe:/a:phpgedview:phpgedview:2.61 cpe:/a:phpgedview:phpgedview:2.61.1 cpe:/a:phpgedview:phpgedview:2.65.1 cpe:/a:phpgedview:phpgedview:2.52.3 cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0127 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:36.633-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9529 BUGTRAQ 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior XF phpgedview-editconfig-directory-traversal(15129) SECTRACK 1008892 OSVDB 3768 SECUNIA 10753 Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter. cpe:/a:phpgedview:phpgedview:2.60 cpe:/a:phpgedview:phpgedview:2.61 cpe:/a:phpgedview:phpgedview:2.61.1 cpe:/a:phpgedview:phpgedview:2.65.1 cpe:/a:phpgedview:phpgedview:2.52.3 cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0128 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:36.787-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9531 BUGTRAQ 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior XF phpgedview-gedfilconf-file-include(14987) OSVDB 3769 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=141517 SECUNIA 10753 PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. cpe:/a:phpmyadmin:phpmyadmin:2.1 cpe:/a:phpmyadmin:phpmyadmin:2.0 cpe:/a:phpmyadmin:phpmyadmin:2.0.2 cpe:/a:phpmyadmin:phpmyadmin:2.2_pre1 cpe:/a:phpmyadmin:phpmyadmin:2.0.3 cpe:/a:phpmyadmin:phpmyadmin:2.0.4 cpe:/a:phpmyadmin:phpmyadmin:2.0.5 cpe:/a:phpmyadmin:phpmyadmin:2.2_rc1 cpe:/a:phpmyadmin:phpmyadmin:2.5.5 cpe:/a:phpmyadmin:phpmyadmin:2.3.2 cpe:/a:phpmyadmin:phpmyadmin:2.3.1 cpe:/a:phpmyadmin:phpmyadmin:2.5.4 cpe:/a:phpmyadmin:phpmyadmin:2.5.1 cpe:/a:phpmyadmin:phpmyadmin:2.4.0 cpe:/a:phpmyadmin:phpmyadmin:2.5.2 cpe:/a:phpmyadmin:phpmyadmin:2.5.0 cpe:/a:phpmyadmin:phpmyadmin:2.5.5_pl1 cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc2 cpe:/a:phpmyadmin:phpmyadmin:2.2.3 cpe:/a:phpmyadmin:phpmyadmin:2.2.2 cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc1 cpe:/a:phpmyadmin:phpmyadmin:2.2.6 cpe:/a:phpmyadmin:phpmyadmin:2.2.5 cpe:/a:phpmyadmin:phpmyadmin:2.2.4 cpe:/a:phpmyadmin:phpmyadmin:2.2_rc3 cpe:/a:phpmyadmin:phpmyadmin:2.2_rc2 cpe:/a:phpmyadmin:phpmyadmin:2.1.2 cpe:/a:phpmyadmin:phpmyadmin:2.1.1 cpe:/a:phpmyadmin:phpmyadmin:2.0.1 CVE-2004-0129 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:36.960-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9564 BUGTRAQ 20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior CONFIRM http://www.phpmyadmin.net/home_page/relnotes.php?rel=0 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=350228 GENTOO GLSA-200402-05 XF phpmyadmin-dotdot-directory-traversal(15021) OSVDB 3800 SECUNIA 10769 Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0130 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:37.177-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MISC http://www.securiteam.com/unixfocus/5NP0M1PBPQ.html XF phpgedview-loginphp-path-disclosure(15128) OSVDB 6886 MISC http://www.netvigilance.com/advisory0001 SECTRACK 1008844 login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message. cpe:/a:gnu:radius:1.1 CVE-2004-0131 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:12.853-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#277396 XF radius-radprintrequest-dos(15046) BID 9578 CONFIRM http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz OSVDB 3824 IDEFENSE 20040204 GNU Radius Remote Denial of Service Vulnerability SECUNIA 10799 The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote atackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. cpe:/a:visualshapers:ezcontents:2.0.2 cpe:/a:visualshapers:ezcontents:2.0.1 cpe:/a:visualshapers:ezcontents:1.42 cpe:/a:visualshapers:ezcontents:1.43 cpe:/a:visualshapers:ezcontents:1.40 cpe:/a:visualshapers:ezcontents:1.41 cpe:/a:visualshapers:ezcontents:2.0_rc3 cpe:/a:visualshapers:ezcontents:2.0_rc2 cpe:/a:visualshapers:ezcontents:1.45b cpe:/a:visualshapers:ezcontents:1.44 cpe:/a:visualshapers:ezcontents:2.0_rc1 cpe:/a:visualshapers:ezcontents:1.45 CVE-2004-0132 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:12.913-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior XF ezcontents-multiple-file-include(15135) Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php. cpe:/a:nokia:6310i