cpe:/o:linux:linux_kernel:2.6.20.1 CVE-2004-0001 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:16.257-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#337238 REDHAT RHSA-2004:017 XF linux-ptrace-gain-privilege(14888) BID 9429 GENTOO GLSA-200402-06 Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges. cpe:/o:freebsd:freebsd:5.1 cpe:/o:freebsd:freebsd:4.3:releng cpe:/o:freebsd:freebsd:4.6.2 cpe:/o:freebsd:freebsd:5.0 cpe:/o:freebsd:freebsd:3.5.1 cpe:/o:freebsd:freebsd:4.9:pre-release cpe:/o:freebsd:freebsd:3.5:stable cpe:/o:freebsd:freebsd:3.5.1:stable cpe:/o:freebsd:freebsd:4.6:stable cpe:/o:freebsd:freebsd:4.7:release_p17 cpe:/o:freebsd:freebsd:3.2 cpe:/o:freebsd:freebsd:4.7:releng cpe:/o:freebsd:freebsd:4.3:release_p38 cpe:/o:freebsd:freebsd:4.7 cpe:/o:freebsd:freebsd:4.1.1:stable cpe:/o:freebsd:freebsd:3.5 cpe:/o:freebsd:freebsd:4.4:release_p42 cpe:/o:freebsd:freebsd:3.0:releng cpe:/o:freebsd:freebsd:4.2 cpe:/o:freebsd:freebsd:4.1.1:release cpe:/o:freebsd:freebsd:4.4:stable cpe:/o:freebsd:freebsd:3.0 cpe:/o:freebsd:freebsd:5.2 cpe:/o:freebsd:freebsd:4.6:releng cpe:/o:freebsd:freebsd:4.5:stable cpe:/o:freebsd:freebsd:4.6:release cpe:/o:freebsd:freebsd:4.9 cpe:/o:freebsd:freebsd:4.5 cpe:/o:freebsd:freebsd:4.0:releng cpe:/o:freebsd:freebsd:4.7:release cpe:/o:freebsd:freebsd:4.3:stable cpe:/o:freebsd:freebsd:4.5:release_p32 cpe:/o:freebsd:freebsd:4.2:stable cpe:/o:freebsd:freebsd:4.0 cpe:/o:freebsd:freebsd:4.3:release cpe:/o:freebsd:freebsd:5.0:release_p14 cpe:/o:freebsd:freebsd:5.1:release_p5 cpe:/o:freebsd:freebsd:4.6 cpe:/o:freebsd:freebsd:3.4 cpe:/o:freebsd:freebsd:4.6:release_p20 cpe:/o:freebsd:freebsd:5.1:releng cpe:/o:freebsd:freebsd:5.0:releng cpe:/o:freebsd:freebsd:4.4:releng cpe:/o:freebsd:freebsd:5.0:alpha cpe:/o:freebsd:freebsd:3.1 cpe:/o:freebsd:freebsd:4.4 cpe:/o:freebsd:freebsd:4.7:stable cpe:/o:freebsd:freebsd:4.5:releng cpe:/o:freebsd:freebsd:4.5:release cpe:/o:freebsd:freebsd:4.8 cpe:/o:freebsd:freebsd:4.8:pre-release cpe:/o:freebsd:freebsd:4.1 cpe:/o:freebsd:freebsd:4.3 cpe:/o:freebsd:freebsd:4.8:releng cpe:/o:freebsd:freebsd:4.1.1 cpe:/o:freebsd:freebsd:3.5.1:release cpe:/o:freebsd:freebsd:4.8:release_p6 cpe:/o:freebsd:freebsd:3.3 cpe:/o:freebsd:freebsd:4.0:alpha CVE-2004-0002 2004-03-03T00:00:00.000-05:00 2008-09-10T15:24:44.507-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CONFIRM http://lists.freebsd.org/pipermail/cvs-src/2004-January/016271.html The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaustion) via (1) a low MTU, which causes a large number of small packets to be produced, or (2) via a large number of packets with a small TCP payload, which cause a large number of calls to the resource-intensive sowakeup function. cpe:/o:linux:linux_kernel:2.4.22 CVE-2004-0003 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:25.753-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS REDHAT RHSA-2004:044 CONFIRM http://www.linuxcompatible.org/print25630.html REDHAT RHSA-2004:065 SUSE SuSE-SA:2004:005 DEBIAN DSA-495 DEBIAN DSA-491 DEBIAN DSA-489 DEBIAN DSA-482 DEBIAN DSA-481 DEBIAN DSA-480 DEBIAN DSA-479 XF linux-r128-gain-priviliges(15029) TURBO TLSA-2004-14 BID 9570 REDHAT RHSA-2004:166 REDHAT RHSA-2004:106 MANDRAKE MDKSA-2004:029 CIAC O-145 CIAC O-127 CIAC O-126 CIAC O-121 CIAC O-082 SECUNIA 12075 SECUNIA 11891 SECUNIA 11464 SECUNIA 11376 SECUNIA 11370 SECUNIA 11369 SECUNIA 11362 SECUNIA 11361 SECUNIA 11202 SECUNIA 10912 SECUNIA 10911 SECUNIA 10782 Unknown vulnerability in Linux kernel before 2.4.22 allows local users to gain privileges, related to "R128 DRI limits checking." cpe:/a:openca:openca:0.9.1.6 CVE-2004-0004 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:16.853-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#336446 BID 9435 CONFIRM http://www.openca.org/news/CAN-2004-0004.txt XF openca-improper-signature-verification(14847) OSVDB 3615 BUGTRAQ 20040116 [OpenCA Advisory] Vulnerability in signature verification The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users. CVE-2004-0005 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:16.993-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#655974 CERT-VN VU#404470 CERT-VN VU#226974 CERT-VN VU#190366 DEBIAN DSA-434 MISC http://security.e-matters.de/advisories/012004.html BUGTRAQ 20040126 Advisory 01/2004: 12 x Gaim remote overflows XF gaim-mime-decoder-oob(14944) XF gaim-mime-decoder-bo(14942) XF gaim-sscanf-oob(14938) XF gaim-yahoodecode-offbyone-bo(14935) SLACKWARE SSA:2004-026 SECTRACK 1008850 OSVDB 3736 SUSE SuSE-SA:2004:004 GENTOO GLSA-200401-04 CONECTIVA CLA-2004:813 FULLDISC 20040126 Advisory 01/2004: 12 x Gaim remote overflows Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) octal encoding in yahoo_decode that causes a null byte to be written beyond the buffer, (2) octal encoding in yahoo_decode that causes a pointer to reference memory beyond the terminating null byte, (3) a quoted printable string to the gaim_quotedp_decode MIME decoder that causes a null byte to be written beyond the buffer, and (4) quoted printable encoding in gaim_quotedp_decode that causes a pointer to reference memory beyond the terminating null byte. cpe:/a:ultramagnetic:ultramagnetic:0.81 cpe:/a:rob_flynn:gaim:0.75 CVE-2004-0006 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:26.330-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#871838 CERT-VN VU#527142 CERT-VN VU#503030 CERT-VN VU#444158 CERT-VN VU#371382 CERT-VN VU#297198 REDHAT RHSA-2004:032 CONFIRM http://ultramagnetic.sourceforge.net/advisories/001.html MISC http://security.e-matters.de/advisories/012004.html REDHAT RHSA-2004:045 REDHAT RHSA-2004:033 SUSE SuSE-SA:2004:004 DEBIAN DSA-434 GENTOO GLSA-200401-04 BUGTRAQ 20040126 Advisory 01/2004: 12 x Gaim remote overflows SGI 20040201-01-U XF gaim-http-proxy-bo(14947) XF gaim-urlparser-bo(14945) XF gaim-yahoopacketread-keyname-bo(14943) XF gaim-login-value-bo(14941) XF gaim-login-name-bo(14940) XF gaim-yahoowebpending-cookie-bo(14939) SLACKWARE SSA:2004-026 SECTRACK 1008850 BID 9489 OSVDB 3732 OSVDB 3731 MANDRAKE MDKSA-2004:006 BUGTRAQ 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code CONECTIVA CLA-2004:813 FULLDISC 20040126 Advisory 01/2004: 12 x Gaim remote overflows SGI 20040202-01-U Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic before 0.81, allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) cookies in a Yahoo web connection, (2) a long name parameter in the Yahoo login web page, (3) a long value parameter in the Yahoo login page, (4) a YMSG packet, (5) the URL parser, and (6) HTTP proxy connect. cpe:/a:ultramagnetic:ultramagnetic:0.81 cpe:/a:rob_flynn:gaim:0.74 CVE-2004-0007 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:26.457-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#197142 REDHAT RHSA-2004:033 DEBIAN DSA-434 CONFIRM http://ultramagnetic.sourceforge.net/advisories/001.html MISC http://security.e-matters.de/advisories/012004.html BUGTRAQ 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code REDHAT RHSA-2004:032 GENTOO GLSA-200401-04 XF gaim-extractinfo-bo(14946) SLACKWARE SSA:2004-026 SECTRACK 1008850 BID 9489 SUSE SuSE-SA:2004:004 OSVDB 3733 MANDRAKE MDKSA-2004:006 BUGTRAQ 20040126 Advisory 01/2004: 12 x Gaim remote overflows CONECTIVA CLA-2004:813 FULLDISC 20040126 Advisory 01/2004: 12 x Gaim remote overflows Buffer overflow in the Extract Info Field Function for (1) MSN and (2) YMSG protocol handlers in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code. cpe:/a:ultramagnetic:ultramagnetic:0.81 cpe:/a:rob_flynn:gaim:0.74 CVE-2004-0008 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:26.580-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#779614 REDHAT RHSA-2004:032 CONFIRM http://ultramagnetic.sourceforge.net/advisories/001.html MISC http://security.e-matters.de/advisories/012004.html BUGTRAQ 20040127 Ultramagnetic Advisory #001: Multiple vulnerabilities in Gaim code REDHAT RHSA-2004:045 REDHAT RHSA-2004:033 DEBIAN DSA-434 GENTOO GLSA-200401-04 SGI 20040201-01-U XF gaim-directim-bo(14937) SECTRACK 1008850 OSVDB 3734 MANDRAKE MDKSA-2004:006 BUGTRAQ 20040127 [slackware-security] GAIM security update (SSA:2004-026-01) BUGTRAQ 20040126 Advisory 01/2004: 12 x Gaim remote overflows CONECTIVA CLA-2004:813 FULLDISC 20040126 Advisory 01/2004: 12 x Gaim remote overflows SGI 20040202-01-U Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0.81, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a directIM packet that triggers a heap-based buffer overflow. cpe:/a:apache-ssl:apache-ssl:1.3.28_1.52 CVE-2004-0009 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:17.600-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior XF apachessl-default-password(15065) BID 9590 CONFIRM http://www.apache-ssl.org/advisory-20040206.txt OSVDB 3877 FULLDISC 20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user. cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.0:test1 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0010 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:26.800-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 9691 REDHAT RHSA-2004:069 DEBIAN DSA-479 XF linux-ncplookup-gain-privileges(15250) REDHAT RHSA-2004:188 REDHAT RHSA-2004:065 SUSE SuSE-SA:2004:005 DEBIAN DSA-495 DEBIAN DSA-491 DEBIAN DSA-489 DEBIAN DSA-482 DEBIAN DSA-481 DEBIAN DSA-480 TURBO TLSA-2004-05 MANDRAKE MDKSA-2004:015 CIAC O-082 FEDORA FEDORA-2004-079 CONECTIVA CLA-2004:820 Stack-based buffer overflow in the ncp_lookup function for ncpfs in Linux kernel 2.4.x allows local users to gain privileges. cpe:/a:debian:fsp:2.81.b18 CVE-2004-0011 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:18.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9377 DEBIAN DSA-416 XF fsp-boundry-error-bo(14155) CIAC O-048 Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code. cpe:/a:jabber_software_foundation:jabber_server:1.4.3 cpe:/a:jabber_software_foundation:jabber_server:1.4.2a CVE-2004-0013 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.180-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MANDRAKE MDKSA-2004:005 DEBIAN DSA-414 XF jabber-ssl-connections-dos(14158) BID 9376 OSVDB 3345 SECUNIA 10559 jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash). cpe:/a:nd:nd:0.8.2 CVE-2004-0014 2004-01-20T00:00:00.000-05:00 2008-09-10T15:24:50.710-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9365 DEBIAN DSA-412 XF nd-long-string-bo(14141) SECTRACK 1008616 SECUNIA 10550 SECUNIA 10549 Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings. cpe:/a:vbox3:vbox3:0.1.8 CVE-2004-0015 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.477-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS DEBIAN DSA-418 BID 9381 XF vbox3-gain-privileges(14170) vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges. cpe:/a:phpgroupware:phpgroupware:0.9.14 CVE-2004-0016 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.633-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-419 BID 9387 XF phpgroupware-calendar-file-include(13489) OSVDB 6860 The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files. cpe:/a:phpgroupware:phpgroupware:0.9.14 CVE-2004-0017 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.773-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-419 BID 9386 SECTRACK 1008662 SECUNIA 10591 Multiple SQL injection vulnerabilities in the (1) calendar and (2) infolog modules for phpgroupware 0.9.14 allow remote attackers to perform unauthorized database operations. cpe:/a:samba:jitterbug:1.6.2 CVE-2004-0028 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:18.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-420 BID 9397 XF jitterbug-execute-code(14207) jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands. cpe:/a:ibm:lotus_domino:6.0.2 CVE-2004-0029 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.133-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF lotus-notes-insecure-permissions(14153) BID 9366 SECTRACK 1008623 OSVDB 3424 MISC http://www.excluded.org/advisories/advisory05.txt SECUNIA 10566 BUGTRAQ 20040106 Lotus Notes Domino 6.0.2 (linux) faulty default permissions Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration file with world-writable permissions, which allows local users to modify the Notes configuration and gain privileges. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0030 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF phpgedview-pgvbasedirectory-file-include(14159) BID 9368 OSVDB 3343 SECUNIA 10565 BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem SECTRACK 1008632 PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0031 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.430-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem XF phpgedview-modify-admin-password(14161) OSVDB 3403 SECUNIA 10565 PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0032 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.570-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem XF phpgedview-search-xss(14160) BID 9369 OSVDB 3402 SECUNIA 10565 Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter. cpe:/a:phpgedview:phpgedview:2.61 CVE-2004-0033 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.727-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem XF phpgedview-admin-info-disclosure(14162) BID 9371 OSVDB 3404 SECUNIA 10565 admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command. cpe:/a:phorum:phorum:3.4.5 CVE-2004-0034 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:19.867-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF phorum-common-xss(14145) BID 9361 SECUNIA 10567 CONFIRM http://phorum.org/ BUGTRAQ 20040105 Multiple Vulnerabilities in Phorum 3.4.5 SECTRACK 1008633 OSVDB 3510 OSVDB 3506 OSVDB 3434 Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php. cpe:/a:phorum:phorum:3.4.5 CVE-2004-0035 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:20.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF phorum-register-sql-injection(14146) BID 9363 BUGTRAQ 20040105 Multiple Vulnerabilities in Phorum 3.4.5 OSVDB 3508 SECUNIA 10567 SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. cpe:/a:jelsoft:vbulletin:2.3.0 CVE-2004-0036 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:20.163-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection XF vbulletin-calendar-sql-injection(14144) CONFIRM http://www.vbulletin.com/forum/showthread.php?postid=588825 BID 9360 OSVDB 3344 SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter. cpe:/a:opentext:opentext_firstclass_desktop_client:7.1 CVE-2004-0037 2004-01-20T00:00:00.000-05:00 2008-09-05T16:37:20.303-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF firstclassclient-execute-code(14151) BID 9370 OSVDB 3442 SECUNIA 10556 BUGTRAQ 20040105 FirstClass Client 7.1: Command Execution via Email Web Link SECTRACK 1008609 FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages. cpe:/a:mcafee:epolicy_orchestrator:3.0 cpe:/a:mcafee:epolicy_orchestrator:2.5.1 cpe:/a:mcafee:epolicy_orchestrator:2.5:sp1 cpe:/a:mcafee:epolicy_orchestrator:2.5 cpe:/a:mcafee:epolicy_orchestrator:3.0:sp2a CVE-2004-0038 2004-06-14T00:00:00.000-04:00 2008-09-05T16:37:20.460-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF epolicy-execute-commands(14166) ISS 20040510 McAfee ePolicy Orchestrator Remote Compromise Vulnerability BID 10200 MISC http://www.osvdb.org/5626 CONFIRM http://download.nai.com/products/patches/ePO/v2.x/Patch14.txt McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 allows remote attackers to execute arbitrary commands via certain HTTP POST requests to the spipe/file handler on ePO TCP port 81. cpe:/a:checkpoint:firewall-1 CVE-2004-0039 2004-03-03T00:00:00.000-05:00 2011-03-07T21:15:01.127-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#790771 CERT TA04-036A XF fw1-format-string(14149) BID 9581 ISS 20040204 Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities CIAC O-072 CONFIRM http://www.checkpoint.com/techsupport/alerts/security_server.html BUGTRAQ 20040205 Two checkpoint fw-1/vpn-1 vulns Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54, and Check Point Firewall-1 HTTP Security Server included with NG FP1, FP2, and FP3 allows remote attackers to execute arbitrary code via HTTP requests that cause format string specifiers to be used in an error message, as demonstrated using the scheme of a URI. cpe:/a:checkpoint:firewall-1:4.1:sp5a cpe:/a:checkpoint:firewall-1:4.1:sp1 cpe:/a:checkpoint:firewall-1:4.1 cpe:/a:checkpoint:firewall-1:4.1:sp5 cpe:/a:checkpoint:firewall-1:4.1:sp2 cpe:/a:checkpoint:vpn-1:next_generation_fp0 cpe:/a:checkpoint:firewall-1:4.1:sp4 cpe:/a:checkpoint:vpn-1:next_generation_fp1 cpe:/a:checkpoint:vpn-1:4.1:sp5a cpe:/a:checkpoint:firewall-1:next_generation_fp1 cpe:/a:checkpoint:firewall-1:next_generation_fp0 cpe:/a:checkpoint:firewall-1:4.1:sp3 CVE-2004-0040 2004-03-03T00:00:00.000-05:00 2008-09-10T15:24:55.257-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#873334 BID 9582 XF vpn1-ike-bo(14150) BUGTRAQ 20040205 Two checkpoint fw-1/vpn-1 vulns ISS 20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow OSVDB 4432 OSVDB 3821 CIAC O-073 Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet. cpe:/a:mod_auth_shadow:mod_auth_shadow:1.2 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.3 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.4 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.1 cpe:/a:mod_auth_shadow:mod_auth_shadow:1.0 CVE-2004-0041 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:20.947-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-421 SECTRACK 1008675 BID 9404 OSVDB 3454 SECUNIA 10612 The mod_auth_shadow module 1.4 and earlier does not properly enforce the expiration of a user account and password, which could allow remote authenticated users to bypass intended access restrictions. cpe:/a:beasts:vsftpd:1.1.3 CVE-2004-0042 2004-02-03T00:00:00.000-05:00 2008-09-10T15:24:55.477-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008628 vsftpd 1.1.3 generates different error messages depending on whether or not a valid username exists, which allows remote attackers to identify valid usernames. cpe:/a:yahoo:messenger:5.6.0.1351 CVE-2004-0043 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.243-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9383 FULLDISC 20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow XF yahoo-messenger-filename-bo(14171) SECTRACK 1008651 OSVDB 3437 SECUNIA 10573 BUGTRAQ 20040108 Yahoo Instant Messenger Long Filename Downloading Buffer Overflow Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in the download feature. cpe:/a:cisco:personal_assistant:1.4%281%29 cpe:/a:cisco:personal_assistant:1.4%282%29 CVE-2004-0044 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CISCO 20040108 Cisco Personal Assistant User Password Bypass Vulnerability XF ciscopersonalassistant-config-file-access(14172) BID 9384 OSVDB 3430 Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username. cpe:/a:isc:inn:2.4.0 CVE-2004-0045 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.553-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS CERT-VN VU#759020 BID 9382 BUGTRAQ 20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn) BUGTRAQ 20040107 [SECURITY] INN: Buffer overflow in control message handling XF inn-artpost-control-message-bo(14190) SLACKWARE SSA:2004-014-02 SECUNIA 10578 Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code. CVE-2004-0046 2004-02-03T00:00:00.000-05:00 2008-09-05T16:37:21.697-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF snapstream-quotation-xss(14164) BID 9375 OSVDB 3440 SECTRACK 1008646 SECUNIA 10575 BUGTRAQ 20040106 SnapStream PVS LITE Cross Site Scripting Vulnerabillity Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows remote attackers to inject arbitrary web script or HTML via a GET request containing a terminating '"' (double quote) character. cpe:/a:yamamoto_hirotaka:trr19:1.0 CVE-2004-0047 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:21.850-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-430 XF trr19-gain-privileges(14975) BID 9520 SECUNIA 10744 SECTRACK 1008875 OSVDB 3747 SECUNIA 10745 Multiple programs in trr19 1.0 do not properly drop privileges before executing a system command, which could allow local users to gain privileges. cpe:/a:realnetworks:helix_universal_mobile_server:10.1.1.120 cpe:/a:realnetworks:helix_universal_server:9.0.2.881 CVE-2004-0049 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:21.993-04:00 6.8 NETWORK LOW SINGLE_INSTANCE NONE NONE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CONFIRM http://service.real.com/help/faq/security/040112_dos/ BID 9421 CONFIRM http://service.real.com/help/faq/security/security022604.html BUGTRAQ 20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow VULNWATCH 20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port. cpe:/a:verity:ultraseek:5.2.1 CVE-2004-0050 2004-06-14T00:00:00.000-04:00 2008-09-10T15:24:56.117-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF ultraseek-error-path-disclosure(16066) BUGTRAQ 20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue FULLDISC 20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue VULNWATCH 20040505 Corsaire Security Advisory - Verity Ultraseek path disclosure issue Verity Ultraseek before 5.2.2 allows remote attackers to obtain the full pathname of the document root via an MS-DOS device name in the web search option, such as (1) NUL, (2) CON, (3) AUX, (4) COM1, (5) COM2, and others. cpe:/a:paul_l_daniels:ripmime:1.2.2 cpe:/a:f-secure:internet_gatekeeper:6.3 cpe:/a:clearswift:mailsweeper:4.3.10 cpe:/a:clearswift:mailsweeper:4.3.8 cpe:/a:f-secure:internet_gatekeeper:6.31 cpe:/a:f-secure:internet_gatekeeper:6.32 cpe:/a:paul_l_daniels:ripmime:1.2.6 cpe:/a:paul_l_daniels:ripmime:1.3.2.2 cpe:/a:clearswift:mailsweeper:4.3.14 cpe:/a:paul_l_daniels:ripmime:1.2.0 cpe:/a:paul_l_daniels:ripmime:1.2.5 cpe:/a:paul_l_daniels:ripmime:1.2.1 cpe:/a:paul_l_daniels:ripmime:1.2.7 cpe:/a:paul_l_daniels:ripmime:1.2.3 cpe:/a:clearswift:mailsweeper:4.3.11 cpe:/a:paul_l_daniels:ripmime:1.3.2.3 cpe:/a:clearswift:mailsweeper:4.3.15 cpe:/a:clearswift:mailsweeper:4.3.7 cpe:/a:paul_l_daniels:ripmime:1.3.2.0 cpe:/a:clearswift:mailsweeper:4.3.13 cpe:/a:f-secure:internet_gatekeeper:6.4 cpe:/a:paul_l_daniels:ripmime:1.2.4 CVE-2004-0051 2004-10-20T00:00:00.000-04:00 2008-09-10T15:24:56.977-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF mime-contenttransfer-filter-bypass(17337) MISC http://www.uniras.gov.uk/vuls/2004/380375/mime.htm BUGTRAQ 20040914 Corsaire Security Advisory - Multiple vendor MIME Content-Transfer-Encoding mechanism issue Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard but frequently supported Content-Transfer-Encoding values such as (1) uuencode, (2) mac-binhex40, and (3) yenc, which may be interpreted differently by mail clients. cpe:/a:paul_l_daniels:ripmime:1.2.2 cpe:/a:f-secure:internet_gatekeeper:6.3 cpe:/a:clearswift:mailsweeper:4.3.10 cpe:/a:clearswift:mailsweeper:4.3.8 cpe:/a:f-secure:internet_gatekeeper:6.31 cpe:/a:f-secure:internet_gatekeeper:6.32 cpe:/a:paul_l_daniels:ripmime:1.2.6 cpe:/a:paul_l_daniels:ripmime:1.3.2.2 cpe:/a:clearswift:mailsweeper:4.3.14 cpe:/a:paul_l_daniels:ripmime:1.2.0 cpe:/a:paul_l_daniels:ripmime:1.2.5 cpe:/a:paul_l_daniels:ripmime:1.2.1 cpe:/a:paul_l_daniels:ripmime:1.2.7 cpe:/a:paul_l_daniels:ripmime:1.2.3 cpe:/a:clearswift:mailsweeper:4.3.11 cpe:/a:paul_l_daniels:ripmime:1.3.2.3 cpe:/a:clearswift:mailsweeper:4.3.15 cpe:/a:clearswift:mailsweeper:4.3.7 cpe:/a:paul_l_daniels:ripmime:1.3.2.0 cpe:/a:clearswift:mailsweeper:4.3.13 cpe:/a:f-secure:internet_gatekeeper:6.4 cpe:/a:paul_l_daniels:ripmime:1.2.4 CVE-2004-0052 2004-10-20T00:00:00.000-04:00 2008-09-10T15:24:57.133-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF mime-separator-filtering-bypass(17334) MISC http://www.uniras.gov.uk/vuls/2004/380375/mime.htm BUGTRAQ 20040914 Corsaire Security Advisory - Multiple vendor MIME separator issue Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use non-standard separator characters, or use standard separators incorrectly, within MIME headers, fields, parameters, or values, which may be interpreted differently by mail clients. cpe:/a:paul_l_daniels:ripmime:1.2.2 cpe:/a:f-secure:internet_gatekeeper:6.3 cpe:/a:clearswift:mailsweeper:4.3.10 cpe:/a:clearswift:mailsweeper:4.3.8 cpe:/a:f-secure:internet_gatekeeper:6.31 cpe:/a:f-secure:internet_gatekeeper:6.32 cpe:/a:paul_l_daniels:ripmime:1.2.6 cpe:/a:paul_l_daniels:ripmime:1.3.2.2 cpe:/a:clearswift:mailsweeper:4.3.14 cpe:/a:paul_l_daniels:ripmime:1.2.0 cpe:/a:paul_l_daniels:ripmime:1.2.5 cpe:/a:paul_l_daniels:ripmime:1.2.1 cpe:/a:paul_l_daniels:ripmime:1.2.7 cpe:/a:paul_l_daniels:ripmime:1.2.3 cpe:/a:clearswift:mailsweeper:4.3.11 cpe:/a:paul_l_daniels:ripmime:1.3.2.3 cpe:/a:clearswift:mailsweeper:4.3.15 cpe:/a:clearswift:mailsweeper:4.3.7 cpe:/a:paul_l_daniels:ripmime:1.3.2.0 cpe:/a:clearswift:mailsweeper:4.3.13 cpe:/a:f-secure:internet_gatekeeper:6.4 cpe:/a:paul_l_daniels:ripmime:1.2.4 CVE-2004-0053 2004-10-20T00:00:00.000-04:00 2008-09-10T15:24:57.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF mime-rfc2047-filtering-bypass(17331) MISC http://www.uniras.gov.uk/vuls/2004/380375/mime.htm BUGTRAQ 20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2047 encoding issue Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use fields that use RFC2047 encoding, which may be interpreted differently by mail clients. cpe:/o:cisco:ios:12.1t cpe:/o:cisco:ios:12.2 cpe:/o:cisco:ios:12.2s cpe:/o:cisco:ios:11.3t cpe:/o:cisco:ios:12.0s cpe:/o:cisco:ios:12.1e cpe:/o:cisco:ios:12.1 cpe:/o:cisco:ios:12.0 cpe:/o:cisco:ios:12.0t cpe:/o:cisco:ios:12.2t CVE-2004-0054 2004-02-17T00:00:00.000-05:00 2009-03-04T00:21:09.437-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#749342 CERT CA-2004-01 CISCO 20040113 Vulnerabilities in H.323 Message Processing MISC http://www.uniras.gov.uk/vuls/2004/006489/h323.htm SECTRACK 1008685 BID 9406 Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. cpe:/a:lbl:tcpdump:3.7 cpe:/a:lbl:tcpdump:3.6.2 cpe:/a:lbl:tcpdump:3.5.2 cpe:/a:lbl:tcpdump:3.7.1 CVE-2004-0055 2004-02-17T00:00:00.000-05:00 2010-08-21T00:19:29.987-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#955526 BID 7090 REDHAT RHSA-2004:008 MLIST [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1 FEDORA FEDORA-2004-092 FEDORA FEDORA-2004-090 DEBIAN DSA-425 SECUNIA 12179 SECUNIA 11032 SECUNIA 11022 SECUNIA 10718 SECUNIA 10652 SECUNIA 10644 SECUNIA 10639 SECUNIA 10636 TRUSTIX 2004-0004 APPLE APPLE-SA-2004-02-23 SGI 20040103-01-U SCO SCOSA-2004.9 CALDERA CSSA-2004-008.0 SECTRACK 1008735 FEDORA FLSA:1222 MANDRAKE MDKSA-2004:008 MLIST [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1 BUGTRAQ 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) CONECTIVA CLSA-2003:832 SGI 20040202-01-U The print_attr_string function in print-radius.c for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a RADIUS attribute with a large length value. cpe:/h:nortel:802.11_wireless_ip_gateway cpe:/h:nortel:succession_communication_server_1000 cpe:/a:nortel:business_communications_manager CVE-2004-0056 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#749342 CERT CA-2004-01 MISC http://www.uniras.gov.uk/vuls/2004/006489/h323.htm SECTRACK 1008687 BID 9406 Multiple vulnerabilities in the H.323 protocol implementation for Nortel Networks Business Communications Manager (BCM), Succession 1000 IP Trunk and IP Peer Networking, and 802.11 Wireless IP Gateway allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. cpe:/a:lbl:tcpdump:3.8.1 CVE-2004-0057 2004-02-17T00:00:00.000-05:00 2010-08-21T00:19:30.207-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#174086 BID 9423 REDHAT RHSA-2004:007 DEBIAN DSA-425 XF tcpdump-rawprint-isakmp-dos(14837) BUGTRAQ 20040119 [ESA-20040119-002] 'tcpdump' multiple vulnerabilities. REDHAT RHSA-2004:008 MLIST [fedora-announce-list] 20040311 Re: [SECURITY] Fedora Core 1 Update: tcpdump-3.7.2-8.fc1.1 FEDORA FEDORA-2004-092 FEDORA FEDORA-2004-090 SECUNIA 12179 SECUNIA 11032 SECUNIA 11022 SECUNIA 10718 SECUNIA 10668 SECUNIA 10652 SECUNIA 10644 SECUNIA 10639 SECUNIA 10636 MLIST [tcpdump-workers] multiple vulnerabilities in tcpdump 3.8.1 ENGARDE ESA-20040119-002 TRUSTIX 2004-0004 APPLE APPLE-SA-2004-02-23 SGI 20040103-01-U SCO SCOSA-2004.9 CALDERA CSSA-2004-008.0 SECTRACK 1008716 FEDORA FLSA:1222 MANDRAKE MDKSA-2004:008 BUGTRAQ 20040131 [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths) SGI 20040202-01-U The rawprint function in the ISAKMP decoding routines (print-isakmp.c) for tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (segmentation fault) via malformed ISAKMP packets that cause invalid "len" or "loc" values to be used in a loop, a different vulnerability than CVE-2003-0989. cpe:/o:linux:linux_kernel:2.0.9.9 CVE-2004-0058 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.523-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF antivir-tmpfile-insecure(14214) SECTRACK 1008702 OSVDB 3496 SECUNIA 10620 BUGTRAQ 20040113 symlink vul for Antivir / Linux Version 2.0.9-9 (maybe lower) Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local users to overwrite arbitrary files via a symlink attack on the .pid_antivir_$$ temporary file. cpe:/a:lionmax_software:www_file_share_pro:2.42 CVE-2004-0059 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.663-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008779 BUGTRAQ 20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 Directory traversal vulnerability in upload capability of WWW File Share Pro 2.42 and earlier allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in the filename parameter of a Content-Disposition: header. cpe:/a:lionmax_software:www_file_share_pro:2.42 CVE-2004-0060 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.803-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008779 BUGTRAQ 20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 WWW File Share Pro 2.42 and earlier allows remote attackers to cause a denial of service (crash) via a large POST request. cpe:/a:lionmax_software:www_file_share_pro:2.42 CVE-2004-0061 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:23.960-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS SECTRACK 1008779 BUGTRAQ 20040114 Multiple vulnerabilities in WWW Fileshare Pro <= 2.42 WWW File Share Pro 2.42 and earlier allows remote attackers to bypass directory access restrictions via (1) a URL with a trailing . (dot), or (2) a URI with a leading slash or backslash character. cpe:/a:fishnet:fishcart:3.1 CVE-2004-0062 2004-02-17T00:00:00.000-05:00 2008-09-10T15:24:59.557-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040114 FishCart Integer Overflow / Rounding Error SECTRACK 1008731 Integer overflow in the rnd arithmetic rounding function for various versions of FishCart before 3.1 allows remote attackers to "cause negative totals" via an order with a large quantity. cpe:/a:ncipher:payshield_spp_library:1.3.12 cpe:/a:ncipher:payshield_spp_library:1.6.18 cpe:/a:ncipher:payshield_spp_library:1.5.18 CVE-2004-0063 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.290-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://www.ncipher.com/support/advisories/advisory8_payshield.html XF payshield-incorrect-request-verification(14832) BID 9422 OSVDB 3537 BUGTRAQ 20040114 nCipher Advisory #8: payShield library may verify bad requests The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number. cpe:/o:suse:suse_linux:9.0 CVE-2004-0064 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.430-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9411 SECTRACK 1008703 OSVDB 3460 SECUNIA 10623 BUGTRAQ 20040113 SuSE linux 9.0 YaST config Skribt [exploit] The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0065 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.587-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040112 More phpGedView Vulnerabilities BID 11925 BID 11910 Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0066 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:24.727-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040112 More phpGedView Vulnerabilities XF phpgedview-path-disclosure(14215) OSVDB 3464 phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0067 2004-02-17T00:00:00.000-05:00 2011-09-13T00:00:00.000-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040112 More phpGedView Vulnerabilities XF phpgedview-login-xss(36285) XF phpgedview-multiple-xss(14212) VUPEN ADV-2007-2995 BID 11907 BID 11906 BID 11905 BID 11904 BID 11903 BID 11894 BID 11891 BID 11890 BID 11888 BID 11882 BID 11880 BID 11868 BUGTRAQ 20070827 PhpGedView login page multiple XSS OSVDB 3479 OSVDB 3478 OSVDB 3477 OSVDB 3476 OSVDB 3475 OSVDB 3474 OSVDB 3473 SECTRACK 1018613 SECUNIA 26628 Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php, (8) calendar.php, (9) gedrecord.php, (10) login.php, and (11) gdbi_interface.php. NOTE: some aspects of vector 10 were later reported to affect 4.1. cpe:/a:phpdig.net:phpdig:1.6.5 CVE-2004-0068 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.023-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9424 CONFIRM http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393 BUGTRAQ 20040114 PhpDig 1.6.x: remote command execution XF phpdig-config-file-include(14826) PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code. cpe:/a:hd_soft:windows_ftp_server:1.6 CVE-2004-0069 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.180-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9385 BUGTRAQ 20040113 exploit for HD Soft Windows FTP Server 1.6 BUGTRAQ 20040108 Windows FTP Server Format String Vulnerability SECTRACK 1008658 Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. cpe:/a:visualshapers:ezcontents CVE-2004-0070 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.337-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF ezcontents-php-file-include(14199) BID 9396 OSVDB 6878 CONFIRM http://www.ezcontents.org/forum/viewtopic.php?t=361 BUGTRAQ 20040110 Remote Code Execution in ezContents PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code. CVE-2004-0071 2004-02-17T00:00:00.000-05:00 2005-10-20T00:00:00.000-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF manpagelookup-directory-traversal(14203) BID 9395 BUGTRAQ 20040110 PHP Manpage lookup directory transversal / file disclosing SECTRACK 1008689 Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. cpe:/a:accipiter:accipiter_direct_server:6.0 CVE-2004-0072 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.570-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9389 XF accipterdirectserver-directory-traversal(14198) BUGTRAQ 20040109 Directory Traversal in Accipiter Direct Server 6.0 FULLDISC 20040109 Directory Traversal in Accipiter Direct Server 6.0 OSVDB 3433 SECUNIA 10600 Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded \.. (backslash .., "%5c%2e%2e") sequences in an HTTP request. cpe:/a:stoitsov:easydynamicpages:2.0 CVE-2004-0073 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9338 XF easydynamicpages-php-file-include(14136) OSVDB 3408 OSVDB 3318 SECTRACK 1008584 SECUNIA 10535 BUGTRAQ 20040102 include() vuln in EasyDynamicPages v.2.0 PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote web server that contains a malicious serverdata.php script. cpe:/a:michael_bischoff:xsok:1.02 CVE-2004-0074 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:25.867-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9341 XF xsok-lang-bo(14910) XF xsok-long-xsokdir-bo(14906) BID 9352 BUGTRAQ 20040103 xsok local games exploit (2) BUGTRAQ 20040102 xsok local games exploit Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949. cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/o:linux:linux_kernel:2.4.24_ow1 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.4.23_ow2 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.0:test1 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0075 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:26.023-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9690 REDHAT RHSA-2004:065 XF linux-vicam-dos(15246) REDHAT RHSA-2005:293 SUSE SuSE-SA:2004:005 CIAC O-082 MANDRAKE MDKSA-2004:015 CONECTIVA CLA-2004:846 The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service. CVE-2004-0076 2004-08-18T00:00:00.000-04:00 2008-09-10T15:25:02.070-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was removed from consideration by its Candidate Numbering Authority. Notes: none. cpe:/o:trustix:secure_linux:1.5 cpe:/o:linux:linux_kernel:2.6.0:test2 cpe:/o:linux:linux_kernel:2.2.3 cpe:/o:linux:linux_kernel:2.4.0:test3 cpe:/o:linux:linux_kernel:2.4.23:pre9 cpe:/o:linux:linux_kernel:2.2.10 cpe:/o:linux:linux_kernel:2.6.0:test1 cpe:/o:linux:linux_kernel:2.6.0:test11 cpe:/a:redhat:kernel_doc:2.4.20-8::i386 cpe:/o:linux:linux_kernel:2.2.14 cpe:/o:linux:linux_kernel:2.6.0:test6 cpe:/o:trustix:secure_linux:2.0 cpe:/o:linux:linux_kernel:2.2.13 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.2.16 cpe:/o:linux:linux_kernel:2.4.0:test8 cpe:/o:linux:linux_kernel:2.2.7 cpe:/o:linux:linux_kernel:2.4.19:pre3 cpe:/o:linux:linux_kernel:2.2.18 cpe:/o:linux:linux_kernel:2.4.3 cpe:/o:linux:linux_kernel:2.2.2 cpe:/o:linux:linux_kernel:2.4.0:test10 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.2.23 cpe:/a:redhat:kernel_source:2.4.20-8::i386_src cpe:/a:redhat:kernel:2.4.20-8::athlon cpe:/o:linux:linux_kernel:2.4.0:test1 cpe:/o:linux:linux_kernel:2.2.16:pre6 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.0:test12 cpe:/o:linux:linux_kernel:2.4.0:test2 cpe:/o:linux:linux_kernel:2.4.18:pre1 cpe:/a:redhat:kernel:2.4.20-8::athlon_smp cpe:/o:linux:linux_kernel:2.2.17 cpe:/o:linux:linux_kernel:2.4.19:pre4 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.4.0:test4 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.2.1 cpe:/o:linux:linux_kernel:2.6.0:test4 cpe:/o:linux:linux_kernel:2.4.21:pre7 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.2.20 cpe:/o:linux:linux_kernel:2.6.0:test8 cpe:/o:linux:linux_kernel:2.2.0 cpe:/o:linux:linux_kernel:2.4.19:pre5 