CVE-2004-0143 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:39.287-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF nokia-obex-dos(15107) BID 9603 MISC http://www.pentest.co.uk/documents/ptl-2004-01.html BUGTRAQ 20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones VULNWATCH 20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. cpe:/a:kame:racoon:all_versions CVE-2004-0164 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:20.557-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon XF openbsd-isakmp-initialcontact-delete-sa(14118) XF openbsd-isakmp-invalidspi-delete-sa(14117) BID 9417 APPLE APPLE-SA-2004-02-23 NETBSD NetBSD-SA2004-001 BID 9416 BUGTRAQ 20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c. cpe:/a:apache:mod_python:2.7.9 CVE-2004-0096 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:31.383-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MLIST [mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10 REDHAT RHSA-2004:063 REDHAT RHSA-2004:058 GENTOO GLSA-200401-03 Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. cpe:/a:openh323_project:pwlib:1.6.0 CVE-2004-0097 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:06.930-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#749342 CERT CA-2004-01 REDHAT RHSA-2004:047 DEBIAN DSA-448 XF pwlib-message-dos(15202) BID 9406 Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. cpe:/o:freebsd:freebsd:5.2.1:release cpe:/o:freebsd:freebsd:5.1:release CVE-2004-0099 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:31.693-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9533 FREEBSD FreeBSD-SA-04:01 XF freebsd-mksnapffs-bypass-security(15005) OSVDB 3790 mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. cpe:/a:linley_henzell:crawl:4.0.0_b23 CVE-2004-0103 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:31.837-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-432 XF crawl-long-environment-bo(15032) BID 9566 SECUNIA 10788 crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow. cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/o:redhat:enterprise_linux:2.1::enterprise_server cpe:/a:sgi:propack:2.3 cpe:/a:sgi:propack:2.4 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/a:metamail_corporation:metamail:2.7 CVE-2004-0104 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:07.133-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#518518 BID 9692 REDHAT RHSA-2004:073 XF metamail-printheader-format-string(15259) XF metamail-contenttype-format-string(15245) DEBIAN DSA-449 SECUNIA 10908 VULNWATCH 20040218 metamail format string bugs and buffer overflows SLACKWARE SSA:2004-049 MANDRAKE MDKSA-2004:014 CIAC O-083 BUGTRAQ 20040218 metamail format string bugs and buffer overflows Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/o:redhat:enterprise_linux:2.1::enterprise_server cpe:/a:sgi:propack:2.3 cpe:/a:sgi:propack:2.4 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/a:metamail_corporation:metamail:2.7 CVE-2004-0105 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:07.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#513062 REDHAT RHSA-2004:073 XF metamail-splitmail-subject-bo(15258) XF metamail-printheader-nonascii-bo(15247) DEBIAN DSA-449 SECUNIA 10908 VULNWATCH 20040218 metamail format string bugs and buffer overflows SLACKWARE SSA:2004-049 BID 9692 MANDRAKE MDKSA-2004:014 CIAC O-083 BUGTRAQ 20040218 metamail format string bugs and buffer overflows Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/o:openbsd:openbsd:3.4 cpe:/a:xfree86_project:x11r6:4.3.0 cpe:/o:openbsd:openbsd:3.3 cpe:/a:xfree86_project:x11r6:4.1.0 CVE-2004-0106 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:07.273-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SLACKWARE SSA:2004-043 REDHAT RHSA-2004:061 REDHAT RHSA-2004:060 XF xfree86-multiple-font-improper-handling(15206) REDHAT RHSA-2004:059 SUSE SuSE-SA:2004:006 DEBIAN DSA-443 MANDRAKE MDKSA-2004:012 FEDORA FLSA:2314 CONECTIVA CLA-2004:821 Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. cpe:/a:samba:samba:3.0.1 cpe:/a:samba:samba:3.0.0 cpe:/a:samba:samba:3.0 CVE-2004-0082 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:29.147-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9637 REDHAT RHSA-2004:064 XF samba-mksmbpasswd-gain-access(15132) CONFIRM http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html CONFIRM http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt OSVDB 3919 CIAC O-078 The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/o:openbsd:openbsd:3.4 cpe:/a:xfree86_project:x11r6:4.3.0 cpe:/o:openbsd:openbsd:3.3 cpe:/a:xfree86_project:x11r6:4.1.0 CVE-2004-0083 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.617-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#820006 BID 9636 BUGTRAQ 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow XF xfree86-fontalias-bo(15130) CONFIRM http://www.xfree86.org/cvs/changes REDHAT RHSA-2004:061 REDHAT RHSA-2004:060 REDHAT RHSA-2004:059 SUSE SuSE-SA:2004:006 MISC http://www.idefense.com/application/poi/display?id=72 DEBIAN DSA-443 GENTOO GLSA-200402-02 SLACKWARE SSA:2004-043 MANDRAKE MDKSA-2004:012 SUNALERT 57768 FEDORA FLSA:2314 BUGTRAQ 20040211 XFree86 vulnerability exploit CONECTIVA CLA-2004:821 Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/o:openbsd:openbsd:3.4 cpe:/a:xfree86_project:x11r6:4.3.0 cpe:/o:openbsd:openbsd:3.3 cpe:/a:xfree86_project:x11r6:4.1.0 CVE-2004-0084 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.697-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#667502 BID 9652 REDHAT RHSA-2004:061 REDHAT RHSA-2004:060 XF xfree86-copyisolatin1lLowered-bo(15200) SLACKWARE SSA:2004-043 REDHAT RHSA-2004:059 SUSE SuSE-SA:2004:006 MISC http://www.idefense.com/application/poi/display?id=73 DEBIAN DSA-443 FEDORA FLSA:2314 CONECTIVA CLA-2004:821 MANDRAKE MDKSA-2004:012 SUNALERT 57768 BUGTRAQ 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.1.5 CVE-2004-0085 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.757-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF macosx-mail-undisclosed(14992) BID 9504 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. cpe:/o:apple:mac_os_x:10.3.2 CVE-2004-0086 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.837-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9504 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3.2 CVE-2004-0087 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.913-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF macosx-configd-file-manipulation(14997) BID 9504 OSVDB 6819 APPLE APPLE-SA-2004-01-26 The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. cpe:/o:apple:mac_os_x:10.2.8 CVE-2004-0088 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.977-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9504 OSVDB 6820 APPLE APPLE-SA-2004-01-26 The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.3.9 CVE-2004-0089 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:06.367-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#902374 BID 9509 XF macosx-trublue-environmentvariable-bo(14968) OSVDB 6821 ATSTAKE A012704-1 APPLE APPLE-SA-2004-01-26 Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. cpe:/a:checkpoint:firewall-1 CVE-2004-0039 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:20.617-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#790771 CERT TA04-036A XF fw1-format-string(14149) BID 9581 ISS 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities CIAC O-072 CONFIRM http://www.checkpoint.com/techsupport/alerts/security_server.html BUGTRAQ 20040205 Two checkpoint fw-1/vpn-1 vulns BUGTRAQ 20040205 Two checkpoint fw-1/vpn-1 vulns Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. cpe:/a:checkpoint:firewall-1:4.1:sp2 cpe:/a:checkpoint:firewall-1:4.1:sp3 cpe:/a:checkpoint:vpn-1:4.1:sp5a cpe:/a:checkpoint:firewall-1:4.1:sp1 cpe:/a:checkpoint:firewall-1:next_generation_fp1 cpe:/a:checkpoint:firewall-1:next_generation_fp0 cpe:/a:checkpoint:firewall-1:4.1:sp4 cpe:/a:checkpoint:firewall-1:4.1 cpe:/a:checkpoint:firewall-1:4.1:sp5 cpe:/a:checkpoint:vpn-1:next_generation_fp0 cpe:/a:checkpoint:vpn-1:next_generation_fp1 cpe:/a:checkpoint:firewall-1:4.1:sp5a CVE-2004-0040 2004-03-03T00:00:00.000-05:00 2008-09-10T15:24:55.257-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#873334 BID 9582 XF vpn1-ike-bo(14150) BUGTRAQ 