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.6.0:test10 cpe:/o:linux:linux_kernel:2.2.11 cpe:/o:linux:linux_kernel:2.4.0:test6 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.2.12 cpe:/o:linux:linux_kernel:2.6.0:test9 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.6.0:test5 cpe:/o:linux:linux_kernel:2.4.18:pre5 cpe:/a:redhat:kernel:2.4.20-8::i686_smp cpe:/o:linux:linux_kernel:2.4.0:test7 cpe:/o:linux:linux_kernel:2.4.19:pre6 cpe:/o:linux:linux_kernel:2.4.21:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre3 cpe:/o:linux:linux_kernel:2.6.0:test7 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.19:pre2 cpe:/a:redhat:kernel:2.4.20-8::i686 cpe:/o:linux:linux_kernel:2.2.6 cpe:/o:linux:linux_kernel:2.4.18::x86 cpe:/o:netwosix:netwosix_linux:1.0 cpe:/o:linux:linux_kernel:2.4.0:test9 cpe:/a:redhat:kernel:2.4.20-8::i386 cpe:/o:linux:linux_kernel:2.4.18:pre7 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.0:test11 cpe:/o:linux:linux_kernel:2.6_test9_cvs cpe:/o:linux:linux_kernel:2.2.15:pre16 cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.2.24 cpe:/o:linux:linux_kernel:2.2.9 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.2.15_pre20 cpe:/o:linux:linux_kernel:2.2.22 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.2.15 cpe:/o:linux:linux_kernel:2.4.18:pre4 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.18:pre8 cpe:/o:linux:linux_kernel:2.2.21 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.2.5 cpe:/o:linux:linux_kernel:2.4.18:pre6 cpe:/o:linux:linux_kernel:2.2.8 cpe:/o:linux:linux_kernel:2.4.21:pre4 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.2.19 cpe:/o:linux:linux_kernel:2.4.0:test5 cpe:/o:linux:linux_kernel:2.6.2 cpe:/o:linux:linux_kernel:2.4.19:pre1 cpe:/o:linux:linux_kernel:2.4.18:pre2 cpe:/o:linux:linux_kernel:2.6.0:test3 cpe:/o:linux:linux_kernel:2.2.4 cpe:/o:linux:linux_kernel:2.4.0 cpe:/o:linux:linux_kernel:2.4.15 cpe:/a:redhat:bigmem_kernel:2.4.20-8::i686 CVE-2004-0077 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:26.397-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#981222 BID 9686 DEBIAN DSA-439 GENTOO GLSA-200403-02 XF linux-mremap-gain-privileges(15244) BUGTRAQ 20040218 Second critical mremap() bug found in all Linux kernels MISC http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt SLACKWARE SSA:2004-049 REDHAT RHSA-2004:106 REDHAT RHSA-2004:069 REDHAT RHSA-2004:066 REDHAT RHSA-2004:065 OSVDB 3986 SUSE SuSE-SA:2004:005 DEBIAN DSA-514 DEBIAN DSA-475 DEBIAN DSA-470 DEBIAN DSA-466 DEBIAN DSA-456 DEBIAN DSA-454 DEBIAN DSA-453 DEBIAN DSA-450 DEBIAN DSA-444 DEBIAN DSA-442 DEBIAN DSA-441 DEBIAN DSA-440 DEBIAN DSA-438 CIAC O-082 TRUSTIX 2004-0008 TRUSTIX 2004-0007 MANDRAKE MDKSA-2004:015 FEDORA FEDORA-2004-079 CONECTIVA CLA-2004:820 VULNWATCH 20040218 Second critical mremap() bug found in all Linux kernels The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985. cpe:/a:mutt:mutt:1.3.12 cpe:/a:mutt:mutt:1.2.5 cpe:/a:mutt:mutt:1.3.16 cpe:/a:mutt:mutt:1.3.12.1 cpe:/a:mutt:mutt:1.3.28 cpe:/a:mutt:mutt:1.2.5.12 cpe:/a:mutt:mutt:1.3.27 cpe:/a:mutt:mutt:1.2.5.5 cpe:/a:mutt:mutt:1.3.24 cpe:/a:mutt:mutt:1.3.25 cpe:/a:mutt:mutt:1.3.17 cpe:/a:mutt:mutt:1.2.1 cpe:/a:mutt:mutt:1.2.5.1 cpe:/a:mutt:mutt:1.2.5.4 cpe:/a:mutt:mutt:1.3.22 cpe:/a:mutt:mutt:1.4.0 cpe:/a:mutt:mutt:1.4.1 cpe:/a:mutt:mutt:1.2.5.12_ol CVE-2004-0078 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:02.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 9641 REDHAT RHSA-2004:051 REDHAT RHSA-2004:050 XF mutt-index-menu-bo(15134) CONFIRM http://bugs.debian.org/126336 SLACKWARE SSA:2004-043 OSVDB 3918 MANDRAKE MDKSA-2004:010 BUGTRAQ 20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt) BUGTRAQ 20040215 LNSA-#2004-0001: mutt remote crash BUGTRAQ 20040211 Mutt-1.4.2 fixes buffer overflow. CALDERA CSSA-2004-013.0 Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages. cpe:/a:stonesoft:stonegate:1.7 cpe:/o:freebsd:freebsd:5.1 cpe:/o:cisco:pix_firewall:6.2 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:cisco:webns:7.2_0.0.03 cpe:/o:redhat:enterprise_linux:3.0::workstation_server cpe:/o:cisco:pix_firewall:6.3%283.102%29 cpe:/h:securecomputing:sidewinder:5.2.1.02 cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0 cpe:/a:vmware:gsx_server:2.0.1_build_2129 cpe:/h:securecomputing:sidewinder:5.2.0.04 cpe:/o:cisco:pix_firewall:6.1%282%29 cpe:/a:stonesoft:stonegate:2.0.5 cpe:/a:stonesoft:stonegate_vpn_client:1.7 cpe:/a:stonesoft:servercluster:2.5 cpe:/h:symantec:clientless_vpn_gateway_4400:5.0 cpe:/o:redhat:linux:8.0 cpe:/o:cisco:pix_firewall:6.2%283.100%29 cpe:/o:cisco:pix_firewall:6.1%284%29 cpe:/h:cisco:mds_9000 cpe:/a:cisco:application_and_content_networking_software cpe:/a:novell:edirectory:8.0 cpe:/a:novell:edirectory:8.7 cpe:/a:stonesoft:stonebeat_webcluster:2.0 cpe:/h:securecomputing:sidewinder:5.2.1 cpe:/o:cisco:pix_firewall:6.2%281%29 cpe:/o:freebsd:freebsd:5.2 cpe:/a:vmware:gsx_server:2.5.1 cpe:/h:avaya:sg200:4.4 cpe:/o:freebsd:freebsd:4.9 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1 cpe:/h:hp:aaa_server cpe:/a:cisco:pix_firewall:6.2.2_.111 cpe:/a:stonesoft:stonegate_vpn_client:2.0.7 cpe:/a:rsa:bsafe_ssl-j_sdk:3.0 cpe:/h:cisco:firewall_services_module:1.1.3 cpe:/o:hp:hp-ux:11.00 cpe:/a:novell:imanager:2.0 cpe:/o:cisco:pix_firewall:6.0%283%29 cpe:/a:stonesoft:stonegate:1.5.18 cpe:/h:bluecoat:proxysg cpe:/a:checkpoint:provider-1:4.1:sp1 cpe:/a:neoteris:instant_virtual_extranet:3.0 cpe:/a:4d:webstar:5.2.1 cpe:/a:stonesoft:stonegate:2.0.6 cpe:/h:avaya:sg5:4.4 cpe:/o:hp:hp-ux:8.05 cpe:/a:redhat:openssl:0.9.7a-2::i386_dev cpe:/a:novell:edirectory:8.5.12a cpe:/a:cisco:webns:7.10_.0.06s cpe:/a:openssl:openssl:0.9.6f cpe:/o:freebsd:freebsd:5.1:releng cpe:/a:openssl:openssl:0.9.6c cpe:/o:redhat:linux:7.3 cpe:/a:avaya:intuity_audix:::lx cpe:/o:hp:hp-ux:11.23 cpe:/a:neoteris:instant_virtual_extranet:3.3.1 cpe:/a:openssl:openssl:0.9.7a cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1 cpe:/o:redhat:linux:7.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2 cpe:/a:hp:wbem:a.01.05.08 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3 cpe:/a:stonesoft:servercluster:2.5.2 cpe:/a:avaya:vsu:100_r2.0.1 cpe:/a:hp:wbem:a.02.00.01 cpe:/a:novell:imanager:1.5 cpe:/o:redhat:enterprise_linux_desktop:3.0 cpe:/a:stonesoft:stonegate:1.6.3 cpe:/h:avaya:sg5:4.3 cpe:/o:cisco:ios:12.2%2814%29sy cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1 cpe:/a:avaya:vsu:5 cpe:/a:stonesoft:stonebeat_fullcluster:2.0 cpe:/a:tarantella:tarantella_enterprise:3.20 cpe:/a:checkpoint:vpn-1:next_generation_fp1 cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1 cpe:/h:cisco:firewall_services_module:2.1_%280.208%29 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3 cpe:/a:stonesoft:stonegate:1.7.1 cpe:/a:stonesoft:stonebeat_fullcluster:2.5 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2 cpe:/o:freebsd:freebsd:5.1:release cpe:/a:avaya:vsu:5000_r2.0.1 cpe:/a:stonesoft:stonebeat_fullcluster:3.0 cpe:/o:cisco:pix_firewall:6.3 cpe:/a:stonesoft:stonegate:2.1 cpe:/a:avaya:vsu:2000_r2.0.1 cpe:/o:cisco:ios:12.1%2811b%29e cpe:/h:avaya:sg200:4.31.29 cpe:/h:avaya:s8500:r2.0.1 cpe:/a:cisco:css11000_content_services_switch cpe:/h:securecomputing:sidewinder:5.2.0.02 cpe:/a:checkpoint:firewall-1:next_generation_fp2 cpe:/o:bluecoat:cacheos_ca_sa:4.1.12 cpe:/a:4d:webstar:4.0 cpe:/a:novell:edirectory:8.5 cpe:/o:cisco:pix_firewall:6.1%283%29 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1 cpe:/o:cisco:ios:12.1%2819%29e1 cpe:/a:openssl:openssl:0.9.6d cpe:/a:checkpoint:provider-1:4.1:sp3 cpe:/o:openbsd:openbsd:3.3 cpe:/o:cisco:pix_firewall:6.0%281%29 cpe:/a:novell:edirectory:8.7.1:sp1 cpe:/a:stonesoft:stonegate_vpn_client:2.0 cpe:/h:cisco:firewall_services_module cpe:/a:stonesoft:stonegate_vpn_client:2.0.9 cpe:/a:4d:webstar:5.2.3 cpe:/a:openssl:openssl:0.9.6g cpe:/a:avaya:vsu:7500_r2.0.1 cpe:/a:cisco:webns:6.10_b4 cpe:/a:openssl:openssl:0.9.7c cpe:/a:4d:webstar:5.2.2 cpe:/a:cisco:webns:7.1_0.2.06 cpe:/o:cisco:pix_firewall:6.0%284%29 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/a:cisco:webns:7.1_0.1.02 cpe:/a:openssl:openssl:0.9.6k cpe:/o:hp:hp-ux:11.11 cpe:/a:avaya:intuity_audix:5.1.46 cpe:/o:cisco:pix_firewall:6.0%282%29 cpe:/a:stonesoft:stonegate:2.2.4 cpe:/o:cisco:ios:12.2%2814%29sy1 cpe:/h:hp:apache-based_web_server:2.0.43.04 cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0 cpe:/a:stonesoft:stonegate:2.0.9 cpe:/a:4d:webstar:5.2.4 cpe:/o:sco:openserver:5.0.7 cpe:/a:vmware:gsx_server:2.0 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/o:cisco:pix_firewall:6.2%283%29 cpe:/a:stonesoft:stonegate:2.0.1 cpe:/h:securecomputing:sidewinder:5.2 cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence cpe:/a:avaya:vsu:5x cpe:/a:rsa:bsafe_ssl-j_sdk:3.1 cpe:/a:checkpoint:provider-1:4.1:sp4 cpe:/a:avaya:vsu:10000_r2.0.1 cpe:/a:stonesoft:stonegate:2.2 cpe:/a:cisco:ciscoworks_common_management_foundation:2.1 cpe:/a:stonesoft:stonebeat_securitycluster:2.0 cpe:/o:openbsd:openbsd:3.4 cpe:/o:cisco:pix_firewall:6.1%281%29 cpe:/a:cisco:css_secure_content_accelerator:1.0 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2 cpe:/a:openssl:openssl:0.9.6e cpe:/o:bluecoat:cacheos_ca_sa:4.1.10 cpe:/a:neoteris:instant_virtual_extranet:3.1 cpe:/a:cisco:threat_response cpe:/h:cisco:call_manager cpe:/a:checkpoint:vpn-1:next_generation_fp2 cpe:/a:tarantella:tarantella_enterprise:3.30 cpe:/a:sgi:propack:2.3 cpe:/a:checkpoint:vpn-1:next_generation_fp0 cpe:/a:4d:webstar:5.2 cpe:/a:checkpoint:firewall-1:next_generation_fp1 cpe:/a:cisco:access_registrar cpe:/o:redhat:enterprise_linux:3.0::advanced_server cpe:/h:sun:crypto_accelerator_4000:1.0 cpe:/o:cisco:pix_firewall:6.3%282%29 cpe:/a:stonesoft:stonebeat_webcluster:2.5 cpe:/a:4d:webstar:5.3 cpe:/h:avaya:sg203:4.31.29 cpe:/h:hp:apache-based_web_server:2.0.43.00 cpe:/o:apple:mac_os_x:10.3.3 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1 cpe:/o:cisco:pix_firewall:6.1%285%29 cpe:/h:securecomputing:sidewinder:5.2.0.03 cpe:/h:avaya:s8300:r2.0.0 cpe:/a:hp:wbem:a.02.00.00 cpe:/a:redhat:openssl:0.9.6b-3::i386 cpe:/a:neoteris:instant_virtual_extranet:3.3 cpe:/h:avaya:converged_communications_server:2.0 cpe:/a:stonesoft:stonegate:2.0.7 cpe:/o:cisco:ios:12.1%2811b%29e12 cpe:/a:stonesoft:stonegate:1.6.2 cpe:/a:novell:edirectory:8.6.2 cpe:/o:freebsd:freebsd:4.8 cpe:/o:cisco:pix_firewall:6.3%283.109%29 cpe:/h:avaya:s8700:r2.0.1 cpe:/o:cisco:pix_firewall:6.3%281%29 cpe:/a:cisco:okena_stormwatch:3.2 cpe:/h:cisco:firewall_services_module:1.1_%283.005%29 cpe:/o:freebsd:freebsd:4.8:releng cpe:/o:cisco:ios:12.1%2813%29e9 cpe:/h:avaya:s8700:r2.0.0 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3 cpe:/a:checkpoint:firewall-1:next_generation_fp0 cpe:/h:avaya:s8300:r2.0.1 cpe:/a:stonesoft:stonegate:2.0.8 cpe:/o:freebsd:freebsd:5.2.1:release cpe:/a:sgi:propack:3.0 cpe:/a:stonesoft:stonegate:1.7.2 cpe:/a:avaya:intuity_audix:s3400 cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.7 cpe:/a:avaya:intuity_audix:s3210 cpe:/o:cisco:ios:12.2za cpe:/a:stonesoft:stonegate_vpn_client:2.0.8 cpe:/h:cisco:gss_4480_global_site_selector cpe:/a:cisco:webns:6.10 cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/a:4d:webstar:5.3.1 cpe:/a:redhat:openssl:0.9.7a-2::i386 cpe:/o:cisco:pix_firewall:6.2%282%29 cpe:/a:checkpoint:provider-1:4.1:sp2 cpe:/h:cisco:firewall_services_module:1.1.2 cpe:/a:openssl:openssl:0.9.6i cpe:/h:avaya:sg5:4.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.1 cpe:/h:cisco:gss_4490_global_site_selector cpe:/o:sco:openserver:5.0.6 cpe:/o:cisco:ios:12.1%2811b%29e14 cpe:/h:avaya:sg208 cpe:/o:cisco:pix_firewall:6.1 cpe:/o:cisco:ios:12.1%2811%29e cpe:/a:openssl:openssl:0.9.7b cpe:/a:stonesoft:stonegate:1.5.17 cpe:/a:redhat:openssl:0.9.7a-2::i386_perl cpe:/o:cisco:pix_firewall:6.0%284.101%29 cpe:/h:cisco:secure_content_accelerator:10000 cpe:/a:stonesoft:stonegate:2.2.1 cpe:/o:cisco:pix_firewall:6.0 cpe:/h:cisco:content_services_switch_11500 cpe:/a:stonesoft:stonegate:2.0.4 cpe:/a:tarantella:tarantella_enterprise:3.40 cpe:/h:avaya:sg203:4.4 cpe:/a:sgi:propack:2.4 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1 cpe:/a:vmware:gsx_server:3.0_build_7592 cpe:/a:openssl:openssl:0.9.6j cpe:/h:securecomputing:sidewinder:5.2.0.01 cpe:/a:cisco:ciscoworks_common_services:2.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2 cpe:/a:checkpoint:firewall-1:::vsx-ng-ai cpe:/a:checkpoint:provider-1:4.1 cpe:/a:neoteris:instant_virtual_extranet:3.2 cpe:/a:cisco:css_secure_content_accelerator:2.0 cpe:/a:novell:edirectory:8.7.1 cpe:/a:cisco:webns:7.10 cpe:/a:avaya:vsu:500 cpe:/a:stonesoft:stonegate_vpn_client:1.7.2 cpe:/a:novell:edirectory:8.5.27 cpe:/o:cisco:ios:12.2sy cpe:/a:redhat:openssl:0.9.6-15::i386 cpe:/a:stonesoft:stonebeat_securitycluster:2.5 cpe:/h:avaya:s8500:r2.0.0 cpe:/a:checkpoint:firewall-1:2.0::gx cpe:/a:vmware:gsx_server:2.5.1_build_5336 cpe:/h:avaya:sg208:4.4 cpe:/a:openssl:openssl:0.9.7:beta2 CVE-2004-0079 2004-11-23T00:00:00.000-05:00 2010-08-21T00:19:32.253-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT TA04-078A CERT-VN VU#288574 XF openssl-dochangecipherspec-dos(15505) MISC http://www.uniras.gov.uk/vuls/2004/224012/index.htm TRUSTIX 2004-0012 SLACKWARE SSA:2004-077 BID 9899 REDHAT RHSA-2005:830 REDHAT RHSA-2005:829 REDHAT RHSA-2004:139 REDHAT RHSA-2004:121 REDHAT RHSA-2004:120 FEDORA FEDORA-2005-1042 CONFIRM http://www.openssl.org/news/secadv_20040317.txt SUSE SuSE-SA:2004:007 ENGARDE ESA-20040317-003 DEBIAN DSA-465 CISCO 20040317 Cisco OpenSSL Implementation Vulnerability CIAC O-101 CONFIRM http://support.lexmark.com/index?page=content&id=TE88&locale=EN&userlocale=EN_US CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2005-239.htm SUNALERT 57524 GENTOO GLSA-200403-03 SECUNIA 18247 SECUNIA 17401 SECUNIA 17398 SECUNIA 17381 SECUNIA 11139 HP SSRT4717 BUGTRAQ 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] CONFIRM http://lists.apple.com/mhonarc/security-announce/msg00045.html APPLE APPLE-SA-2005-08-15 APPLE APPLE-SA-2005-08-17 FEDORA FEDORA-2004-095 CONFIRM http://docs.info.apple.com/article.html?artnum=61798 CONECTIVA CLA-2004:834 SCO SCOSA-2004.10 NETBSD NetBSD-SA2004-005 FREEBSD FreeBSD-SA-04:05 MANDRAKE MDKSA-2004:023 The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference. cpe:/a:andries_brouwer:util-linux:2.11 CVE-2004-0080 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:28.070-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#801526 REDHAT RHSA-2004:056 BID 9558 XF utillinux-information-leak(15016) OSVDB 3796 GENTOO GLSA-200404-06 SECUNIA 10773 BUGTRAQ 20040408 LNSA-#2004-0010: login may leak sensitive data BUGTRAQ 20040331 OpenLinux: util-linux could leak sensitive data SGI 20040406-01-U SGI 20040201-01-U The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data. cpe:/a:stonesoft:stonegate:1.7 cpe:/o:freebsd:freebsd:5.1 cpe:/o:cisco:pix_firewall:6.2 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:cisco:webns:7.2_0.0.03 cpe:/o:redhat:enterprise_linux:3.0::workstation_server cpe:/o:cisco:pix_firewall:6.3%283.102%29 cpe:/h:securecomputing:sidewinder:5.2.1.02 cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0 cpe:/a:vmware:gsx_server:2.0.1_build_2129 cpe:/h:securecomputing:sidewinder:5.2.0.04 cpe:/o:cisco:pix_firewall:6.1%282%29 cpe:/a:stonesoft:stonegate:2.0.5 cpe:/a:stonesoft:stonegate_vpn_client:1.7 cpe:/a:stonesoft:servercluster:2.5 cpe:/h:symantec:clientless_vpn_gateway_4400:5.0 cpe:/o:redhat:linux:8.0 cpe:/o:cisco:pix_firewall:6.2%283.100%29 cpe:/o:cisco:pix_firewall:6.1%284%29 cpe:/h:cisco:mds_9000 cpe:/a:cisco:application_and_content_networking_software cpe:/a:novell:edirectory:8.0 cpe:/a:novell:edirectory:8.7 cpe:/a:stonesoft:stonebeat_webcluster:2.0 cpe:/h:securecomputing:sidewinder:5.2.1 cpe:/o:cisco:pix_firewall:6.2%281%29 cpe:/o:freebsd:freebsd:5.2 cpe:/a:vmware:gsx_server:2.5.1 cpe:/h:avaya:sg200:4.4 cpe:/o:freebsd:freebsd:4.9 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1 cpe:/h:hp:aaa_server cpe:/a:cisco:pix_firewall:6.2.2_.111 cpe:/a:stonesoft:stonegate_vpn_client:2.0.7 cpe:/a:rsa:bsafe_ssl-j_sdk:3.0 cpe:/h:cisco:firewall_services_module:1.1.3 cpe:/o:hp:hp-ux:11.00 cpe:/a:novell:imanager:2.0 cpe:/o:cisco:pix_firewall:6.0%283%29 cpe:/a:stonesoft:stonegate:1.5.18 cpe:/h:bluecoat:proxysg cpe:/a:checkpoint:provider-1:4.1:sp1 cpe:/a:neoteris:instant_virtual_extranet:3.0 cpe:/a:4d:webstar:5.2.1 cpe:/a:stonesoft:stonegate:2.0.6 cpe:/h:avaya:sg5:4.4 cpe:/o:hp:hp-ux:8.05 cpe:/a:redhat:openssl:0.9.7a-2::i386_dev cpe:/a:novell:edirectory:8.5.12a cpe:/a:cisco:webns:7.10_.0.06s cpe:/a:openssl:openssl:0.9.6f cpe:/o:freebsd:freebsd:5.1:releng cpe:/a:openssl:openssl:0.9.6c cpe:/o:redhat:linux:7.3 cpe:/a:avaya:intuity_audix:::lx cpe:/o:hp:hp-ux:11.23 cpe:/a:neoteris:instant_virtual_extranet:3.3.1 cpe:/a:openssl:openssl:0.9.7a cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1 cpe:/o:redhat:linux:7.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2 cpe:/a:hp:wbem:a.01.05.08 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3 cpe:/a:stonesoft:servercluster:2.5.2 cpe:/a:avaya:vsu:100_r2.0.1 cpe:/a:hp:wbem:a.02.00.01 cpe:/a:novell:imanager:1.5 cpe:/o:redhat:enterprise_linux_desktop:3.0 cpe:/a:stonesoft:stonegate:1.6.3 cpe:/h:avaya:sg5:4.3 cpe:/o:cisco:ios:12.2%2814%29sy cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1 cpe:/a:avaya:vsu:5 cpe:/a:stonesoft:stonebeat_fullcluster:2.0 cpe:/a:tarantella:tarantella_enterprise:3.20 cpe:/a:checkpoint:vpn-1:next_generation_fp1 cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1 cpe:/h:cisco:firewall_services_module:2.1_%280.208%29 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3 cpe:/a:stonesoft:stonegate:1.7.1 cpe:/a:stonesoft:stonebeat_fullcluster:2.5 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2 cpe:/o:freebsd:freebsd:5.1:release cpe:/a:avaya:vsu:5000_r2.0.1 cpe:/a:stonesoft:stonebeat_fullcluster:3.0 cpe:/o:cisco:pix_firewall:6.3 cpe:/a:stonesoft:stonegate:2.1 cpe:/a:avaya:vsu:2000_r2.0.1 cpe:/o:cisco:ios:12.1%2811b%29e cpe:/h:avaya:sg200:4.31.29 cpe:/h:avaya:s8500:r2.0.1 cpe:/a:cisco:css11000_content_services_switch cpe:/h:securecomputing:sidewinder:5.2.0.02 cpe:/a:checkpoint:firewall-1:next_generation_fp2 cpe:/o:bluecoat:cacheos_ca_sa:4.1.12 cpe:/a:4d:webstar:4.0 cpe:/a:novell:edirectory:8.5 cpe:/o:cisco:pix_firewall:6.1%283%29 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1 cpe:/o:cisco:ios:12.1%2819%29e1 cpe:/a:openssl:openssl:0.9.6d cpe:/a:checkpoint:provider-1:4.1:sp3 cpe:/o:openbsd:openbsd:3.3 cpe:/o:cisco:pix_firewall:6.0%281%29 cpe:/a:novell:edirectory:8.7.1:sp1 cpe:/a:stonesoft:stonegate_vpn_client:2.0 cpe:/h:cisco:firewall_services_module cpe:/a:stonesoft:stonegate_vpn_client:2.0.9 cpe:/a:4d:webstar:5.2.3 cpe:/a:openssl:openssl:0.9.6g cpe:/a:avaya:vsu:7500_r2.0.1 cpe:/a:cisco:webns:6.10_b4 cpe:/a:openssl:openssl:0.9.7c cpe:/a:4d:webstar:5.2.2 cpe:/a:cisco:webns:7.1_0.2.06 cpe:/o:cisco:pix_firewall:6.0%284%29 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/a:cisco:webns:7.1_0.1.02 cpe:/a:openssl:openssl:0.9.6k cpe:/o:hp:hp-ux:11.11 cpe:/a:avaya:intuity_audix:5.1.46 cpe:/o:cisco:pix_firewall:6.0%282%29 cpe:/a:stonesoft:stonegate:2.2.4 cpe:/o:cisco:ios:12.2%2814%29sy1 cpe:/h:hp:apache-based_web_server:2.0.43.04 cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0 cpe:/a:stonesoft:stonegate:2.0.9 cpe:/a:4d:webstar:5.2.4 cpe:/o:sco:openserver:5.0.7 cpe:/a:vmware:gsx_server:2.0 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/o:cisco:pix_firewall:6.2%283%29 cpe:/a:stonesoft:stonegate:2.0.1 cpe:/h:securecomputing:sidewinder:5.2 cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence cpe:/a:avaya:vsu:5x cpe:/a:rsa:bsafe_ssl-j_sdk:3.1 cpe:/a:checkpoint:provider-1:4.1:sp4 cpe:/a:avaya:vsu:10000_r2.0.1 cpe:/a:stonesoft:stonegate:2.2 cpe:/a:cisco:ciscoworks_common_management_foundation:2.1 cpe:/a:stonesoft:stonebeat_securitycluster:2.0 cpe:/o:openbsd:openbsd:3.4 cpe:/o:cisco:pix_firewall:6.1%281%29 cpe:/a:cisco:css_secure_content_accelerator:1.0 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2 cpe:/a:openssl:openssl:0.9.6e cpe:/o:bluecoat:cacheos_ca_sa:4.1.10 cpe:/a:neoteris:instant_virtual_extranet:3.1 cpe:/a:cisco:threat_response cpe:/h:cisco:call_manager cpe:/a:tarantella:tarantella_enterprise:3.30 cpe:/a:sgi:propack:2.3 cpe:/a:checkpoint:vpn-1:next_generation_fp0 cpe:/a:4d:webstar:5.2 cpe:/a:checkpoint:firewall-1:next_generation_fp1 cpe:/a:cisco:access_registrar cpe:/o:redhat:enterprise_linux:3.0::advanced_server cpe:/h:sun:crypto_accelerator_4000:1.0 cpe:/o:cisco:pix_firewall:6.3%282%29 cpe:/a:stonesoft:stonebeat_webcluster:2.5 cpe:/a:4d:webstar:5.3 cpe:/h:avaya:sg203:4.31.29 cpe:/h:hp:apache-based_web_server:2.0.43.00 cpe:/a:checkpoint:vpn-1:next_generation cpe:/o:apple:mac_os_x:10.3.3 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1 cpe:/o:cisco:pix_firewall:6.1%285%29 cpe:/h:securecomputing:sidewinder:5.2.0.03 cpe:/h:avaya:s8300:r2.0.0 cpe:/a:hp:wbem:a.02.00.00 cpe:/a:redhat:openssl:0.9.6b-3::i386 cpe:/a:neoteris:instant_virtual_extranet:3.3 cpe:/h:avaya:converged_communications_server:2.0 cpe:/a:stonesoft:stonegate:2.0.7 cpe:/o:cisco:ios:12.1%2811b%29e12 cpe:/a:stonesoft:stonegate:1.6.2 cpe:/a:novell:edirectory:8.6.2 cpe:/o:freebsd:freebsd:4.8 cpe:/o:cisco:pix_firewall:6.3%283.109%29 cpe:/h:avaya:s8700:r2.0.1 cpe:/o:cisco:pix_firewall:6.3%281%29 cpe:/a:cisco:okena_stormwatch:3.2 cpe:/h:cisco:firewall_services_module:1.1_%283.005%29 cpe:/o:freebsd:freebsd:4.8:releng cpe:/o:cisco:ios:12.1%2813%29e9 cpe:/h:avaya:s8700:r2.0.0 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3 cpe:/a:checkpoint:firewall-1:next_generation_fp0 cpe:/h:avaya:s8300:r2.0.1 cpe:/a:stonesoft:stonegate:2.0.8 cpe:/o:freebsd:freebsd:5.2.1:release cpe:/a:sgi:propack:3.0 cpe:/a:stonesoft:stonegate:1.7.2 cpe:/a:avaya:intuity_audix:s3400 cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.7 cpe:/a:avaya:intuity_audix:s3210 cpe:/o:cisco:ios:12.2za cpe:/a:stonesoft:stonegate_vpn_client:2.0.8 cpe:/h:cisco:gss_4480_global_site_selector cpe:/a:cisco:webns:6.10 cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/a:4d:webstar:5.3.1 cpe:/a:redhat:openssl:0.9.7a-2::i386 cpe:/o:cisco:pix_firewall:6.2%282%29 cpe:/a:checkpoint:provider-1:4.1:sp2 cpe:/h:cisco:firewall_services_module:1.1.2 cpe:/a:openssl:openssl:0.9.6i cpe:/h:avaya:sg5:4.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.1 cpe:/h:cisco:gss_4490_global_site_selector cpe:/o:sco:openserver:5.0.6 cpe:/o:cisco:ios:12.1%2811b%29e14 cpe:/h:avaya:sg208 cpe:/o:cisco:pix_firewall:6.1 cpe:/o:cisco:ios:12.1%2811%29e cpe:/a:openssl:openssl:0.9.7b cpe:/a:stonesoft:stonegate:1.5.17 cpe:/a:redhat:openssl:0.9.7a-2::i386_perl cpe:/o:cisco:pix_firewall:6.0%284.101%29 cpe:/h:cisco:secure_content_accelerator:10000 cpe:/a:stonesoft:stonegate:2.2.1 cpe:/o:cisco:pix_firewall:6.0 cpe:/h:cisco:content_services_switch_11500 cpe:/a:stonesoft:stonegate:2.0.4 cpe:/a:tarantella:tarantella_enterprise:3.40 cpe:/h:avaya:sg203:4.4 cpe:/a:sgi:propack:2.4 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1 cpe:/a:vmware:gsx_server:3.0_build_7592 cpe:/a:openssl:openssl:0.9.6j cpe:/h:securecomputing:sidewinder:5.2.0.01 cpe:/a:cisco:ciscoworks_common_services:2.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2 cpe:/a:checkpoint:firewall-1:::vsx-ng-ai cpe:/a:checkpoint:provider-1:4.1 cpe:/a:neoteris:instant_virtual_extranet:3.2 cpe:/a:cisco:css_secure_content_accelerator:2.0 cpe:/a:novell:edirectory:8.7.1 cpe:/a:cisco:webns:7.10 cpe:/a:avaya:vsu:500 cpe:/a:stonesoft:stonegate_vpn_client:1.7.2 cpe:/a:novell:edirectory:8.5.27 cpe:/o:cisco:ios:12.2sy cpe:/a:redhat:openssl:0.9.6-15::i386 cpe:/a:stonesoft:stonebeat_securitycluster:2.5 cpe:/h:avaya:s8500:r2.0.0 cpe:/a:checkpoint:firewall-1:2.0::gx cpe:/a:vmware:gsx_server:2.5.1_build_5336 cpe:/h:avaya:sg208:4.4 cpe:/a:openssl:openssl:0.9.7:beta2 CVE-2004-0081 2004-11-23T00:00:00.000-05:00 2010-08-21T00:19:32.550-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT TA04-078A CERT-VN VU#465542 XF openssl-tls-dos(15509) MISC http://www.uniras.gov.uk/vuls/2004/224012/index.htm TRUSTIX 2004-0012 BID 9899 REDHAT RHSA-2004:139 REDHAT RHSA-2004:121 REDHAT RHSA-2004:120 ENGARDE ESA-20040317-003 DEBIAN DSA-465 CISCO 20040317 Cisco OpenSSL Implementation Vulnerability SUNALERT 57524 GENTOO GLSA-200403-03 SECUNIA 11139 REDHAT RHSA-2004:119 BUGTRAQ 20040508 [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability BUGTRAQ 20040317 Re: New OpenSSL releases fix denial of service attacks [17 March 2004] FEDORA FEDORA-2004-095 CONECTIVA CLA-2004:834 SGI 20040304-01-U SCO SCOSA-2004.10 OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool. cpe:/a:samba:samba:3.0.1 cpe:/a:samba:samba:3.0.0 cpe:/a:samba:samba:3.0 CVE-2004-0082 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:29.147-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9637 REDHAT RHSA-2004:064 XF samba-mksmbpasswd-gain-access(15132) CONFIRM http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html CONFIRM http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt OSVDB 3919 CIAC O-078 The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password. cpe:/o:openbsd:openbsd:3.4 cpe:/o:openbsd:openbsd:3.3 cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.0 cpe:/a:xfree86_project:x11r6:4.3.0 CVE-2004-0083 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:32.830-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#820006 BID 9636 BUGTRAQ 20040210 iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow XF xfree86-fontalias-bo(15130) CONFIRM http://www.xfree86.org/cvs/changes REDHAT RHSA-2004:061 REDHAT RHSA-2004:060 REDHAT RHSA-2004:059 SUSE SuSE-SA:2004:006 MISC http://www.idefense.com/application/poi/display?id=72 DEBIAN DSA-443 GENTOO GLSA-200402-02 SLACKWARE SSA:2004-043 MANDRAKE MDKSA-2004:012 SUNALERT 57768 FEDORA FLSA:2314 BUGTRAQ 20040211 XFree86 vulnerability exploit CONECTIVA CLA-2004:821 Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106. cpe:/o:openbsd:openbsd:3.4 cpe:/o:openbsd:openbsd:3.3 cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.0 cpe:/a:xfree86_project:x11r6:4.3.0 CVE-2004-0084 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:32.970-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#667502 BID 9652 REDHAT RHSA-2004:061 REDHAT RHSA-2004:060 XF xfree86-copyisolatin1lLowered-bo(15200) SLACKWARE SSA:2004-043 REDHAT RHSA-2004:059 SUSE SuSE-SA:2004:006 MISC http://www.idefense.com/application/poi/display?id=73 DEBIAN DSA-443 FEDORA FLSA:2314 CONECTIVA CLA-2004:821 MANDRAKE MDKSA-2004:012 SUNALERT 57768 BUGTRAQ 20040212 iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias (font.alias) file, a different vulnerability than CVE-2004-0083 and CVE-2004-0106. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.2.8 CVE-2004-0085 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.757-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF macosx-mail-undisclosed(14992) BID 9504 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and 10.2.8 with unknown impact, a different vulnerability than CVE-2004-0086. cpe:/o:apple:mac_os_x:10.3.2 CVE-2004-0086 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.837-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9504 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has unknown impact and attack vectors, a different vulnerability than CVE-2004-0085. cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.2.8 CVE-2004-0087 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.913-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF macosx-configd-file-manipulation(14997) BID 9504 OSVDB 6819 APPLE APPLE-SA-2004-01-26 The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows local users to modify network settings, a different vulnerability than CVE-2004-0088. cpe:/o:apple:mac_os_x:10.2.8 CVE-2004-0088 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:05.977-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9504 OSVDB 6820 APPLE APPLE-SA-2004-01-26 The System Configuration subsystem in Mac OS 10.2.8 allows local users to modify network settings, a different vulnerability than CVE-2004-0087. cpe:/o:apple:mac_os_x:10.3.9 cpe:/o:apple:mac_os_x:10.2.8 CVE-2004-0089 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:06.367-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#902374 BID 9509 XF macosx-trublue-environmentvariable-bo(14968) OSVDB 6821 ATSTAKE A012704-1 APPLE APPLE-SA-2004-01-26 Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x_server:10.1.5 CVE-2004-0090 2004-12-31T00:00:00.000-05:00 2008-09-05T16:37:30.397-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2005-06-15T10:15:00.000-04:00 BID 9504 SECUNIA 10723 AUSCERT ESB-2004.0072 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. cpe:/a:jelsoft:vbulletin:3.0_beta_2 CVE-2004-0091 2004-02-17T00:00:00.000-05:00 2008-09-10T15:25:06.507-04:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 SECTRACK 1008780 VULN-DEV 20040123 RE: vBulletin Security Vulnerability VULN-DEV 20040120 Re: vBulletin Security Vulnerability VULN-DEV 20040120 vBulletin Security Vulnerability BUGTRAQ 20040120 vBulletin Security Vulnerability ** DISPUTED ** NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in register.php for unknown versions of vBulletin allows remote attackers to inject arbitrary HTML or web script via the reg_site (or possibly regsite) parameter. NOTE: the vendor has disputed this issue, saying "There is no hidden field called 'reg_site', nor any $reg_site variable anywhere in the vBulletin 2 or vBulletin 3 source code or templates, nor has it ever existed. We can only assume that this vulnerability was found in a site running code modified from that supplied by Jelsoft." cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.2.8 CVE-2004-0092 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:06.587-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9504 APPLE APPLE-SA-2004-01-26 Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact. cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.0 cpe:/a:xfree86_project:x11r6:4.3.0 CVE-2004-0093 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:30.897-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-443 XF xfree86-glx-array-dos(15272) BID 9701 REDHAT RHSA-2004:152 CONECTIVA CLSA-2004:824 SGI 20040406-01-U XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI). cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.0 cpe:/a:xfree86_project:x11r6:4.3.0 CVE-2004-0094 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:31.070-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-443 XF xfree86-glx-integer-dos(15273) BID 9701 REDHAT RHSA-2004:152 CONECTIVA CLSA-2004:824 SGI 20040406-01-U Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI). cpe:/a:mcafee:epolicy_orchestrator:3.6.0 CVE-2004-0095 2004-02-17T00:00:00.000-05:00 2008-09-05T16:37:31.240-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9476 CONFIRM http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip XF epolicy-contentlength-post-dos(14989) OSVDB 3744 McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow. cpe:/a:apache:mod_python:2.7.9 CVE-2004-0096 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:31.383-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MLIST [mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10 REDHAT RHSA-2004:063 REDHAT RHSA-2004:058 GENTOO GLSA-200401-03 Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973. cpe:/a:openh323_project:pwlib:1.6.0 CVE-2004-0097 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:34.113-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#749342 CERT CA-2004-01 REDHAT RHSA-2004:047 DEBIAN DSA-448 XF pwlib-message-dos(15202) BID 9406 Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. cpe:/o:freebsd:freebsd:5.2.1:release cpe:/o:freebsd:freebsd:5.1:release CVE-2004-0099 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:31.693-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9533 FREEBSD FreeBSD-SA-04:01 XF freebsd-mksnapffs-bypass-security(15005) OSVDB 3790 mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions. cpe:/a:linley_henzell:crawl:4.0.0_b23 CVE-2004-0103 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:31.837-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-432 XF crawl-long-environment-bo(15032) BID 9566 SECUNIA 10788 crawl before 4.0.0 beta23 does not properly "apply a size check" when copying a certain environment variable, which may allow local users to gain privileges, possibly as a result of a buffer overflow. cpe:/a:sgi:propack:2.4 cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/a:metamail_corporation:metamail:2.7 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/a:sgi:propack:2.3 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor CVE-2004-0104 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:07.133-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#518518 BID 9692 REDHAT RHSA-2004:073 XF metamail-printheader-format-string(15259) XF metamail-contenttype-format-string(15245) DEBIAN DSA-449 SECUNIA 10908 VULNWATCH 20040218 metamail format string bugs and buffer overflows SLACKWARE SSA:2004-049 MANDRAKE MDKSA-2004:014 CIAC O-083 BUGTRAQ 20040218 metamail format string bugs and buffer overflows Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. cpe:/a:sgi:propack:2.4 cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/a:metamail_corporation:metamail:2.7 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/a:sgi:propack:2.3 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor CVE-2004-0105 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:07.210-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#513062 REDHAT RHSA-2004:073 XF metamail-splitmail-subject-bo(15258) XF metamail-printheader-nonascii-bo(15247) DEBIAN DSA-449 SECUNIA 10908 VULNWATCH 20040218 metamail format string bugs and buffer overflows SLACKWARE SSA:2004-049 BID 9692 MANDRAKE MDKSA-2004:014 CIAC O-083 BUGTRAQ 20040218 metamail format string bugs and buffer overflows Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code. cpe:/o:openbsd:openbsd:3.4 cpe:/o:openbsd:openbsd:3.3 cpe:/a:xfree86_project:x11r6:4.2.1 cpe:/a:xfree86_project:x11r6:4.2.1::errata cpe:/a:xfree86_project:x11r6:4.2.0 cpe:/a:xfree86_project:x11r6:4.1.12 cpe:/a:xfree86_project:x11r6:4.1.11 cpe:/a:xfree86_project:x11r6:4.1.0 cpe:/a:xfree86_project:x11r6:4.3.0 CVE-2004-0106 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:34.580-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS SLACKWARE SSA:2004-043 REDHAT RHSA-2004:061 REDHAT RHSA-2004:060 XF xfree86-multiple-font-improper-handling(15206) REDHAT RHSA-2004:059 SUSE SuSE-SA:2004:006 DEBIAN DSA-443 MANDRAKE MDKSA-2004:012 FEDORA FLSA:2314 CONECTIVA CLA-2004:821 Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to improper handling of font files, a different set of vulnerabilities than CVE-2004-0083 and CVE-2004-0084. cpe:/a:sysstat:sysstat:4.1.4 cpe:/a:sysstat:sysstat:4.1.5 cpe:/a:sysstat:sysstat:4.1.7 cpe:/a:sysstat:sysstat:4.0.7 cpe:/a:sgi:propack:2.4 cpe:/a:redhat:sysstat:4.0.7-3::i386 cpe:/a:sysstat:sysstat:5.0.1 cpe:/a:sysstat:sysstat:4.1.6 cpe:/a:sgi:propack:2.3 cpe:/a:sysstat:sysstat:4.1.2 cpe:/a:sysstat:sysstat:4.1.1 cpe:/a:sysstat:sysstat:4.1.3 CVE-2004-0107 2004-04-15T00:00:00.000-04:00 2010-08-21T00:19:34.720-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9838 REDHAT RHSA-2004:053 SGI 20040302-01-U XF sysstat-post-trigger-symlink(15428) REDHAT RHSA-2004:093 OSVDB 6884 CIAC O-097 The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108. cpe:/a:sysstat:sysstat:4.1.4 cpe:/a:sysstat:sysstat:4.1.5 cpe:/a:sysstat:sysstat:4.1.7 cpe:/a:sysstat:sysstat:4.0.7 cpe:/a:sgi:propack:2.4 cpe:/a:redhat:sysstat:4.0.7-3::i386 cpe:/a:sysstat:sysstat:5.0.1 cpe:/a:sysstat:sysstat:4.1.6 cpe:/a:sgi:propack:2.3 cpe:/a:sysstat:sysstat:4.1.2 cpe:/a:sysstat:sysstat:4.1.1 cpe:/a:sysstat:sysstat:4.1.3 CVE-2004-0108 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:32.663-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9844 REDHAT RHSA-2004:053 SGI 20040302-01-U XF sysstat-isag-symlink(15437) DEBIAN DSA-460 The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107. cpe:/o:linux:linux_kernel:2.5.0 cpe:/o:linux:linux_kernel:2.6.0 cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0109 2004-06-01T00:00:00.000-04:00 2010-08-21T00:19:34.923-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS ENGARDE ESA-20040428-004 REDHAT RHSA-2004:166 TRUSTIX 2004-0020 SGI 20040405-01-U XF linux-iso9660-bo(15866) TURBO TLSA-2004-14 BID 10141 REDHAT RHSA-2004:183 REDHAT RHSA-2004:106 REDHAT RHSA-2004:105 SUSE SuSE-SA:2004:009 MISC http://www.idefense.com/application/poi/display?id=101&type=vulnerabilities DEBIAN DSA-495 DEBIAN DSA-491 DEBIAN DSA-489 DEBIAN DSA-482 DEBIAN DSA-481 DEBIAN DSA-480 DEBIAN DSA-479 CIAC O-127 CIAC O-121 GENTOO GLSA-200407-02 SECUNIA 12003 SECUNIA 11986 SECUNIA 11891 SECUNIA 11861 SECUNIA 11626 SECUNIA 11518 SECUNIA 11494 SECUNIA 11486 SECUNIA 11470 SECUNIA 11469 SECUNIA 11464 SECUNIA 11373 SECUNIA 11362 SECUNIA 11361 CONECTIVA CLA-2004:846 SGI 20040504-01-U MANDRAKE MDKSA-2004:029 Buffer overflow in the ISO9660 file system component for Linux kernel 2.4.x, 2.5.x and 2.6.x, allows local users with physical access to overflow kernel memory and execute arbitrary code via a malformed CD containing a long symbolic link entry. cpe:/a:xmlsoft:libxml2:2.4.19 cpe:/a:xmlsoft:libxml2:2.5.4 cpe:/a:xmlsoft:libxml2:2.5.11 cpe:/a:sgi:propack:2.4 cpe:/a:xmlsoft:libxml2:2.5.10 cpe:/a:xmlsoft:libxml2:2.6.5 cpe:/a:xmlsoft:libxml:1.8.17 cpe:/a:xmlsoft:libxml2:2.6.2 cpe:/a:xmlsoft:libxml2:2.4.23 cpe:/a:xmlsoft:libxml2:2.6.3 cpe:/a:xmlsoft:libxml2:2.6.0 cpe:/a:sgi:propack:2.3 cpe:/a:xmlsoft:libxml2:2.6.4 cpe:/a:xmlsoft:libxml2:2.6.1 CVE-2004-0110 2004-03-15T00:00:00.000-05:00 2010-08-21T00:19:35.143-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#493966 XF libxml2-nanohttp-bo(15301) BID 9718 REDHAT RHSA-2004:090 BUGTRAQ 20040305 [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml) XF libxml2-nanoftp-bo(15302) REDHAT RHSA-2004:091 DEBIAN DSA-455 CIAC O-086 GENTOO GLSA-200403-01 SECUNIA 10958 CONFIRM http://www.xmlsoft.org/news.html REDHAT RHSA-2004:650 