20040205 Two checkpoint fw-1/vpn-1 vulns ISS 20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow OSVDB 4432 OSVDB 3821 CIAC O-073 Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. cpe:/o:linux:linux_kernel:2.2.10 cpe:/a:redhat:kernel:2.4.20-8::athlon cpe:/o:linux:linux_kernel:2.2.12 cpe:/o:linux:linux_kernel:2.2.11 cpe:/o:linux:linux_kernel:2.2.14 cpe:/o:linux:linux_kernel:2.2.13 cpe:/o:linux:linux_kernel:2.2.16 cpe:/o:linux:linux_kernel:2.2.15 cpe:/o:linux:linux_kernel:2.2.18 cpe:/o:linux:linux_kernel:2.2.17 cpe:/o:linux:linux_kernel:2.2.19 cpe:/a:redhat:bigmem_kernel:2.4.20-8::i686 cpe:/a:redhat:kernel_source:2.4.20-8::i386_src cpe:/o:linux:linux_kernel:2.6.0:test10 cpe:/o:linux:linux_kernel:2.6.0:test11 cpe:/o:linux:linux_kernel:2.2.21 cpe:/o:linux:linux_kernel:2.2.20 cpe:/a:redhat:kernel:2.4.20-8::i686 cpe:/o:linux:linux_kernel:2.2.24 cpe:/o:linux:linux_kernel:2.2.23 cpe:/a:redhat:kernel:2.4.20-8::i686_smp cpe:/o:linux:linux_kernel:2.2.22 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:trustix:secure_linux:1.5 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.14 cpe:/a:redhat:kernel:2.4.20-8::i386 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:linux:linux_kernel:2.6.0:test7 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.6.0:test6 cpe:/o:linux:linux_kernel:2.6.0:test9 cpe:/o:linux:linux_kernel:2.6.0:test8 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.2.16:pre6 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.2.8 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.2.9 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.2.1 cpe:/o:linux:linux_kernel:2.2.0 cpe:/o:linux:linux_kernel:2.2.3 cpe:/o:linux:linux_kernel:2.2.2 cpe:/o:linux:linux_kernel:2.2.5 cpe:/o:linux:linux_kernel:2.2.4 cpe:/o:linux:linux_kernel:2.6_test9_cvs cpe:/o:linux:linux_kernel:2.2.7 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/o:linux:linux_kernel:2.2.6 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.0 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.2.15_pre20 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:netwosix:netwosix_linux:1.0 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.6.0 cpe:/a:redhat:kernel:2.4.20-8::athlon_smp cpe:/o:linux:linux_kernel:2.6.0:test3 cpe:/o:linux:linux_kernel:2.6.0:test2 cpe:/o:linux:linux_kernel:2.6.0:test5 cpe:/o:linux:linux_kernel:2.6.0:test4 cpe:/o:linux:linux_kernel:2.2.15:pre16 cpe:/o:linux:linux_kernel:2.6.0:test1 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:trustix:secure_linux:2.0 cpe:/a:redhat:kernel_doc:2.4.20-8::i386 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.4.0:test1 CVE-2004-0077 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:26.397-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#981222 BID 9686 DEBIAN DSA-439 GENTOO GLSA-200403-02 XF linux-mremap-gain-privileges(15244) BUGTRAQ 20040218 Second critical mremap() bug found in all Linux kernels MISC http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt SLACKWARE SSA:2004-049 REDHAT RHSA-2004:106 REDHAT RHSA-2004:069 REDHAT RHSA-2004:066 REDHAT RHSA-2004:065 OSVDB 3986 SUSE SuSE-SA:2004:005 DEBIAN DSA-514 DEBIAN DSA-475 DEBIAN DSA-470 DEBIAN DSA-466 DEBIAN DSA-456 DEBIAN DSA-454 DEBIAN DSA-453 DEBIAN DSA-450 DEBIAN DSA-444 DEBIAN DSA-442 DEBIAN DSA-441 DEBIAN DSA-440 DEBIAN DSA-438 CIAC O-082 TRUSTIX 2004-0008 TRUSTIX 2004-0007 MANDRAKE MDKSA-2004:015 FEDORA FEDORA-2004-079 CONECTIVA CLA-2004:820 VULNWATCH 20040218 Second critical mremap() bug found in all Linux kernels The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. cpe:/a:mutt:mutt:1.3.25 cpe:/a:mutt:mutt:1.2.5.12_ol cpe:/a:mutt:mutt:1.3.16 cpe:/a:mutt:mutt:1.3.24 cpe:/a:mutt:mutt:1.3.27 cpe:/a:mutt:mutt:1.2.5.12 cpe:/a:mutt:mutt:1.4.0 cpe:/a:mutt:mutt:1.3.28 cpe:/a:mutt:mutt:1.3.17 cpe:/a:mutt:mutt:1.4.1 cpe:/a:mutt:mutt:1.2.5.4 cpe:/a:mutt:mutt:1.2.5.5 cpe:/a:mutt:mutt:1.3.12 cpe:/a:mutt:mutt:1.3.22 cpe:/a:mutt:mutt:1.2.5 cpe:/a:mutt:mutt:1.3.12.1 cpe:/a:mutt:mutt:1.2.5.1 cpe:/a:mutt:mutt:1.2.1 CVE-2004-0078 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:02.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 9641 REDHAT RHSA-2004:051 REDHAT RHSA-2004:050 XF mut