SUSE SUSE-SR:2005:001 BUGTRAQ 20040306 TSLSA-2004-0010 - libxml2 Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL. cpe:/o:redhat:enterprise_linux:3.0::workstation cpe:/o:redhat:enterprise_linux:3.0::advanced_servers cpe:/o:redhat:enterprise_linux:2.1::workstation cpe:/a:gnome:gdkpixbuf:0.18 cpe:/o:redhat:enterprise_linux:2.1::advanced_server cpe:/o:redhat:linux_advanced_workstation:2.1::itanium_processor cpe:/a:redhat:gdk_pixbuf:0.18.0-7::i386_dev cpe:/a:redhat:gdk_pixbuf:0.18.0-7::i386 cpe:/a:gnome:gdkpixbuf:0.20 cpe:/a:redhat:gdk_pixbuf:0.18.0-7::i386_gnome cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/a:sgi:propack:2.4 cpe:/a:sgi:propack:2.3 cpe:/o:redhat:enterprise_linux:2.1::enterprise_server CVE-2004-0111 2004-04-15T00:00:00.000-04:00 2008-09-10T15:25:09.210-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9842 REDHAT RHSA-2004:103 FEDORA FLSA:2005 XF gdk-pixbuf-bitmap-dos(15426) REDHAT RHSA-2004:102 MANDRAKE MDKSA-2004:020 DEBIAN DSA-464 gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file. cpe:/a:stonesoft:stonegate:1.7 cpe:/o:freebsd:freebsd:5.1 cpe:/o:cisco:pix_firewall:6.2 cpe:/a:openssl:openssl:0.9.7:beta1 cpe:/a:cisco:webns:7.2_0.0.03 cpe:/o:redhat:enterprise_linux:3.0::workstation_server cpe:/o:cisco:pix_firewall:6.3%283.102%29 cpe:/h:securecomputing:sidewinder:5.2.1.02 cpe:/a:stonesoft:stonebeat_fullcluster:1_3.0 cpe:/a:vmware:gsx_server:2.0.1_build_2129 cpe:/h:securecomputing:sidewinder:5.2.0.04 cpe:/o:cisco:pix_firewall:6.1%282%29 cpe:/a:stonesoft:stonegate:2.0.5 cpe:/a:stonesoft:servercluster:2.5 cpe:/h:symantec:clientless_vpn_gateway_4400:5.0 cpe:/o:redhat:linux:8.0 cpe:/o:cisco:pix_firewall:6.2%283.100%29 cpe:/o:cisco:pix_firewall:6.1%284%29 cpe:/h:cisco:mds_9000 cpe:/a:cisco:application_and_content_networking_software cpe:/a:novell:edirectory:8.0 cpe:/a:novell:edirectory:8.7 cpe:/a:stonesoft:stonebeat_webcluster:2.0 cpe:/h:securecomputing:sidewinder:5.2.1 cpe:/o:cisco:pix_firewall:6.2%281%29 cpe:/o:freebsd:freebsd:5.2 cpe:/a:vmware:gsx_server:2.5.1 cpe:/h:avaya:sg200:4.4 cpe:/o:freebsd:freebsd:4.9 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3.1 cpe:/h:hp:aaa_server cpe:/a:cisco:pix_firewall:6.2.2_.111 cpe:/a:rsa:bsafe_ssl-j_sdk:3.0 cpe:/h:cisco:firewall_services_module:1.1.3 cpe:/o:hp:hp-ux:11.00 cpe:/a:novell:imanager:2.0 cpe:/o:cisco:pix_firewall:6.0%283%29 cpe:/a:stonesoft:stonegate:1.5.18 cpe:/h:bluecoat:proxysg cpe:/a:checkpoint:provider-1:4.1:sp1 cpe:/a:neoteris:instant_virtual_extranet:3.0 cpe:/a:4d:webstar:5.2.1 cpe:/a:stonesoft:stonegate:2.0.6 cpe:/h:avaya:sg5:4.4 cpe:/o:hp:hp-ux:8.05 cpe:/a:redhat:openssl:0.9.7a-2::i386_dev cpe:/a:novell:edirectory:8.5.12a cpe:/a:cisco:webns:7.10_.0.06s cpe:/a:openssl:openssl:0.9.6f cpe:/o:freebsd:freebsd:5.1:releng cpe:/a:openssl:openssl:0.9.6c cpe:/o:redhat:linux:7.3 cpe:/a:avaya:intuity_audix:::lx cpe:/o:hp:hp-ux:11.23 cpe:/a:neoteris:instant_virtual_extranet:3.3.1 cpe:/a:openssl:openssl:0.9.7a cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.1 cpe:/o:redhat:linux:7.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc2 cpe:/a:hp:wbem:a.01.05.08 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc3 cpe:/a:stonesoft:servercluster:2.5.2 cpe:/a:avaya:vsu:100_r2.0.1 cpe:/a:hp:wbem:a.02.00.01 cpe:/a:novell:imanager:1.5 cpe:/o:redhat:enterprise_linux_desktop:3.0 cpe:/a:stonesoft:stonegate:1.6.3 cpe:/h:avaya:sg5:4.3 cpe:/o:cisco:ios:12.2%2814%29sy cpe:/a:rsa:bsafe_ssl-j_sdk:3.0.1 cpe:/a:avaya:vsu:5 cpe:/a:stonesoft:stonebeat_fullcluster:2.0 cpe:/a:tarantella:tarantella_enterprise:3.20 cpe:/a:checkpoint:vpn-1:next_generation_fp1 cpe:/a:lite:speed_technologies_litespeed_web_server:1.1.1 cpe:/h:cisco:firewall_services_module:2.1_%280.208%29 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.3 cpe:/a:stonesoft:stonegate:1.7.1 cpe:/a:stonesoft:stonebeat_fullcluster:2.5 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.2 cpe:/o:freebsd:freebsd:5.1:release cpe:/a:avaya:vsu:5000_r2.0.1 cpe:/a:stonesoft:stonebeat_fullcluster:3.0 cpe:/o:cisco:pix_firewall:6.3 cpe:/a:stonesoft:stonegate:2.1 cpe:/a:avaya:vsu:2000_r2.0.1 cpe:/o:cisco:ios:12.1%2811b%29e cpe:/h:avaya:sg200:4.31.29 cpe:/h:avaya:s8500:r2.0.1 cpe:/a:cisco:css11000_content_services_switch cpe:/h:securecomputing:sidewinder:5.2.0.02 cpe:/a:checkpoint:firewall-1:next_generation_fp2 cpe:/o:bluecoat:cacheos_ca_sa:4.1.12 cpe:/a:4d:webstar:4.0 cpe:/a:novell:edirectory:8.5 cpe:/o:cisco:pix_firewall:6.1%283%29 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3_rc1 cpe:/o:cisco:ios:12.1%2819%29e1 cpe:/a:openssl:openssl:0.9.6d cpe:/a:checkpoint:provider-1:4.1:sp3 cpe:/o:openbsd:openbsd:3.3 cpe:/o:cisco:pix_firewall:6.0%281%29 cpe:/a:novell:edirectory:8.7.1:sp1 cpe:/h:cisco:firewall_services_module cpe:/a:4d:webstar:5.2.3 cpe:/a:openssl:openssl:0.9.6g cpe:/a:avaya:vsu:7500_r2.0.1 cpe:/a:cisco:webns:6.10_b4 cpe:/a:openssl:openssl:0.9.7c cpe:/a:4d:webstar:5.2.2 cpe:/a:cisco:webns:7.1_0.2.06 cpe:/o:cisco:pix_firewall:6.0%284%29 cpe:/o:apple:mac_os_x_server:10.3.3 cpe:/a:cisco:webns:7.1_0.1.02 cpe:/a:openssl:openssl:0.9.6k cpe:/o:hp:hp-ux:11.11 cpe:/a:avaya:intuity_audix:5.1.46 cpe:/o:cisco:pix_firewall:6.0%282%29 cpe:/a:stonesoft:stonegate:2.2.4 cpe:/o:cisco:ios:12.2%2814%29sy1 cpe:/h:hp:apache-based_web_server:2.0.43.04 cpe:/a:stonesoft:stonebeat_fullcluster:1_2.0 cpe:/a:stonesoft:stonegate:2.0.9 cpe:/a:4d:webstar:5.2.4 cpe:/o:sco:openserver:5.0.7 cpe:/a:vmware:gsx_server:2.0 cpe:/a:openssl:openssl:0.9.7:beta3 cpe:/o:cisco:pix_firewall:6.2%283%29 cpe:/a:stonesoft:stonegate:2.0.1 cpe:/h:securecomputing:sidewinder:5.2 cpe:/a:checkpoint:vpn-1:vsx_ng_with_application_intelligence cpe:/a:avaya:vsu:5x cpe:/a:rsa:bsafe_ssl-j_sdk:3.1 cpe:/a:checkpoint:provider-1:4.1:sp4 cpe:/a:avaya:vsu:10000_r2.0.1 cpe:/a:stonesoft:stonegate:2.2 cpe:/a:cisco:ciscoworks_common_management_foundation:2.1 cpe:/a:stonesoft:stonebeat_securitycluster:2.0 cpe:/o:openbsd:openbsd:3.4 cpe:/o:cisco:pix_firewall:6.1%281%29 cpe:/a:cisco:css_secure_content_accelerator:1.0 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2.2 cpe:/a:openssl:openssl:0.9.6e cpe:/o:bluecoat:cacheos_ca_sa:4.1.10 cpe:/a:neoteris:instant_virtual_extranet:3.1 cpe:/a:cisco:threat_response cpe:/h:cisco:call_manager cpe:/a:checkpoint:vpn-1:next_generation_fp2 cpe:/a:tarantella:tarantella_enterprise:3.30 cpe:/a:sgi:propack:2.3 cpe:/a:checkpoint:vpn-1:next_generation_fp0 cpe:/a:4d:webstar:5.2 cpe:/a:checkpoint:firewall-1:next_generation_fp1 cpe:/a:cisco:access_registrar cpe:/o:redhat:enterprise_linux:3.0::advanced_server cpe:/h:sun:crypto_accelerator_4000:1.0 cpe:/o:cisco:pix_firewall:6.3%282%29 cpe:/a:stonesoft:stonebeat_webcluster:2.5 cpe:/a:4d:webstar:5.3 cpe:/h:avaya:sg203:4.31.29 cpe:/h:hp:apache-based_web_server:2.0.43.00 cpe:/o:apple:mac_os_x:10.3.3 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc1 cpe:/o:cisco:pix_firewall:6.1%285%29 cpe:/h:securecomputing:sidewinder:5.2.0.03 cpe:/h:avaya:s8300:r2.0.0 cpe:/a:hp:wbem:a.02.00.00 cpe:/a:redhat:openssl:0.9.6b-3::i386 cpe:/a:neoteris:instant_virtual_extranet:3.3 cpe:/h:avaya:converged_communications_server:2.0 cpe:/a:stonesoft:stonegate:2.0.7 cpe:/o:cisco:ios:12.1%2811b%29e12 cpe:/a:stonesoft:stonegate:1.6.2 cpe:/a:novell:edirectory:8.6.2 cpe:/o:freebsd:freebsd:4.8 cpe:/o:cisco:pix_firewall:6.3%283.109%29 cpe:/h:avaya:s8700:r2.0.1 cpe:/o:cisco:pix_firewall:6.3%281%29 cpe:/a:cisco:okena_stormwatch:3.2 cpe:/h:cisco:firewall_services_module:1.1_%283.005%29 cpe:/o:freebsd:freebsd:4.8:releng cpe:/o:cisco:ios:12.1%2813%29e9 cpe:/h:avaya:s8700:r2.0.0 cpe:/a:lite:speed_technologies_litespeed_web_server:1.3 cpe:/a:checkpoint:firewall-1:next_generation_fp0 cpe:/h:avaya:s8300:r2.0.1 cpe:/a:stonesoft:stonegate:2.0.8 cpe:/o:freebsd:freebsd:5.2.1:release cpe:/a:sgi:propack:3.0 cpe:/a:stonesoft:stonegate:1.7.2 cpe:/a:avaya:intuity_audix:s3400 cpe:/a:openssl:openssl:0.9.6h cpe:/a:openssl:openssl:0.9.7 cpe:/a:avaya:intuity_audix:s3210 cpe:/o:cisco:ios:12.2za cpe:/h:cisco:gss_4480_global_site_selector cpe:/a:cisco:webns:6.10 cpe:/o:redhat:enterprise_linux:3.0::enterprise_server cpe:/a:4d:webstar:5.3.1 cpe:/a:redhat:openssl:0.9.7a-2::i386 cpe:/o:cisco:pix_firewall:6.2%282%29 cpe:/a:checkpoint:provider-1:4.1:sp2 cpe:/h:cisco:firewall_services_module:1.1.2 cpe:/a:openssl:openssl:0.9.6i cpe:/h:avaya:sg5:4.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.1 cpe:/h:cisco:gss_4490_global_site_selector cpe:/o:sco:openserver:5.0.6 cpe:/o:cisco:ios:12.1%2811b%29e14 cpe:/h:avaya:sg208 cpe:/o:cisco:pix_firewall:6.1 cpe:/o:cisco:ios:12.1%2811%29e cpe:/a:openssl:openssl:0.9.7b cpe:/a:stonesoft:stonegate:1.5.17 cpe:/a:redhat:openssl:0.9.7a-2::i386_perl cpe:/o:cisco:pix_firewall:6.0%284.101%29 cpe:/h:cisco:secure_content_accelerator:10000 cpe:/a:stonesoft:stonegate:2.2.1 cpe:/o:cisco:pix_firewall:6.0 cpe:/h:cisco:content_services_switch_11500 cpe:/a:stonesoft:stonegate:2.0.4 cpe:/a:tarantella:tarantella_enterprise:3.40 cpe:/h:avaya:sg203:4.4 cpe:/a:sgi:propack:2.4 cpe:/a:lite:speed_technologies_litespeed_web_server:1.0.1 cpe:/a:vmware:gsx_server:3.0_build_7592 cpe:/a:openssl:openssl:0.9.6j cpe:/h:securecomputing:sidewinder:5.2.0.01 cpe:/a:cisco:ciscoworks_common_services:2.2 cpe:/a:lite:speed_technologies_litespeed_web_server:1.2_rc2 cpe:/a:checkpoint:firewall-1:::vsx-ng-ai cpe:/a:checkpoint:provider-1:4.1 cpe:/a:neoteris:instant_virtual_extranet:3.2 cpe:/a:cisco:css_secure_content_accelerator:2.0 cpe:/a:novell:edirectory:8.7.1 cpe:/a:cisco:webns:7.10 cpe:/a:avaya:vsu:500 cpe:/a:novell:edirectory:8.5.27 cpe:/o:cisco:ios:12.2sy cpe:/a:redhat:openssl:0.9.6-15::i386 cpe:/a:stonesoft:stonebeat_securitycluster:2.5 cpe:/h:avaya:s8500:r2.0.0 cpe:/a:checkpoint:firewall-1:2.0::gx cpe:/a:vmware:gsx_server:2.5.1_build_5336 cpe:/h:avaya:sg208:4.4 cpe:/a:openssl:openssl:0.9.7:beta2 CVE-2004-0112 2004-11-23T00:00:00.000-05:00 2010-08-21T00:19:35.377-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT TA04-078A CERT-VN VU#484726 XF openssl-kerberos-ciphersuites-dos(15508) MISC http://www.uniras.gov.uk/vuls/2004/224012/index.htm TRUSTIX 2004-0012 SLACKWARE SSA:2004-077 BID 9899 REDHAT RHSA-2004:121 REDHAT RHSA-2004:120 CONFIRM http://www.openssl.org/news/secadv_20040317.txt SUSE SuSE-SA:2004:007 CISCO 20040317 Cisco OpenSSL Implementation Vulnerability CIAC O-101 SUNALERT 57524 GENTOO GLSA-200403-03 SECUNIA 11139 HP SSRT4717 BUGTRAQ 20040317 New OpenSSL releases fix denial of service attacks [17 March 2004] CONFIRM http://lists.apple.com/mhonarc/security-announce/msg00045.html APPLE APPLE-SA-2005-08-15 APPLE APPLE-SA-2005-08-17 CONFIRM http://docs.info.apple.com/article.html?artnum=61798 CONECTIVA CLA-2004:834 SCO SCOSA-2004.10 NETBSD NetBSD-SA2004-005 MANDRAKE MDKSA-2004:023 The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read. cpe:/a:apache:http_server:2.0.47 cpe:/a:apache:http_server:2.0.48 cpe:/a:apache:http_server:2.0.41 cpe:/a:apache:http_server:2.0.36 cpe:/a:apache:http_server:2.0.40 cpe:/a:apache:http_server:2.0.37 cpe:/a:apache:http_server:2.0.42 cpe:/a:apache:http_server:2.0.35 cpe:/a:apache:http_server:2.0.45 cpe:/a:apache:http_server:2.0.43 cpe:/a:apache:http_server:2.0.39 cpe:/a:apache:http_server:2.0.44 cpe:/a:apache:http_server:2.0.46 cpe:/a:apache:http_server:2.0.38 CVE-2004-0113 2004-03-29T00:00:00.000-05:00 2008-09-10T15:25:09.367-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9826 XF apache-modssl-plain-dos(15419) CONFIRM http://www.apacheweek.com/features/security-20 MLIST [apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c TRUSTIX 2004-0017 REDHAT RHSA-2004:182 REDHAT RHSA-2004:084 OSVDB 4182 MANDRAKE MDKSA-2004:043 GENTOO GLSA-200403-04 HP SSRT4717 APPLE APPLE-SA-2004-05-03 BUGTRAQ 20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48 MISC http://issues.apache.org/bugzilla/show_bug.cgi?id=27106 CONECTIVA CLSA-2004:839 Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server. cpe:/o:openbsd:openbsd:2.6 cpe:/o:netbsd:netbsd:1.3 cpe:/o:freebsd:freebsd:5.2 CVE-2004-0114 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:34.490-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF bsd-shmat-gain-privileges(15061) BID 9586 FREEBSD FreeBSD-SA-04:02 MISC http://www.pine.nl/press/pine-cert-20040201.txt BUGTRAQ 20040205 [PINE-CERT-20040201] reference count overflow in shmat() OSVDB 3836 CONFIRM http://www.openbsd.org/errata33.html#sysvshm NETBSD NetBSD-SA2004-004 The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges. cpe:/a:microsoft:virtual_pc:6.1::mac cpe:/a:microsoft:virtual_pc:6.0::mac cpe:/a:microsoft:virtual_pc:6.2::mac CVE-2004-0115 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:34.647-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9632 MS MS04-005 ATSTAKE A021004-1 XF virtual-pc-gain-privileges(15113) OSVDB 3893 CIAC O-076 VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_xp::gold CVE-2004-0116 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:09.570-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#417052 CERT TA04-104A EEYE AD20040413A MS MS04-012 XF win-rpcss-rpcmessage-dos(15708) BID 10127 CIAC O-115 SECTRACK 1009758 SECUNIA 11065 An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. cpe:/o:microsoft:windows_2000 cpe:/a:microsoft:netmeeting:3 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_xp::gold CVE-2004-0117 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:09.647-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#353956 CERT TA04-104A MS MS04-011 XF win-h323-bo(15710) CIAC O-114 Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_nt:4.0 CVE-2004-0118 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:09.710-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT-VN VU#783748 CERT TA04-104A MS MS04-011 EEYE AD20040413E FULLDISC 20040413 EEYE: Windows VDM TIB Local Privilege Escalation XF win-vdm-gain-privileges(15714) BID 10117 CIAC O-114 The component for the Virtual DOS Machine (VDM) subsystem in Windows NT 4.0 and Windows 2000 does not properly validate system structures, which allows local users to access protected kernel memory and execute arbitrary code. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_xp::gold cpe:/a:microsoft:internet_information_server CVE-2004-0119 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:09.790-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#638548 CERT TA04-104A MS MS04-011 VULNWATCH 20040414 NSFOCUS SA2004-01 : DoS Vulnerability in Microsoft Windows SPNEGO Protocol Decoding XF win-spp-bo(15715) BID 10113 CIAC O-114 The Negotiate Security Software Provider (SSP) interface in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service (crash from null dereference) or execute arbitrary code via a crafted SPNEGO NegTokenInit request during authentication protocol selection. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_xp::gold CVE-2004-0120 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:09.867-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#150236 CERT TA04-104A MS MS04-011 XF ssl-message-dos(15712) BID 10115 CIAC O-114 The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. cpe:/a:microsoft:outlook:2002:sp1 cpe:/a:microsoft:office:xp:sp2 cpe:/a:microsoft:office:xp cpe:/a:microsoft:office:xp:sp1 cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:outlook:2002:sp2 CVE-2004-0121 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:35.587-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT TA04-070A CERT-VN VU#305206 BID 9827 MS MS04-009 IDEFENSE 20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability XF outlook-ms04009-patch(15429) XF outlook-mailtourl-execute-code(15414) CIAC O-096 BUGTRAQ 20040310 Outlook mailto: URL argument injection vulnerability Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs. cpe:/a:microsoft:msn_messenger:6.0 cpe:/a:microsoft:msn_messenger:6.1 CVE-2004-0122 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:35.757-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#688094 BID 9828 MS MS04-010 XF msn-ms04010-patch(15427) XF msn-request-view-files(15415) Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_nt:4.0 cpe:/o:microsoft:windows_98se CVE-2004-0123 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:10.070-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#255924 CERT TA04-104A XF win-asn1-double-free(15713) BID 10118 MS MS04-011 CIAC O-114 Double free vulnerability in the ASN.1 library as used in Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service and possibly execute arbitrary code. cpe:/o:microsoft:windows_nt:4.0::terminal_server cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_nt:4.0::workstation cpe:/o:microsoft:windows_nt:4.0::server cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_nt:4.0 CVE-2004-0124 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:10.133-04:00 2.6 NETWORK HIGH NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#212892 CERT TA04-104A XF win-objectidentifier-open-port(15711) BID 10121 MS MS04-012 CIAC O-115 SECUNIA 11065 The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause network communications via an "alter context" call that contains additional data, aka the "Object Identity Vulnerability." cpe:/o:freebsd:freebsd:4.6.2 cpe:/o:freebsd:freebsd:4.3:releng cpe:/o:freebsd:freebsd:4.9:pre-release cpe:/o:freebsd:freebsd:4.6 cpe:/o:freebsd:freebsd:4.6:stable cpe:/o:freebsd:freebsd:4.7:release_p17 cpe:/o:freebsd:freebsd:4.6:release_p20 cpe:/o:freebsd:freebsd:4.7:releng cpe:/o:freebsd:freebsd:4.7 cpe:/o:freebsd:freebsd:4.3:release_p38 cpe:/o:freebsd:freebsd:4.1.1:stable cpe:/o:freebsd:freebsd:4.4:releng cpe:/o:freebsd:freebsd:4.4:release_p42 cpe:/o:freebsd:freebsd:4.2 cpe:/o:freebsd:freebsd:4.1.1:release cpe:/o:freebsd:freebsd:4.7:stable cpe:/o:freebsd:freebsd:4.4 cpe:/o:freebsd:freebsd:4.4:stable cpe:/o:freebsd:freebsd:4.5:releng cpe:/o:freebsd:freebsd:4.9:releng cpe:/o:freebsd:freebsd:4.5:release cpe:/o:freebsd:freebsd:4.8:pre-release cpe:/o:freebsd:freebsd:4.8 cpe:/o:freebsd:freebsd:4.10 cpe:/o:freebsd:freebsd:4.1 cpe:/o:freebsd:freebsd:4.6:releng cpe:/o:freebsd:freebsd:4.6:release cpe:/o:freebsd:freebsd:4.3 cpe:/o:freebsd:freebsd:4.5:stable cpe:/o:freebsd:freebsd:4.8:releng cpe:/o:freebsd:freebsd:4.1.1 cpe:/o:freebsd:freebsd:4.9 cpe:/o:freebsd:freebsd:4.5 cpe:/o:freebsd:freebsd:4.8:release_p6 cpe:/o:freebsd:freebsd:4.0:releng cpe:/o:freebsd:freebsd:4.7:release cpe:/o:freebsd:freebsd:4.3:stable cpe:/o:freebsd:freebsd:4.5:release_p32 cpe:/o:freebsd:freebsd:4.0:alpha cpe:/o:freebsd:freebsd:4.2:stable cpe:/o:freebsd:freebsd:4.0 cpe:/o:freebsd:freebsd:4.3:release CVE-2004-0125 2004-08-06T00:00:00.000-04:00 2008-09-05T16:37:36.227-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 10485 XF freebsd-jailed-table-modify(16342) FREEBSD FreeBSD-SA-04:12 The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verify that an attempt to manipulate routing tables originated from a non-jailed process, which could allow local users to modify the routing table. cpe:/o:freebsd:freebsd:5.1 cpe:/o:freebsd:freebsd:5.2.1:release cpe:/o:freebsd:freebsd:5.1:release cpe:/o:freebsd:freebsd:5.2 CVE-2004-0126 2004-03-29T00:00:00.000-05:00 2008-09-05T16:37:36.477-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9762 FREEBSD FreeBSD-SA-04:03 XF freebsd-jailattach-gain-privileges(15344) OSVDB 4101 The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail. cpe:/a:phpgedview:phpgedview:2.65.1 cpe:/a:phpgedview:phpgedview:2.61.1 cpe:/a:phpgedview:phpgedview:2.61 cpe:/a:phpgedview:phpgedview:2.52.3 cpe:/a:phpgedview:phpgedview:2.60 cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0127 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:36.633-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9529 BUGTRAQ 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior XF phpgedview-editconfig-directory-traversal(15129) SECTRACK 1008892 OSVDB 3768 SECUNIA 10753 Directory traversal vulnerability in editconfig_gedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. (dot dot) sequences in the gedcom_config parameter. cpe:/a:phpgedview:phpgedview:2.65.1 cpe:/a:phpgedview:phpgedview:2.61.1 cpe:/a:phpgedview:phpgedview:2.61 cpe:/a:phpgedview:phpgedview:2.52.3 cpe:/a:phpgedview:phpgedview:2.60 cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0128 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:36.787-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9531 BUGTRAQ 20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior XF phpgedview-gedfilconf-file-include(14987) OSVDB 3769 CONFIRM http://sourceforge.net/project/shownotes.php?release_id=141517 SECUNIA 10753 PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script. cpe:/a:phpmyadmin:phpmyadmin:2.2.4 cpe:/a:phpmyadmin:phpmyadmin:2.2_pre1 cpe:/a:phpmyadmin:phpmyadmin:2.1.1 cpe:/a:phpmyadmin:phpmyadmin:2.5.4 cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc2 cpe:/a:phpmyadmin:phpmyadmin:2.0.2 cpe:/a:phpmyadmin:phpmyadmin:2.5.0 cpe:/a:phpmyadmin:phpmyadmin:2.1 cpe:/a:phpmyadmin:phpmyadmin:2.5.5 cpe:/a:phpmyadmin:phpmyadmin:2.0.1 cpe:/a:phpmyadmin:phpmyadmin:2.2_rc1 cpe:/a:phpmyadmin:phpmyadmin:2.5.5_pl1 cpe:/a:phpmyadmin:phpmyadmin:2.4.0 cpe:/a:phpmyadmin:phpmyadmin:2.0.5 cpe:/a:phpmyadmin:phpmyadmin:2.5.2 cpe:/a:phpmyadmin:phpmyadmin:2.0 cpe:/a:phpmyadmin:phpmyadmin:2.5.5_rc1 cpe:/a:phpmyadmin:phpmyadmin:2.3.2 cpe:/a:phpmyadmin:phpmyadmin:2.2.5 cpe:/a:phpmyadmin:phpmyadmin:2.0.4 cpe:/a:phpmyadmin:phpmyadmin:2.0.3 cpe:/a:phpmyadmin:phpmyadmin:2.5.1 cpe:/a:phpmyadmin:phpmyadmin:2.2_rc3 cpe:/a:phpmyadmin:phpmyadmin:2.2_rc2 cpe:/a:phpmyadmin:phpmyadmin:2.1.2 cpe:/a:phpmyadmin:phpmyadmin:2.3.1 cpe:/a:phpmyadmin:phpmyadmin:2.2.3 cpe:/a:phpmyadmin:phpmyadmin:2.2.2 cpe:/a:phpmyadmin:phpmyadmin:2.2.6 CVE-2004-0129 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:36.960-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9564 BUGTRAQ 20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior CONFIRM http://www.phpmyadmin.net/home_page/relnotes.php?rel=0 CONFIRM http://sourceforge.net/forum/forum.php?forum_id=350228 GENTOO GLSA-200402-05 XF phpmyadmin-dotdot-directory-traversal(15021) OSVDB 3800 SECUNIA 10769 Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter. cpe:/a:phpgedview:phpgedview:2.65 CVE-2004-0130 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:37.177-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 MISC http://www.securiteam.com/unixfocus/5NP0M1PBPQ.html XF phpgedview-loginphp-path-disclosure(15128) OSVDB 6886 MISC http://www.netvigilance.com/advisory0001 SECTRACK 1008844 login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message. cpe:/a:gnu:radius:1.1 CVE-2004-0131 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:12.853-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#277396 XF radius-radprintrequest-dos(15046) BID 9578 CONFIRM http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz OSVDB 3824 IDEFENSE 20040204 GNU Radius Remote Denial of Service Vulnerability SECUNIA 10799 The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote atackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference. cpe:/a:visualshapers:ezcontents:2.0.2 cpe:/a:visualshapers:ezcontents:2.0.1 cpe:/a:visualshapers:ezcontents:1.43 cpe:/a:visualshapers:ezcontents:1.44 cpe:/a:visualshapers:ezcontents:1.40 cpe:/a:visualshapers:ezcontents:2.0_rc2 cpe:/a:visualshapers:ezcontents:2.0_rc1 cpe:/a:visualshapers:ezcontents:1.45b cpe:/a:visualshapers:ezcontents:1.42 cpe:/a:visualshapers:ezcontents:1.41 cpe:/a:visualshapers:ezcontents:2.0_rc3 cpe:/a:visualshapers:ezcontents:1.45 CVE-2004-0132 2004-03-03T00:00:00.000-05:00 2008-09-10T15:25:12.913-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BUGTRAQ 20040210 PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior XF ezcontents-multiple-file-include(15135) Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 and earlier allow remote attackers to execute arbitrary PHP code from a remote web server, as demonstrated using (1) the GLOBALS[rootdp] parameter to db.php, or (2) the GLOBALS[language_home] parameter to archivednews.php, and a malicious version of lang_admin.php. cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0133 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:12.993-04:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ENGARDE ESA-20040428-004 TRUSTIX 2004-0020 SGI 20040405-01-U GENTOO GLSA-200407-02 XF linux-xfs-info-disclosure(15901) BID 10151 MANDRAKE MDKSA-2004:029 SECUNIA 11362 The XFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the XFS file system, which allows local users to obtain sensitive information by reading the raw device. CVE-2004-0134 2004-08-18T00:00:00.000-04:00 2008-09-05T16:37:37.803-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF irix-cpr-gain-privileges(16259) BID 10418 SGI 20040507-01-P cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain privileges by loading a user provided library while restarting the checkpointed process. cpe:/o:sgi:irix:6.5.4m cpe:/o:sgi:irix:6.0 cpe:/o:sgi:irix:4.0.5a cpe:/o:sgi:irix:6.5.16 cpe:/o:sgi:irix:4.0.5_iop cpe:/o:sgi:irix:6.5.5f cpe:/o:sgi:irix:6.5.9f cpe:/o:sgi:irix:6.0.1 cpe:/o:sgi:irix:6.5.23 cpe:/o:sgi:irix:6.3 cpe:/o:sgi:irix:6.5.6f cpe:/o:sgi:irix:4.0.5f cpe:/o:sgi:irix:6.5.3f cpe:/o:sgi:irix:3.3.2 cpe:/o:sgi:irix:6.5.12f cpe:/o:sgi:irix:4.0.4t cpe:/o:sgi:irix:5.0.1 cpe:/o:sgi:irix:4.0.4 cpe:/o:sgi:irix:6.5.5 cpe:/o:sgi:irix:5.1 cpe:/o:sgi:irix:6.5.8f cpe:/o:sgi:irix:3.3.1 cpe:/o:sgi:irix:6.5.20 cpe:/o:sgi:irix:6.5.20f cpe:/o:sgi:irix:6.1 cpe:/o:sgi:irix:6.5.17f cpe:/o:sgi:irix:6.5.21 cpe:/o:sgi:irix:3.3 cpe:/o:sgi:irix:6.5.15f cpe:/o:sgi:irix:6.4 cpe:/o:sgi:irix:6.5.13 cpe:/o:sgi:irix:6.5.24 cpe:/o:sgi:irix:6.5.11 cpe:/o:sgi:irix:6.5.19m cpe:/o:sgi:irix:6.5.9 cpe:/o:sgi:irix:6.5.21f cpe:/o:sgi:irix:6.5.12 cpe:/o:sgi:irix:3.3.3 cpe:/o:sgi:irix:4.0.5h cpe:/o:sgi:irix:6.5.7f cpe:/o:sgi:irix:6.5.11f cpe:/o:sgi:irix:3.2 cpe:/o:sgi:irix:6.5.15m cpe:/o:sgi:irix:6.5.16f cpe:/o:sgi:irix:5.3 cpe:/o:sgi:irix:5.1.1 cpe:/o:sgi:irix:6.5.1 cpe:/o:sgi:irix:6.5.2 cpe:/o:sgi:irix:4.0.1 cpe:/o:sgi:irix:6.5.16m cpe:/o:sgi:irix:6.5.11m cpe:/o:sgi:irix:6.5.10f cpe:/o:sgi:irix:6.5.15 cpe:/o:sgi:irix:6.5.17 cpe:/o:sgi:irix:6.5.14 cpe:/o:sgi:irix:5.2 cpe:/o:sgi:irix:6.5.17m cpe:/o:sgi:irix:6.5.22m cpe:/o:sgi:irix:6.5.3 cpe:/o:sgi:irix:6.0.1::xfs cpe:/o:sgi:irix:6.5.8 cpe:/o:sgi:irix:6.5.6m cpe:/o:sgi:irix:6.5.20m cpe:/o:sgi:irix:6.5.9m cpe:/o:sgi:irix:5.3::xfs cpe:/o:sgi:irix:6.5.12m cpe:/o:sgi:irix:6.5_20 cpe:/o:sgi:irix:6.2 cpe:/o:sgi:irix:4.0.5g cpe:/o:sgi:irix:4.0.1t cpe:/o:sgi:irix:4.0.5b cpe:/o:sgi:irix:6.5.4 cpe:/o:sgi:irix:6.5.10 cpe:/o:sgi:irix:6.5.21m cpe:/o:sgi:irix:6.5.2f cpe:/o:sgi:irix:4.0 cpe:/o:sgi:irix:6.5.10m cpe:/o:sgi:irix:4.0.2 cpe:/o:sgi:irix:6.5.14f cpe:/o:sgi:irix:6.5.18f cpe:/o:sgi:irix:5.0 cpe:/o:sgi:irix:6.5.22 cpe:/o:sgi:irix:6.5.6 cpe:/o:sgi:irix:4.0.5e cpe:/o:sgi:irix:6.5.4f cpe:/o:sgi:irix:6.5.8m cpe:/o:sgi:irix:4.0.4b cpe:/o:sgi:irix:6.5.18m cpe:/o:sgi:irix:6.5.19f cpe:/o:sgi:irix:6.5.18 cpe:/o:sgi:irix:6.5.2m cpe:/o:sgi:irix:6.5.14m cpe:/o:sgi:irix:6.5.13m cpe:/o:sgi:irix:6.5.19 cpe:/o:sgi:irix:6.5.3m cpe:/o:sgi:irix:6.5.13f cpe:/o:sgi:irix:6.5 cpe:/o:sgi:irix:6.5.7 cpe:/o:sgi:irix:4.0.5 cpe:/o:sgi:irix:4.0.3 cpe:/o:sgi:irix:6.5.7m cpe:/o:sgi:irix:6.5.5m cpe:/o:sgi:irix:4.0.5_ipr CVE-2004-0135 2004-08-06T00:00:00.000-04:00 2008-09-10T15:25:13.117-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF irix-sgiioprobe-gain-privileges(16413) SGI 20040601-01-P OSVDB 7122 SECUNIA 11872 The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory. cpe:/o:sgi:irix:6.5.25 cpe:/o:sgi:irix:6.5.23 cpe:/o:sgi:irix:6.5.24 cpe:/o:sgi:irix:6.5.22 cpe:/o:sgi:irix:6.5.20m cpe:/o:sgi:irix:6.5.21m cpe:/o:sgi:irix:6.5.21f cpe:/o:sgi:irix:6.5.20f CVE-2004-0136 2004-08-06T00:00:00.000-04:00 2008-09-10T15:25:13.197-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF irix-mapelf32exec-dos(16416) BID 10547 SGI 20040601-01-P OSVDB 7123 SECUNIA 11872 The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary." cpe:/o:sgi:irix:6.5.25 cpe:/o:sgi:irix:6.5.23 cpe:/o:sgi:irix:6.5.24 cpe:/o:sgi:irix:6.5.22 cpe:/o:sgi:irix:6.5.20m cpe:/o:sgi:irix:6.5.21m cpe:/o:sgi:irix:6.5.21f cpe:/o:sgi:irix:6.5.20f CVE-2004-0137 2004-08-06T00:00:00.000-04:00 2008-09-05T16:37:38.740-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF irix-page-dos(16417) BID 10549 SGI 20040601-01-P OSVDB 7124 SECUNIA 11872 Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues." cpe:/o:linux:linux_kernel:2.4.16 cpe:/o:linux:linux_kernel:2.4.1 cpe:/o:linux:linux_kernel:2.4.23 cpe:/o:linux:linux_kernel:2.4.6 cpe:/o:linux:linux_kernel:2.4.17 cpe:/o:linux:linux_kernel:2.4.14 cpe:/o:linux:linux_kernel:2.4.24 cpe:/o:linux:linux_kernel:2.4.7 cpe:/o:linux:linux_kernel:2.4.10 cpe:/o:linux:linux_kernel:2.4.11 cpe:/o:linux:linux_kernel:2.4.4 cpe:/o:linux:linux_kernel:2.4.13 cpe:/o:linux:linux_kernel:2.4.19 cpe:/o:linux:linux_kernel:2.4.9 cpe:/o:linux:linux_kernel:2.4.18 cpe:/o:linux:linux_kernel:2.4.8 cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.4.5 cpe:/o:linux:linux_kernel:2.4.22 cpe:/o:linux:linux_kernel:2.4.12 cpe:/o:linux:linux_kernel:2.4.21 cpe:/o:linux:linux_kernel:2.4.15 cpe:/o:linux:linux_kernel:2.4.0 cpe:/o:linux:linux_kernel:2.4.2 cpe:/o:linux:linux_kernel:2.4.3 CVE-2004-0138 2004-12-31T00:00:00.000-05:00 2010-08-21T00:19:38.050-04:00 4.9 LOCAL LOW NONE NONE NONE COMPLETE http://nvd.nist.gov 2006-05-31T15:28:00.000-04:00 DEBIAN DSA-1082 DEBIAN DSA-1070 DEBIAN DSA-1069 DEBIAN DSA-1067 SECUNIA 20202 SECUNIA 20163 SECUNIA 20162 CONFIRM http://linux.bkbits.net:8080/linux-2.4/cset@4021346f79nBb-4X_usRikR3Iyb4Vg CONFIRM http://kernel.debian.net/debian/pool/main/kernel-source-2.4.17/kernel-source-2.4.17_2.4.17-1woody4_ia64.changes XF linux-kernel-elfloader-dos(43124) BID 18174 REDHAT RHSA-2004:549 REDHAT RHSA-2004:504 SECUNIA 20338 CONFIRM http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.25 The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to cause a denial of service (crash) via a crafted ELF file with an interpreter with an invalid arch (architecture), which triggers a BUG() when an invalid VMA is unmapped. cpe:/o:sgi:irix:6.5.25 cpe:/o:sgi:irix:6.5.23 cpe:/o:sgi:irix:6.5.24 cpe:/o:sgi:irix:6.5.22 CVE-2004-0139 2005-01-10T00:00:00.000-05:00 2008-09-05T16:37:39.117-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 11276 XF irix-bsda-kernel(17547) SECUNIA 12682 SGI 20040905-01-P Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5.22 through 6.5.25, and possibly earlier versions, in which "t_unbind changes t_bind's behavior," has unknown impact and attack vectors. cpe:/a:nokia:6310i CVE-2004-0143 2004-03-03T00:00:00.000-05:00 2008-09-05T16:37:39.287-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF nokia-obex-dos(15107) BID 9603 MISC http://www.pentest.co.uk/documents/ptl-2004-01.html BUGTRAQ 20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones VULNWATCH 20040209 ptl-2004-01: Multiple vulnerabilities in Nokia phones Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote attackers to cause a denial of service (reset) via malformed Bluetooth OBject EXchange (OBEX) messages, probably triggering buffer overflows. cpe:/a:washington_university:wu-ftpd:2.4.2_vr16 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr15 cpe:/a:washington_university:wu-ftpd:2.4.2_vr17 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr12 cpe:/a:washington_university:wu-ftpd:2.4.2_beta2::academ cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr14 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr9 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr7 cpe:/a:washington_university:wu-ftpd:2.4.1 cpe:/a:washington_university:wu-ftpd:2.5.0 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18::academ cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr10 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr13 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr4 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr5 cpe:/a:sgi:propack:2.4 cpe:/a:washington_university:wu-ftpd:2.6.2 cpe:/a:washington_university:wu-ftpd:2.6.1 cpe:/a:washington_university:wu-ftpd:2.6.0 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr8 cpe:/a:sgi:propack:2.3 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr11 cpe:/a:washington_university:wu-ftpd:2.4.2_beta18_vr6 CVE-2004-0148 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:39.460-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 9832 REDHAT RHSA-2004:096 DEBIAN DSA-457 XF wuftpd-restrictedgid-gain-access(15423) FRSIRT ADV-2006-1867 SUNALERT 102356 SECUNIA 20168 SECUNIA 11055 HP SSRT4704 wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead. cpe:/a:xboing:xboing:2.4 CVE-2004-0149 2004-05-04T00:00:00.000-04:00 2008-09-05T16:37:39.663-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS DEBIAN DSA-451 XF xboing-bo(15347) BID 9764 Multiple buffer overflows in xboing before 2.4 allow local users to gain privileges. cpe:/a:python_software_foundation:python:2.2 cpe:/a:python_software_foundation:python:2.2.1 CVE-2004-0150 2004-04-15T00:00:00.000-04:00 2008-09-10T15:25:16.307-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9836 DEBIAN DSA-458 XF python-getaddrinfo-bo(15409) OSVDB 4172 MANDRAKE MDKSA-2004:019 GENTOO GLSA-200409-03 Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS. cpe:/a:xintercepttalk:xitalk:1.1.11 CVE-2004-0151 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:39.960-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF xitalk-gain-privileges(15456) BID 9851 DEBIAN DSA-462 MISC http://shellcode.org/Advisories/XITALK.txt SECUNIA 11114 Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands. cpe:/a:emil:emil:2.1.0_beta9 cpe:/a:emil:emil:2.0.5 cpe:/a:emil:emil:2.0.4 CVE-2004-0152 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:40.117-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-468 XF emil-email-bo(15601) BUGTRAQ 20040325 Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities Multiple stack-based buffer overflows in (1) the encode_mime function, (2) the encode_uuencode function, (3) or the decode_uuencode function for emil 2.1.0 and earlier allow remote attackers to execute arbitrary code via e-mail messages containing attachments with filenames. cpe:/a:emil:emil:2.1.0_beta9 cpe:/a:emil:emil:2.0.5 cpe:/a:emil:emil:2.0.4 CVE-2004-0153 2004-04-15T00:00:00.000-04:00 2008-09-05T16:37:40.273-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-468 XF emil-format-string(15602) BUGTRAQ 20040325 Re: [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities Multiple format string vulnerabilities in emil 2.1.0 and earlier may allow remote attackers to execute arbitrary code by triggering certain error messages. cpe:/a:nfs:nfs-utils:1.0.3 cpe:/a:nfs:nfs-utils:1.0.6 cpe:/a:nfs:nfs-utils:1.0.1 cpe:/a:nfs:nfs-utils:1.0 cpe:/a:nfs:nfs-utils:1.0.4 CVE-2004-0154 2004-06-14T00:00:00.000-04:00 2010-08-21T00:19:39.017-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF nfs-utils-dns-dos(15418) TRUSTIX 2004-0009 BID 9813 REDHAT RHSA-2004:072 MISC http://bugzilla.redhat.com/bugzilla/long_list.cgi?buglist=114535 rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers to cause a denial of service (crash) via an NFS mount of a directory from a client whose reverse DNS lookup name is different from the forward lookup name. cpe:/a:kame:racoon CVE-2004-0155 2004-06-01T00:00:00.000-04:00 2010-08-21T00:19:39.160-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#552398 REDHAT RHSA-2004:165 APPLE APPLE-SA-2004-05-03 BUGTRAQ 20040407 CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections BID 10072 MANDRAKE MDKSA-2004:069 GENTOO GLSA-200406-17 SECUNIA 11328 SCO SCOSA-2005.10 MANDRAKE MDKSA-2004:027 The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509 certificate. cpe:/a:ssmtp:ssmtp:2.49 CVE-2004-0156 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:17.867-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 DEBIAN DSA-485 GENTOO GLSA-200404-18 XF ssmtp-die-logevent-format-string(15872) BID 10150 OSVDB 5361 OSVDB 5360 SECTRACK 1009788 SECUNIA 11571 SECUNIA 11485 SECUNIA 11384 SECUNIA 11378 BUGTRAQ 20040507 [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp) Format string vulnerabilities in the (1) die or (2) log_event functions for ssmtp before 2.50.6 allow remote mail relays to cause a denial of service and possibly execute arbitrary code. cpe:/a:xonix:xonix:1.4 CVE-2004-0157 2004-06-01T00:00:00.000-04:00 2008-09-05T16:37:40.880-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS DEBIAN DSA-484 XF xonix-privilege-dropping(15873) BID 10149 OSVDB 5358 MISC http://shellcode.org/Advisories/XONIX.txt SECTRACK 1009789 SECUNIA 11382 x11.c in xonix 1.4 and earlier uses the current working directory to find and execute the rmail program, which allows local users to execute arbitrary code by modifying the path to point to a malicious rmail program. cpe:/a:lgames:lbreakout2:2.2.2 cpe:/a:lgames:lbreakout2:2.1.1 cpe:/a:lgames:lbreakout2:2.2.1 cpe:/a:lgames:lbreakout2:2.2 cpe:/a:lgames:lbreakout2:2.1 cpe:/a:lgames:lbreakout2:2.1.2 cpe:/a:lgames:lbreakout2:2.0.1 cpe:/a:lgames:lbreakout2:2.0 CVE-2004-0158 2004-03-29T00:00:00.000-05:00 2008-09-05T16:37:41.053-04:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF breakout2-home-bo(15229) BID 9712 DEBIAN DSA-445 CONFIRM http://security.debian.org/pool/updates/main/l/lbreakout2/lbreakout2_2.2.2-1woody1.diff.gz BUGTRAQ 20040222 lbreakout2 < 2.4beta-2 local exploit Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to (1) editor.c, (2) theme.c, (3) manager.c, (4) config.c, (5) game.c, (6) levels.c, or (7) main.c. cpe:/a:samhain_labs:hsftp:1.7 cpe:/a:samhain_labs:hsftp:1.5 cpe:/a:samhain_labs:hsftp:1.11 cpe:/a:samhain_labs:hsftp:1.4 cpe:/a:samhain_labs:hsftp:1.6 cpe:/a:samhain_labs:hsftp:1.9 cpe:/a:samhain_labs:hsftp:1.10 CVE-2004-0159 2004-03-15T00:00:00.000-05:00 2008-09-10T15:25:19.837-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_USER_ACCESS BID 9715 DEBIAN DSA-447 XF hsftp-format-string(15276) OSVDB 4029 FULLDISC 20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command. cpe:/a:synaesthesia:synaesthesia:2.1.0 cpe:/a:synaesthesia:synaesthesia:2.2 cpe:/a:synaesthesia:synaesthesia:2.1.2 cpe:/a:synaesthesia:synaesthesia:2.1.1 CVE-2004-0160 2004-03-29T00:00:00.000-05:00 2008-09-05T16:37:41.367-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF synaesthesia-configuration-symlink-attack(15279) BID 9713 DEBIAN DSA-446 Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file. cpe:/a:paul_l_daniels:ripmime:1.2.2 cpe:/a:f-secure:internet_gatekeeper:6.3 cpe:/a:clearswift:mailsweeper:4.3.10 cpe:/a:clearswift:mailsweeper:4.3.8 cpe:/a:f-secure:internet_gatekeeper:6.31 cpe:/a:f-secure:internet_gatekeeper:6.32 cpe:/a:paul_l_daniels:ripmime:1.2.6 cpe:/a:paul_l_daniels:ripmime:1.3.2.2 cpe:/a:clearswift:mailsweeper:4.3.14 cpe:/a:paul_l_daniels:ripmime:1.2.0 cpe:/a:paul_l_daniels:ripmime:1.2.5 cpe:/a:paul_l_daniels:ripmime:1.2.1 cpe:/a:paul_l_daniels:ripmime:1.2.7 cpe:/a:paul_l_daniels:ripmime:1.2.3 cpe:/a:clearswift:mailsweeper:4.3.11 cpe:/a:paul_l_daniels:ripmime:1.3.2.3 cpe:/a:clearswift:mailsweeper:4.3.15 cpe:/a:clearswift:mailsweeper:4.3.7 cpe:/a:paul_l_daniels:ripmime:1.3.2.0 cpe:/a:clearswift:mailsweeper:4.3.13 cpe:/a:f-secure:internet_gatekeeper:6.4 cpe:/a:paul_l_daniels:ripmime:1.2.4 CVE-2004-0161 2004-10-20T00:00:00.000-04:00 2008-09-10T15:25:20.320-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF mime-tools-parameter-encoding(9274) MISC http://www.uniras.gov.uk/vuls/2004/380375/mime.htm BUGTRAQ 20040914 Corsaire Security Advisory - Multiple vendor MIME RFC2231 encoding issue Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME messages that use RFC2231 encoding, which may be interpreted differently by mail clients. cpe:/a:paul_l_daniels:ripmime:1.2.2 cpe:/a:f-secure:internet_gatekeeper:6.3 cpe:/a:clearswift:mailsweeper:4.3.10 cpe:/a:clearswift:mailsweeper:4.3.8 cpe:/a:f-secure:internet_gatekeeper:6.31 cpe:/a:f-secure:internet_gatekeeper:6.32 cpe:/a:paul_l_daniels:ripmime:1.2.6 cpe:/a:paul_l_daniels:ripmime:1.3.2.2 cpe:/a:clearswift:mailsweeper:4.3.14 cpe:/a:paul_l_daniels:ripmime:1.2.0 cpe:/a:paul_l_daniels:ripmime:1.2.5 cpe:/a:paul_l_daniels:ripmime:1.2.1 cpe:/a:paul_l_daniels:ripmime:1.2.7 cpe:/a:paul_l_daniels:ripmime:1.2.3 cpe:/a:clearswift:mailsweeper:4.3.11 cpe:/a:paul_l_daniels:ripmime:1.3.2.3 cpe:/a:clearswift:mailsweeper:4.3.15 cpe:/a:clearswift:mailsweeper:4.3.7 cpe:/a:paul_l_daniels:ripmime:1.3.2.0 cpe:/a:clearswift:mailsweeper:4.3.13 cpe:/a:f-secure:internet_gatekeeper:6.4 cpe:/a:paul_l_daniels:ripmime:1.2.4 CVE-2004-0162 2004-10-20T00:00:00.000-04:00 2008-09-10T15:25:20.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF mime-rfc822-filtering-bypass(17332) MISC http://www.uniras.gov.uk/vuls/2004/380375/mime.htm BUGTRAQ 20040914 Corsaire Security Advisory - Multiple vendor MIME RFC822 comment issue Multiple content security gateway and antivirus products allow remote attackers to bypass content restrictions via MIME encapsulation that uses RFC822 comment fields, which may be interpreted as other fields by mail clients. cpe:/a:sygate_technologies:secure_enterprise:3.5mr3 CVE-2004-0163 2004-09-28T00:00:00.000-04:00 2008-09-05T16:37:41.943-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF sse-replay-dos(16945) MISC http://www.corsaire.com/advisories/c031120-002.txt BUGTRAQ 20040810 Corsaire Security Advisory - Sygate Secure Enterprise replay issue Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the key used to encrypt data, which allows remote attackers to cause a denial of service (resource exhaustion) by capturing a session and repeatedly replaying the session. cpe:/a:kame:racoon:all_versions CVE-2004-0164 2004-03-03T00:00:00.000-05:00 2010-08-21T00:19:39.957-04:00 5.0 NETWORK LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BUGTRAQ 20040114 Re: unauthorized deletion of IPsec (and ISAKMP) SAs in racoon XF openbsd-isakmp-initialcontact-delete-sa(14118) XF openbsd-isakmp-invalidspi-delete-sa(14117) BID 9417 APPLE APPLE-SA-2004-02-23 NETBSD NetBSD-SA2004-001 BID 9416 BUGTRAQ 20040113 unauthorized deletion of IPsec (and ISAKMP) SAs in racoon KAME IKE daemon (racoon) does not properly handle hash values, which allows remote attackers to delete certificates via (1) a certain delete message that is not properly handled in isakmp.c or isakmp_inf.c, or (2) a certain INITIAL-CONTACT message that is not properly handled in isakmp_inf.c. cpe:/o:apple:mac_os_x:10.1.5 cpe:/o:apple:mac_os_x:10.3.1 cpe:/o:apple:mac_os_x_server:10.2.1 cpe:/o:apple:mac_os_x:10.2 cpe:/o:apple:mac_os_x_server:10.2.6 cpe:/o:apple:mac_os_x:10.2.7 cpe:/o:apple:mac_os_x:10.1.4 cpe:/o:apple:mac_os_x_server:10.1 cpe:/o:apple:mac_os_x:10.1 cpe:/o:apple:mac_os_x:10.2.5 cpe:/o:apple:mac_os_x_server:10.2 cpe:/o:apple:mac_os_x_server:10.2.4 cpe:/o:apple:mac_os_x_server:10.1.2 cpe:/o:apple:mac_os_x_server:10.2.7 cpe:/o:apple:mac_os_x:10.2.2 cpe:/o:apple:mac_os_x:10.2.4 cpe:/o:apple:mac_os_x:10.2.3 cpe:/o:apple:mac_os_x:10.1.3 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x:10.2.1 cpe:/o:apple:mac_os_x_server:10.2.8 cpe:/o:apple:mac_os_x:10.1.1 cpe:/o:apple:mac_os_x_server:10.3.1 cpe:/o:apple:mac_os_x_server:10.2.5 cpe:/o:apple:mac_os_x:10.2.6 cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x_server:10.3 cpe:/o:apple:mac_os_x_server:10.1.3 cpe:/o:apple:mac_os_x_server:10.2.3 cpe:/o:apple:mac_os_x:10.3 cpe:/o:apple:mac_os_x_server:10.1.1 cpe:/o:apple:mac_os_x_server:10.2.2 cpe:/o:apple:mac_os_x:10.1.2 cpe:/o:apple:mac_os_x_server:10.1.5 cpe:/o:apple:mac_os_x_server:10.1.4 CVE-2004-0165 2004-03-15T00:00:00.000-05:00 2008-09-10T15:25:20.617-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#841742 BID 9730 ATSTAKE A022304-1 XF macos-pppd-format-string(15297) OSVDB 6822 APPLE APPLE-SA-2004-02-23 Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges. cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 CVE-2004-0166 2004-03-15T00:00:00.000-05:00 2011-03-07T21:15:12.703-05:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#194238 XF macosx-safari-unknown(14993) SECUNIA 10959 APPLE APPLE-SA-2004-02-23 Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 related to "the display of URLs in the status bar." cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 CVE-2004-0167 2004-03-15T00:00:00.000-05:00 2011-03-07T21:15:12.797-05:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#578886 XF macos-diskarbitration-unknown(15300) BID 9731 OSVDB 6824 SECUNIA 10959 APPLE APPLE-SA-2004-02-23 DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media. cpe:/o:apple:mac_os_x_server:10.3.2 cpe:/o:apple:mac_os_x:10.3.2 cpe:/o:apple:mac_os_x:10.2.8 cpe:/o:apple:mac_os_x_server:10.2.8 CVE-2004-0168 2004-03-15T00:00:00.000-05:00 2011-03-07T21:15:12.860-05:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF macos-corefoundation-unknown(15299) APPLE APPLE-SA-2004-02-23 SECUNIA 10959 Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related to "notification logging." cpe:/a:apple:darwin_streaming_server:4.1.3 CVE-2004-0169 2004-03-15T00:00:00.000-05:00 2008-09-10T15:25:20.897-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#460350 BID 9735 XF darwin-describe-request-dos(15291) OSVDB 6837 OSVDB 6826 IDEFENSE 20040223 Darwin Streaming Server Remote Denial of Service Vulnerability APPLE APPLE-SA-2004-02-23 QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function. cpe:/o:freebsd:freebsd:5.1 cpe:/o:openbsd:openbsd:3.4 cpe:/o:openbsd:openbsd:3.3 cpe:/o:freebsd:freebsd:4.9 cpe:/o:freebsd:freebsd:4.6.2 cpe:/o:freebsd:freebsd:5.0 cpe:/o:freebsd:freebsd:4.7 cpe:/o:freebsd:freebsd:4.8 cpe:/o:freebsd:freebsd:5.2 CVE-2004-0171 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:43.100-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#395670 BID 9792 IDEFENSE 20040302 FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability XF freebsd-mbuf-dos(15369) OSVDB 4124 APPLE APPLE-SA-2004-05-28 FREEBSD FreeBSD-SA-04:04 FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections. cpe:/a:juan_cespedes:ltrace:0.3.10 CVE-2004-0172 2004-03-15T00:00:00.000-05:00 2008-09-10T15:25:21.430-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF ltrace-searchforcommand-bo(13389) BID 8790 SECTRACK 1007896 FULLDISC 20031008 ltrace bug FULLDISC 20031008 ltrace bug Heap-based buffer overflow in the search_for_command function of ltrace 0.3.10, if it is installed setuid, could allow local users to execute arbitrary code via a long filename. NOTE: It is unclear whether there are any packages that install ltrace as a setuid program, so this candidate might be REJECTed. cpe:/a:apache:http_server:1.2.5 cpe:/a:apache:http_server:1.0 cpe:/a:apache:http_server:1.3 cpe:/a:apache:http_server:1.0.5 cpe:/a:apache:http_server:0.8.11 cpe:/a:apache:http_server:1.1 cpe:/a:apache:http_server:1.1.1 cpe:/a:apache:http_server:1.0.2 cpe:/a:apache:http_server:0.8.14 cpe:/a:apache:http_server:1.2 cpe:/a:apache:http_server:1.0.3 CVE-2004-0173 2004-04-15T00:00:00.000-04:00 2008-09-10T15:25:21.493-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 XF apache-cygwin-directory-traversal(15293) BID 9733 CONFIRM http://www.apacheweek.com/issues/04-03-12 SECUNIA 10962 BUGTRAQ 20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin FULLDISC 20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability CONFIRM http://issues.apache.org/bugzilla/show_bug.cgi?id=26152 Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences. cpe:/a:apache:http_server:2.0.49 CVE-2004-0174 2004-05-04T00:00:00.000-04:00 2008-09-10T15:25:21.570-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#132110 XF apache-socket-starvation-dos(15540) REDHAT RHSA-2004:405 TRUSTIX 2004-0017 BUGTRAQ 20040319 [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd) TRUSTIX 2004-0027 GENTOO GLSA-200405-22 SECUNIA 11170 SLACKWARE SSA:2004-133 SECTRACK 1009495 BID 9921 MANDRAKE MDKSA-2004:046 CONFIRM http://www.apache.org/dist/httpd/CHANGES_1.3 SUNALERT 57628 SUNALERT 101555 HP SSRT4717 BUGTRAQ 20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) APPLE APPLE-SA-2004-05-03 Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listening socket." cpe:/a:openbsd:openssh:3.3 cpe:/a:openbsd:openssh:3.0p1 cpe:/a:openbsd:openssh:3.1p1 cpe:/a:openbsd:openssh:3.0.2 cpe:/a:openbsd:openssh:3.0.1 cpe:/a:openbsd:openssh:3.0 cpe:/a:openbsd:openssh:3.1 cpe:/a:openbsd:openssh:3.4 cpe:/a:openbsd:openssh:3.2.2p1 cpe:/a:openbsd:openssh:3.2.3p1 cpe:/a:openbsd:openssh:3.2 cpe:/a:openbsd:openssh:3.3p1 cpe:/a:openbsd:openssh:3.0.2p1 cpe:/a:openbsd:openssh:3.4p1 cpe:/a:openbsd:openssh:3.0.1p1 CVE-2004-0175 2004-08-18T00:00:00.000-04:00 2011-03-07T21:15:13.330-05:00 4.3 NETWORK MEDIUM NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 9986 CONFIRM https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120147 XF openssh-scp-file-overwrite(16323) REDHAT RHSA-2005:567 REDHAT RHSA-2005:562 REDHAT RHSA-2005:495 REDHAT RHSA-2005:481 REDHAT RHSA-2005:165 REDHAT RHSA-2005:106 REDHAT RHSA-2005:074 OSVDB 9550 SUSE SuSE-SA:2004:009 MANDRIVA MDVSA-2008:191 MANDRIVA MDKSA-2005:100 CONFIRM http://www.juniper.net/support/security/alerts/adv59739.txt CIAC O-212 SECUNIA 19243 SECUNIA 17135 CONECTIVA CLSA-2004:831 SCO SCOSA-2006.11 Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992. cpe:/a:ethereal_group:ethereal:0.9.8 cpe:/a:ethereal_group:ethereal:0.9.7 cpe:/a:ethereal_group:ethereal:0.9 cpe:/a:ethereal_group:ethereal:0.9.11 cpe:/a:ethereal_group:ethereal:0.9.16 cpe:/a:ethereal_group:ethereal:0.9.2 cpe:/a:ethereal_group:ethereal:0.9.9 cpe:/a:ethereal_group:ethereal:0.9.14 cpe:/a:ethereal_group:ethereal:0.9.4 cpe:/a:ethereal_group:ethereal:0.9.10 cpe:/a:ethereal_group:ethereal:0.9.5 cpe:/a:ethereal_group:ethereal:0.8.14 cpe:/a:ethereal_group:ethereal:0.9.13 cpe:/a:ethereal_group:ethereal:0.10.1 cpe:/a:ethereal_group:ethereal:0.10.2 cpe:/a:ethereal_group:ethereal:0.8.18 cpe:/a:ethereal_group:ethereal:0.9.12 cpe:/a:ethereal_group:ethereal:0.8.13 cpe:/a:ethereal_group:ethereal:0.9.15 cpe:/a:ethereal_group:ethereal:0.9.3 cpe:/a:ethereal_group:ethereal:0.9.1 cpe:/a:ethereal_group:ethereal:0.8.19 cpe:/a:ethereal_group:ethereal:0.9.6 cpe:/a:ethereal_group:ethereal:0.10 CVE-2004-0176 2004-05-04T00:00:00.000-04:00 2010-08-21T00:19:41.207-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#931588 CERT-VN VU#864884 CERT-VN VU#740188 CERT-VN VU#659140 CERT-VN VU#644886 CERT-VN VU#591820 CERT-VN VU#433596 CERT-VN VU#125156 CERT-VN VU#119876 DEBIAN DSA-511 BUGTRAQ 20040329 LNSA-#2004-0007: Multiple security problems in Ethereal XF ethereal-multiple-dissectors-bo(15569) REDHAT RHSA-2004:137 REDHAT RHSA-2004:136 CONFIRM http://www.ethereal.com/appnotes/enpa-sa-00013.html GENTOO GLSA-200403-07 MISC http://security.e-matters.de/advisories/032004.html SECUNIA 11185 BUGTRAQ 20040323 Advisory 03/2004: Multiple (13) Ethereal remote overflows OSVDB 6893 MANDRAKE MDKSA-2004:024 BUGTRAQ 20040416 [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal) CONECTIVA CLA-2004:835 Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) NetFlow, (2) IGAP, (3) EIGRP, (4) PGM, (5) IrDA, (6) BGP, (7) ISUP, or (8) TCAP dissectors. cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0177 2004-06-01T00:00:00.000-04:00 2010-08-21T00:19:41.347-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ENGARDE ESA-20040428-004 DEBIAN DSA-495 REDHAT RHSA-2004:166 TRUSTIX 2004-0020 FEDORA FLSA:2336 DEBIAN DSA-491 DEBIAN DSA-489 DEBIAN DSA-482 DEBIAN DSA-481 DEBIAN DSA-480 DEBIAN DSA-479 GENTOO GLSA-200407-02 MISC http://linux.bkbits.net:8080/linux-2.4/cset@4056b368s6vpJbGWxDD_LhQNYQrdzQ XF linux-ext3-info-disclosure(15867) BID 10152 REDHAT RHSA-2005:293 REDHAT RHSA-2004:505 REDHAT RHSA-2004:504 MANDRAKE MDKSA-2004:029 CIAC O-127 CIAC O-126 CIAC O-121 CONECTIVA CLA-2004:846 The ext3 code in Linux 2.4.x before 2.4.26 does not properly initialize journal descriptor blocks, which causes an information leak in which in-memory data is written to the device for the ext3 file system, which allows privileged users to obtain portions of kernel memory by reading the raw device. cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0178 2004-06-01T00:00:00.000-04:00 2010-08-21T00:19:41.470-04:00 2.1 LOCAL LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 DEBIAN DSA-495 DEBIAN DSA-491 DEBIAN DSA-489 DEBIAN DSA-482 REDHAT RHSA-2004:437 REDHAT RHSA-2004:413 DEBIAN DSA-481 DEBIAN DSA-480 DEBIAN DSA-479 GENTOO GLSA-200407-02 MISC http://linux.bkbits.net:8080/linux-2.4/cset@404ce5967rY2Ryu6Z_uNbYh643wuFA SGI 20040804-01-U XF linux-sound-blaster-dos(15868) BID 9985 MANDRAKE MDKSA-2004:029 CIAC O-193 CIAC O-127 CIAC O-121 CONECTIVA CLA-2004:846 The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before 2.4.26, when operating in 16 bit mode, does not properly handle certain sample sizes, which allows local users to cause a denial of service (crash) via a sample with an odd number of bytes. cpe:/a:cadaver:cadaver_webdav_client:0.20.2 cpe:/a:neon:neon_client_library:0.24.4 cpe:/a:cadaver:cadaver_webdav_client:0.20.4 cpe:/a:neon:neon_client_library:0.23.5 cpe:/a:cadaver:cadaver_webdav_client:0.20.0 cpe:/a:cadaver:cadaver_webdav_client:0.22.1 cpe:/a:neon:neon_client_library:0.23.2 cpe:/a:subversion:subversion cpe:/a:neon:neon_client_library:0.23.1 cpe:/a:neon:neon_client_library:0.23.3 cpe:/a:neon:neon_client_library:0.23.6 cpe:/a:neon:neon_client_library:0.24 cpe:/a:neon:neon_client_library:0.24.3 cpe:/a:neon:neon_client_library:0.24.1 cpe:/a:cadaver:cadaver_webdav_client:0.22.0 cpe:/a:neon:neon_client_library:0.23 cpe:/a:cadaver:cadaver_webdav_client:0.20.1 cpe:/a:openoffice:openoffice:1.1.2 cpe:/a:neon:neon_client_library:0.23.8 cpe:/a:cadaver:cadaver_webdav_client:0.21.0 cpe:/a:neon:neon_client_library:0.19.3 cpe:/a:neon:neon_client_library:0.24.2 cpe:/a:neon:neon_client_library:0.23.4 cpe:/a:cadaver:cadaver_webdav_client:0.20.5 cpe:/a:cadaver:cadaver_webdav_client:0.20.3 cpe:/a:neon:neon_client_library:0.23.7 CVE-2004-0179 2004-06-01T00:00:00.000-04:00 2010-08-21T00:19:41.817-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS FEDORA FEDORA-2004-1552 REDHAT RHSA-2004:160 REDHAT RHSA-2004:159 REDHAT RHSA-2004:158 REDHAT RHSA-2004:157 DEBIAN DSA-487 GENTOO GLSA-200405-04 GENTOO GLSA-200405-01 SECUNIA 11363 SUSE SuSE-SA:2004:008 SUSE SuSE-SA:2004:009 SGI 20040404-01-U BID 10136 OSVDB 5365 MANDRAKE MDKSA-2004:032 BUGTRAQ 20040416 void.at - neon format string bugs BUGTRAQ 20040416 [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon) Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. cpe:/a:cvs:cvs:1.10 CVE-2004-0180 2004-06-01T00:00:00.000-04:00 2010-08-21T00:19:41.940-04:00 2.6 NETWORK HIGH NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 REDHAT RHSA-2004:154 REDHAT RHSA-2004:153 DEBIAN DSA-486 FREEBSD FreeBSD-SA-04:07 SGI 20040404-01-U CONFIRM ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/002_cvs.patch XF cvs-rcs-create-files(15864) SLACKWARE SSA:2004-108-02 MANDRAKE MDKSA-2004:028 GENTOO GLSA-200404-13 SECUNIA 11548 SECUNIA 11405 SECUNIA 11400 SECUNIA 11391 SECUNIA 11380 SECUNIA 11377 SECUNIA 11375 SECUNIA 11374 SECUNIA 11371 SECUNIA 11368 FEDORA FEDORA-2004-1620 The client for CVS before 1.11 allows a remote malicious CVS server to create arbitrary files using certain RCS diff files that use absolute pathnames during checkouts or updates, a different vulnerability than CVE-2004-0405. cpe:/o:linux:linux_kernel:2.4.0 CVE-2004-0181 2004-06-01T00:00:00.000-04:00 2011-03-07T21:15:13.767-05:00 2.1 LOCAL LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ENGARDE ESA-20040428-004 TRUSTIX 2004-0020 VUPEN ADV-2005-1878 GENTOO GLSA-200407-02 XF linux-jfs-info-disclosure(15902) TURBO TLSA-2004-14 BID 10143 REDHAT RHSA-2005:663 REDHAT RHSA-2004:504 MANDRAKE MDKSA-2004:029 SECUNIA 17002 The JFS file system code in Linux 2.4.x has an information leak in which in-memory data is written to the device for the JFS file system, which allows local users to obtain sensitive information by reading the raw device. cpe:/a:gnu:mailman:2.0.12 CVE-2004-0182 2004-06-01T00:00:00.000-04:00 2008-09-05T16:37:44.927-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 REDHAT RHSA-2004:156 SGI 20040404-01-U Mailman before 2.0.13 allows remote attackers to cause a denial of service (crash) via an email message with an empty subject field. cpe:/a:lbl:tcpdump:3.8.1 CVE-2004-0183 2004-05-04T00:00:00.000-04:00 2010-08-21T00:19:42.393-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#240790 DEBIAN DSA-478 FEDORA FEDORA-2004-1468 XF tcpdump-isakmp-delete-bo(15680) CONFIRM http://www.tcpdump.org/tcpdump-changes.txt BID 10003 REDHAT RHSA-2004:219 MISC http://www.rapid7.com/advisories/R7-0017.html SECTRACK 1009593 SECUNIA 11258 TRUSTIX 2004-0015 SECUNIA 11320 BUGTRAQ 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. cpe:/a:lbl:tcpdump:3.8.1 CVE-2004-0184 2004-05-04T00:00:00.000-04:00 2010-08-21T00:19:42.533-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#492558 DEBIAN DSA-478 FEDORA FEDORA-2004-1468 XF tcpdump-isakmp-integer-underflow(15679) CONFIRM http://www.tcpdump.org/tcpdump-changes.txt BID 10004 REDHAT RHSA-2004:219 MISC http://www.rapid7.com/advisories/R7-0017.html SECTRACK 1009593 SECUNIA 11258 BUGTRAQ 20040330 R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities TRUSTIX 2004-0015 Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite. cpe:/a:washington_university:wu-ftpd:2.6.2 CVE-2004-0185 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:45.380-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS MISC http://www.securiteam.com/unixfocus/6X00Q1P8KC.html REDHAT RHSA-2004:096 DEBIAN DSA-457 CONFIRM ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch XF wuftpd-skey-bo(13518) MISC http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt BID 8893 Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name. cpe:/o:linux:linux_kernel:2.6_test9_cvs cpe:/o:linux:linux_kernel:2.6.0:test2 cpe:/o:linux:linux_kernel:2.6.1:rc1 cpe:/o:linux:linux_kernel:2.6.1:rc2 cpe:/o:linux:linux_kernel:2.6.0:test7 cpe:/o:linux:linux_kernel:2.6.0:test6 cpe:/o:linux:linux_kernel:2.6.0:test4 cpe:/o:linux:linux_kernel:2.6.0 cpe:/a:samba:samba:2.0 cpe:/o:linux:linux_kernel:2.6.0:test9 cpe:/o:linux:linux_kernel:2.6.0:test5 cpe:/o:linux:linux_kernel:2.6.0:test8 cpe:/o:linux:linux_kernel:2.6.0:test3 cpe:/o:linux:linux_kernel:2.6.0:test10 cpe:/o:linux:linux_kernel:2.6.0:test1 cpe:/a:samba:samba:3.0.0 cpe:/o:linux:linux_kernel:2.6.0:test11 CVE-2004-0186 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:45.523-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS XF samba-smbmnt-gain-privileges(15131) BID 9619 DEBIAN DSA-463 BUGTRAQ 20040209 Samba 3.x + kernel 2.6.x local root vulnerability OSVDB 3916 BUGTRAQ 20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted. CVE-2004-0187 2004-03-15T00:00:00.000-05:00 2008-09-10T15:25:27.837-04:00 ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0185. Reason: This candidate is a reservation duplicate of CVE-2004-0185. Notes: All CVE users should reference CVE-2004-0185 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. cpe:/a:calife:calife:2.8.4_c cpe:/a:calife:calife:2.8.5 CVE-2004-0188 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:45.820-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS BID 9756 DEBIAN DSA-461 XF calife-long-password-bo(15335) BUGTRAQ 20040227 Calife heap corrupt / potential local root exploit BID 9776 Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password. cpe:/a:squid:squid:2.1_patch2 cpe:/a:squid:squid:2.5_stable3 cpe:/a:squid:squid:2.4_stable7 cpe:/a:squid:squid:2.4 cpe:/a:squid:squid:2.3_stable5 cpe:/a:squid:squid:2.0_patch2 cpe:/a:squid:squid:2.5_stable4 CVE-2004-0189 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:45.960-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CONFIRM http://www.squid-cache.org/Advisories/SQUID-2004_1.txt BID 9778 XF squid-urlregex-acl-bypass(15366) REDHAT RHSA-2004:134 REDHAT RHSA-2004:133 OSVDB 5916 MANDRAKE MDKSA-2004:025 DEBIAN DSA-474 GENTOO GLSA-200403-11 BUGTRAQ 20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) CONECTIVA CLA-2004:838 SGI 20040404-01-U SCO SCOSA-2005.16 The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") characterm, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists. cpe:/h:symantec:firewall_vpn_appliance_200r cpe:/h:symantec:firewall_vpn_appliance_100 cpe:/h:symantec:firewall_vpn_appliance_200 CVE-2004-0190 2004-03-15T00:00:00.000-05:00 2008-09-10T15:25:28.040-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9784 XF symantec-firewallvpn-password-plaintext(15212) BUGTRAQ 20040216 Symantec FireWall/VPN Appliance model 200 leak of security OSVDB 4117 FULLDISC 20040216 Symantec FireWall/VPN Appliance model 200 leak of security Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges. cpe:/a:mozilla:mozilla:0.9.2 cpe:/a:mozilla:mozilla:1.0.2 cpe:/a:mozilla:mozilla:1.0:rc1 cpe:/a:mozilla:mozilla:1.2:alpha cpe:/a:mozilla:mozilla:1.0 cpe:/a:mozilla:mozilla:1.5 cpe:/a:mozilla:mozilla:1.1 cpe:/a:mozilla:mozilla:0.9.5 cpe:/a:mozilla:mozilla:1.1:beta cpe:/a:mozilla:mozilla:0.9.7 cpe:/a:mozilla:mozilla:0.9.3 cpe:/a:mozilla:mozilla:0.9.2.1 cpe:/a:mozilla:mozilla:1.4:alpha cpe:/a:mozilla:mozilla:0.8 cpe:/a:mozilla:mozilla:0.9.6 cpe:/a:mozilla:mozilla:1.3 cpe:/a:mozilla:mozilla:1.1:alpha cpe:/a:mozilla:mozilla:1.2 cpe:/a:mozilla:mozilla:1.4.1 cpe:/a:mozilla:mozilla:1.3.1 cpe:/a:mozilla:mozilla:0.9.4 cpe:/a:mozilla:mozilla:0.9.48 cpe:/a:mozilla:mozilla:0.9.35 cpe:/a:mozilla:mozilla:0.9.4.1 cpe:/a:mozilla:mozilla:1.0:rc2 cpe:/a:mozilla:mozilla:1.4 cpe:/a:mozilla:mozilla:0.9.8 cpe:/a:mozilla:mozilla:0.9.9 cpe:/a:mozilla:mozilla:1.2:beta cpe:/a:mozilla:mozilla:1.2.1 cpe:/a:mozilla:mozilla:1.4:beta cpe:/a:mozilla:mozilla:1.0.1 CVE-2004-0191 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:46.303-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS XF mozilla-event-handler-xss(15322) BID 9747 BUGTRAQ 20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers CONFIRM http://bugzilla.mozilla.org/show_bug.cgi?id=227417 REDHAT RHSA-2004:112 REDHAT RHSA-2004:110 OSVDB 4062 HP SSRT4722 Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events. cpe:/h:symantec:gateway_security_5400:2.0 CVE-2004-0192 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:46.523-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9755 BUGTRAQ 20040227 Symantec Gateway Security Management Service Cross Site Scripting XF symantecgateway-error-xss(15330) Cross-site scripting (XSS) vulnerability in the Management Service for Symantec Gateway Security 2.0 allows remote attackers to steal cookies and hijack a management session via a /sgmi URL that contains malicious script, which is not quoted in the resulting error page. cpe:/h:iss:proventia_g_series_xpu:22.3 cpe:/h:iss:proventia_m_series_xpu:1.30 cpe:/a:iss:realsecure_network:7.0:xpu_20.15 cpe:/a:iss:realsecure_desktop:3.6eca cpe:/a:iss:realsecure_desktop:3.6ecf cpe:/a:iss:blackice_pc_protection:3.6cbd cpe:/a:iss:realsecure_desktop:7.0ebg cpe:/h:iss:proventia_a_series_xpu:20.15 cpe:/a:iss:blackice_server_protection:3.6cbz cpe:/a:iss:realsecure_guard:3.6ecb cpe:/a:iss:realsecure_sentry:3.6ecf cpe:/a:iss:realsecure_desktop:7.0epk cpe:/a:iss:realsecure_server_sensor:7.0:xpu20.16 cpe:/a:iss:blackice_agent_server:3.6eca CVE-2004-0193 2004-03-15T00:00:00.000-05:00 2008-09-05T16:37:46.677-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#150326 ISS 20040226 Vulnerability in SMB Parsing in ISS Products MISC http://www.eeye.com/html/Research/Upcoming/20040213.html XF pam-smb-protocol-bo(15207) BID 9752 OSVDB 4072 EEYE AD20040226 SECUNIA 10988 BUGTRAQ 20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username. cpe:/a:adobe:acrobat_reader:5.1 CVE-2004-0194 2004-03-29T00:00:00.000-05:00 2008-09-05T16:37:46.867-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 9802 MISC http://www.nextgenss.com/advisories/adobexfdf.txt XF acrobatreader-xfdf-bo(15384) OSVDB 4135 BUGTRAQ 20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability FULLDISC 20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data. cpe:/a:microsoft:jet:4.0 CVE-2004-0197 2004-06-01T00:00:00.000-04:00 2008-09-10T15:25:28.727-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#740716 CERT TA04-104A XF msjet-query-execute-code(15703) BID 10112 MS MS04-014 Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_xp:::home cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_xp::sp1:64-bit cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit CVE-2004-0199 2004-06-14T00:00:00.000-04:00 2008-09-10T15:25:29.243-04:00 5.1 NETWORK HIGH NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#484814 XF win-hcp-code-execution(16095) BID 10321 MS MS04-015 BUGTRAQ 20040512 MS04-015 - Windows Help Center - Dvdupgrade MISC http://www.exploitlabs.com/files/advisories/EXPL-A-2004-001-helpctr.txt FULLDISC 20040512 MS04-015 - Windows Help Center - Dvdupgrade Help and Support Center in Microsoft Windows XP and Windows Server 2003 SP1 does not properly validate HCP URLs, which allows remote attackers to execute arbitrary code, as demonstrated using certain hcp:// URLs that access the DVD Upgrade capability (dvdupgrd.htm). cpe:/a:microsoft:.net_framework:1.0:sp2:sdk cpe:/o:microsoft:windows_2003_server:r2 cpe:/a:microsoft:office:xp:sp3 cpe:/a:microsoft:frontpage:2003 cpe:/a:microsoft:excel:2003 cpe:/a:microsoft:excel:2002 cpe:/a:microsoft:digital_image_pro:9 cpe:/a:microsoft:word:2003 cpe:/a:microsoft:visual_studio_.net:2003:gold cpe:/a:microsoft:office:2003::student_teacher cpe:/a:microsoft:publisher:2002 cpe:/a:microsoft:greetings:2002 cpe:/a:microsoft:digital_image_suite:9 cpe:/a:microsoft:visual_c%23:2002::.net_standard cpe:/o:microsoft:windows_xp::sp1:tablet_pc cpe:/a:microsoft:visual_j%23_.net:2003::.net_standard cpe:/a:microsoft:powerpoint:2003 cpe:/a:microsoft:digital_image_pro:7.0 cpe:/a:microsoft:visual_basic:2003::.net_standard cpe:/a:microsoft:powerpoint:2002 cpe:/o:microsoft:windows_xp::sp1:64-bit cpe:/a:microsoft:visual_c%2B%2B:2002::.net_standard cpe:/a:microsoft:outlook:2002 cpe:/a:microsoft:picture_it:9 cpe:/a:microsoft:producer::gold:office_powerpoints cpe:/a:microsoft:project:2002:sp1 cpe:/a:microsoft:visio:2003 cpe:/a:microsoft:frontpage:2002 cpe:/a:microsoft:onenote:2003 cpe:/a:microsoft:visual_c%2B%2B:2003::.net_standard cpe:/a:microsoft:visual_c%23:2003::.net_standard cpe:/a:microsoft:outlook:2003 cpe:/o:microsoft:windows_xp::gold cpe:/a:microsoft:word:2002 cpe:/o:microsoft:windows_xp:::64-bit cpe:/a:microsoft:visual_basic:2002::.net_standard cpe:/a:microsoft:visio:2002:sp2 cpe:/a:microsoft:infopath:2003 cpe:/a:microsoft:project:2003 cpe:/a:microsoft:publisher:2003 cpe:/a:microsoft:picture_it:7.0 cpe:/a:microsoft:picture_it:2002 cpe:/a:microsoft:visual_studio_.net:2002:gold CVE-2004-0200 2004-09-28T00:00:00.000-04:00 2008-09-10T15:25:29.307-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA04-260A CERT-VN VU#297462 XF win-jpeg-bo(16304) MS MS04-028 BUGTRAQ 20040914 Microsoft GDIPlus.DLL JPEG Parsing Engine Buffer Overflow Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation. cpe:/o:microsoft:windows_nt:4.0:sp1:server cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2000::sp1:datacenter_server cpe:/o:microsoft:windows_nt:4.0::server cpe:/o:microsoft:windows_nt:4.0:sp5:workstation cpe:/o:microsoft:windows_nt:4.0:sp3:workstation cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_nt:4.0::enterprise_server cpe:/o:microsoft:windows_2000::sp2:advanced_server cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/o:microsoft:windows_nt:4.0:sp1:workstation cpe:/o:microsoft:windows_nt:4.0:sp4:workstation cpe:/o:microsoft:windows_nt:4.0:sp5:enterprise_server cpe:/o:microsoft:windows_2000:::professional cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_nt:4.0:sp6a:server cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_98se cpe:/o:microsoft:windows_2000::sp1:professional cpe:/o:microsoft:windows_nt:4.0:sp6:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp2:enterprise_server cpe:/o:microsoft:windows_xp:::home cpe:/h:avaya:definity_one_media_server cpe:/o:microsoft:windows_nt:4.0:sp2:server cpe:/o:microsoft:windows_nt:4.0:sp4:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp3:server cpe:/o:microsoft:windows_xp:::64-bit cpe:/o:microsoft:windows_nt:4.0:sp4:terminal_server cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/a:avaya:ip600_media_servers cpe:/o:microsoft:windows_2000:::server cpe:/o:microsoft:windows_nt:4.0:sp6:server cpe:/o:microsoft:windows_nt:4.0:sp1:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp3:terminal_server cpe:/o:microsoft:windows_nt:4.0:sp4:server cpe:/o:microsoft:windows_nt:4.0::terminal_server cpe:/o:microsoft:windows_nt:4.0:sp1:enterprise_server cpe:/o:microsoft:windows_nt:4.0:sp6a:enterprise_server cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/o:microsoft:windows_nt:4.0:sp6a:workstation cpe:/o:microsoft:windows_nt:4.0:sp6:enterprise_server cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2000:::advanced_server cpe:/o:microsoft:windows_nt:4.0:sp2:workstation cpe:/o:microsoft:windows_nt:4.0:sp3:enterprise_server cpe:/o:microsoft:windows_xp::sp1:64-bit cpe:/o:microsoft:windows_2000::sp4:server cpe:/o:microsoft:windows_2000:::datacenter_server cpe:/o:microsoft:windows_2000::sp3:professional cpe:/o:microsoft:windows_2000::sp1:server cpe:/o:microsoft:windows_2000::sp3:advanced_server cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_nt:4.0:sp5:server cpe:/o:microsoft:windows_2000::sp1:advanced_server cpe:/h:avaya:s8100 cpe:/o:microsoft:windows_nt:4.0::workstation cpe:/o:avaya:modular_messaging_message_storage_server:s3400 cpe:/o:microsoft:windows_nt:4.0:sp5:terminal_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/o:microsoft:windows_nt:4.0:sp6:workstation cpe:/o:microsoft:windows_nt:4.0:sp2:terminal_server cpe:/o:microsoft:windows_2000::sp4:professional cpe:/o:microsoft:windows_2000::sp4:advanced_server CVE-2004-0201 2004-08-06T00:00:00.000-04:00 2008-09-10T15:25:29.383-04:00 10.0 NETWORK LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA04-196A CERT-VN VU#920060 MS MS04-023 XF win-htmlhelp-execute-code(16586) FULLDISC 20040714 HtmlHelp - .CHM File Heap Overflow Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041. cpe:/a:microsoft:directx:7.0a cpe:/o:microsoft:windows_me cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_2003_server:r2::64-bit cpe:/a:microsoft:directx:9.0b cpe:/o:microsoft:windows_2000::sp3:datacenter_server cpe:/a:microsoft:directx:8.0a cpe:/o:microsoft:windows_xp::gold:professional cpe:/o:microsoft:windows_2003_server:r2::datacenter_64-bit cpe:/o:microsoft:windows_2000::sp2:professional cpe:/o:microsoft:windows_2000::sp3:server cpe:/o:microsoft:windows_2003_server:enterprise::64-bit cpe:/a:microsoft:directx:8.2 cpe:/o:microsoft:windows_xp::sp1:64-bit cpe:/o:microsoft:windows_2000::sp4:server cpe:/a:microsoft:directx:7.0 cpe:/o:microsoft:windows_xp::sp1:home cpe:/o:microsoft:windows_2003_server:standard::64-bit cpe:/o:microsoft:windows_2003_server:enterprise_64-bit cpe:/o:microsoft:windows_98se cpe:/a:microsoft:directx:8.0 cpe:/o:microsoft:windows_2000::sp3:professional cpe:/a:microsoft:directx:9.0a cpe:/o:microsoft:windows_xp:::home cpe:/a:microsoft:directx:8.1b cpe:/o:microsoft:windows_xp:::64-bit cpe:/a:microsoft:directx:8.1 cpe:/a:microsoft:directx:8.1a cpe:/o:microsoft:windows_2000::sp2:datacenter_server cpe:/o:microsoft:windows_2003_server:web cpe:/o:microsoft:windows_2000::sp4:datacenter_server cpe:/o:microsoft:windows_2000::sp2:server cpe:/a:microsoft:directx:7.1 cpe:/o:microsoft:windows_2000::sp4:professional CVE-2004-0202 2004-08-06T00:00:00.000-04:00 2008-09-10T15:25:29.447-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 BID 10487 MS MS04-016 XF ms-directx-directplay-dos(16306) OSVDB 6742 SECUNIA 11802 IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. cpe:/a:microsoft:exchange_server:5.5:sp1 cpe:/a:microsoft:exchange_server:5.5:sp2 cpe:/a:microsoft:exchange_server:5.5 cpe:/a:microsoft:exchange_server:5.5:sp3 cpe:/a:microsoft:exchange_server:5.5:sp4 CVE-2004-0203 2004-11-23T00:00:00.000-05:00 2008-09-10T15:25:29.523-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#948750 MS MS04-026 XF exchange-owa-execute-code(16583) Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exchange Server 5.5 Service Pack 4 allows remote attackers to insert arbitrary script and spoof content in HTML email or web caches via an HTML redirect query. cpe:/a:businessobjects:crystal_enterprise_ras:8.5::unix cpe:/a:bea:weblogic_server:8.1:sp1:express cpe:/a:microsoft:visual_studio_.net:2003:gold cpe:/a:bea:weblogic_server:8.1:sp2:express cpe:/a:microsoft:outlook:2003::business_contact_manager cpe:/a:businessobjects:crystal_enterprise:10 cpe:/a:businessobjects:crystal_reports:9 cpe:/a:bea:weblogic_server:8.1::win32 cpe:/a:bea:weblogic_server:8.1:sp1:win32 cpe:/a:businessobjects:crystal_reports:10 cpe:/a:bea:weblogic_server:8.1::express cpe:/a:bea:weblogic_server:8.1:sp2:win32 cpe:/a:bea:weblogic_server:8.1:sp1 cpe:/a:microsoft:business_solutions_crm:1.2 cpe:/a:businessobjects:crystal_enterprise_java_sdk:8.5 cpe:/a:bea:weblogic_server:8.1:sp2 cpe:/a:businessobjects:crystal_enterprise:9 cpe:/a:borland_software:j_builder cpe:/a:bea:weblogic_server:8.1 CVE-2004-0204 2004-08-06T00:00:00.000-04:00 2008-09-10T15:25:30.257-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS BID 10260 XF crystalreports-file-deletion(16044) MS MS04-017 CONFIRM http://support.businessobjects.com/fix/hot/critical/bulletins/security_bulletin_june04.asp OSVDB 6748 SECUNIA 11800 BUGTRAQ 20040608 Vulnerability: Arbitrary File Access & DoS in Crystal Reports BUGTRAQ 20040502 Crystal Reports Vulnerabilities Directory traversal vulnerability in the web viewers for Business Objects Crystal Reports 9 and 10, and Crystal Enterprise 9 or 10, as used in Visual Studio .NET 2003 and Outlook 2003 with Business Contact Manager, Microsoft Business Solutions CRM 1.2, and other products, allows remote attackers to read and delete arbitrary files via ".." sequences in the dynamicimag argument to crystalimagehandler.aspx. cpe:/a:avaya:ip600_media_servers cpe:/h:avaya:s8100 cpe:/o:avaya:modular_messaging_message_storage_server:s3400 cpe:/h:avaya:definity_one_media_server cpe:/a:microsoft:internet_information_server:4.0 CVE-2004-0205 2004-08-06T00:00:00.000-04:00 2008-09-10T15:25:30.320-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS CERT TA04-196A CERT-VN VU#717748 XF iis-redirect-bo(16578) MS MS04-021 CIAC O-179 BID 10706 OSVDB 7799 SECUNIA 12061 Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 allows local users to execute arbitrary code via the redirect function. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_nt:4.0 CVE-2004-0206 2004-11-03T00:00:00.000-05:00 2008-09-10T15:25:30.397-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_OTHER_ACCESS CERT-VN VU#640488 XF win-ms04031-patch(17657) XF win-netdde-bo(16556) MS MS04-031 SECUNIA 12803 BID 11372 BUGTRAQ 20041013 Microsoft Windows NetDDE Service Buffer Overflow Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows attackers to remotely execute arbitrary code or locally gain privileges via a malicious message or application that involves an "unchecked buffer," possibly a buffer overflow. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_98::gold cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_nt:4.0 CVE-2004-0207 2004-11-03T00:00:00.000-05:00 2008-09-05T16:37:48.817-04:00 2.1 LOCAL LOW NONE NONE PARTIAL NONE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 CERT-VN VU#218526 XF win-ms04032-patch(17658) XF win-mngmt-api-gain-privileges(16579) MS MS04-032 BUGTRAQ 20041013 SetWindowLong Shatter Attacks "Shatter" style vulnerability in the Window Management application programming interface (API) for Microsoft Windows 98, Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 allows local users to gain privileges by using certain API functions to change properties of privileged programs using the SetWindowLong and SetWIndowLongPtr API functions. cpe:/o:microsoft:windows_2000 cpe:/o:microsoft:windows_2003_server:r2 cpe:/o:microsoft:windows_xp::gold cpe:/o:microsoft:windows_nt:4.0 CVE-2004-0208 2004-11-03T00:00:00.000-05:00 2008-09-10T15:25:31.023-04:00 7.2 LOCAL LOW NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2004-01-01T00:00:00.000-05:00 ALLOWS_ADMIN_ACCESS