Linux

Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted peer message, which triggers an out-of-bounds write.

Published: 2014-07-29T14:00:00.000Z
Updated: 2024-08-06T11:27:36.988Z

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

Published: 2013-11-15T18:16:00.000Z
Updated: 2024-08-06T15:20:37.400Z

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by a CDATA section containing valid UTF-7 encoded sequences in a SVG file, which is then incorrectly interpreted as UTF-8 by Chrome and Firefox.

Published: 2013-11-15T18:16:00.000Z
Updated: 2024-08-06T15:20:37.509Z

thttpd.c in sthttpd before 2.26.4-r2 and thttpd 2.25b use world-readable permissions for /var/log/thttpd.log, which allows local users to obtain sensitive information by reading the file.

Published: 2013-12-13T18:00:00.000Z
Updated: 2024-08-06T14:25:09.614Z

The default configuration of logrotate on Gentoo Linux uses root privileges to process files in directories that permit non-root write access, which allows local users to conduct symlink and hard link attacks by leveraging logrotate's lack of support for untrusted directories, as demonstrated by directories under /var/log/ for packages.

Published: 2011-03-30T22:00:00.000Z
Updated: 2024-08-06T22:28:41.808Z

Multiple heap-based buffer overflows in Aircrack-ng before 1.1 allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a (1) large length value in an EAPOL packet or (2) long EAPOL packet.

Published: 2013-10-28T22:00:00.000Z
Updated: 2024-08-07T01:14:06.663Z

ZoneMinder 1.23.3 on Gentoo Linux uses 0644 permissions for /etc/zm.conf, which allows local users to obtain the database username and password by reading this file.

Published: 2009-04-27T22:00:00.000Z
Updated: 2024-08-07T11:42:00.193Z

The default configuration of Firebird before 2.0.3.12981.0-r6 on Gentoo Linux sets the ISC_PASSWORD environment variable before starting Firebird, which allows remote attackers to bypass SYSDBA authentication and obtain sensitive database information via an empty password.

Published: 2008-05-12T16:00:00.000Z
Updated: 2024-08-07T08:40:59.388Z

Interpretation conflict in PHP Toolkit before 1.0.1 on Gentoo Linux might allow local users to cause a denial of service (PHP outage) and read contents of PHP scripts by creating a file with a one-letter lowercase alphabetic name, which triggers interpretation of a certain unquoted [a-z] argument as a matching shell glob for this name, rather than interpretation as the literal [a-z] regular-expression string, and consequently blocks the launch of the PHP interpreter within the Apache HTTP Server.

Published: 2008-04-18T15:00:00.000Z
Updated: 2024-08-07T08:32:01.265Z

The docert function in ssl-cert.eclass, when used by src_compile or src_install on Gentoo Linux, stores the SSL key in a binpkg, which allows local users to extract the key from the binpkg, and causes multiple systems that use this binpkg to have the same SSL key and certificate.

Published: 2008-03-18T22:00:00.000Z
Updated: 2024-08-07T08:17:34.680Z

ViewVC before 1.0.5 provides revision metadata without properly checking whether access was intended, which allows remote attackers to obtain sensitive information by reading (1) forbidden pathnames in the revision view, (2) log history that can only be reached by traversing a forbidden object, or (3) forbidden diff view path parameters.

Published: 2008-03-24T17:00:00.000Z
Updated: 2024-08-07T08:17:34.528Z

ViewVC before 1.0.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to read files and list folders under the hidden CVSROOT folder.

Published: 2008-03-24T17:00:00.000Z
Updated: 2024-08-07T08:17:33.494Z

ViewVC before 1.0.5 includes "all-forbidden" files within search results that list CVS or Subversion (SVN) commits, which allows remote attackers to obtain sensitive information.

Published: 2008-03-24T17:00:00.000Z
Updated: 2024-08-07T08:17:33.492Z

expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.

Published: 2008-02-29T02:00:00.000Z
Updated: 2024-08-07T08:08:57.707Z

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.

Published: 2007-12-31T19:00:00.000Z
Updated: 2024-08-07T16:02:36.277Z

etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.

Published: 2007-12-15T01:00:00.000Z
Updated: 2024-08-07T16:02:36.433Z

Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow. NOTE: Qt 4 has the same error in the QUtf8Codec::convertToUnicode function, but it is not exploitable.

Published: 2007-09-18T19:00:00.000Z
Updated: 2024-08-07T14:46:38.696Z

NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information.

Published: 2007-07-27T22:00:00.000Z
Updated: 2024-08-07T14:21:36.105Z

Eval injection vulnerability in (1) courier-imapd.indirect and (2) courier-pop3d.indirect in Courier-IMAP before 4.0.6-r2, and 4.1.x before 4.1.2-r1, on Gentoo Linux allows remote attackers to execute arbitrary commands via the XMAILDIR variable, related to the LOGINRUN variable.

Published: 2007-04-24T16:00:00.000Z
Updated: 2024-08-07T13:23:51.016Z

Vixie Cron before 4.1-r10 on Gentoo Linux is installed with insecure permissions, which allows local users to cause a denial of service (cron failure) by creating hard links, which results in a failed st_nlink check in database.c.

Published: 2007-04-18T02:20:00.000Z
Updated: 2024-08-07T13:13:41.102Z

The Linux Security Auditing Tool (LSAT) allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using /tmp/lsat1.lsat.

Published: 2007-03-19T22:00:00.000Z
Updated: 2024-08-07T12:59:08.449Z

Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable.

Published: 2007-02-21T17:00:00.000Z
Updated: 2024-08-07T12:43:22.436Z

ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.

Published: 2007-02-28T15:00:00.000Z
Updated: 2024-08-07T20:50:06.287Z

The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits.

Published: 2006-06-13T10:00:00.000Z
Updated: 2024-08-07T18:16:05.448Z

The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0.

Published: 2006-01-04T00:00:00.000Z
Updated: 2024-08-07T16:18:20.703Z

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.446Z

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.366Z

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.457Z

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

Published: 2005-09-28T04:00:00.000Z
Updated: 2024-08-07T22:30:01.787Z

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Published: 2005-06-20T04:00:00.000Z
Updated: 2024-08-07T21:44:05.956Z

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

Published: 2005-04-16T04:00:00.000Z
Updated: 2024-08-07T21:35:59.981Z

Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.

Published: 2005-04-06T04:00:00.000Z
Updated: 2024-08-07T21:35:59.902Z

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Published: 2005-04-24T04:00:00.000Z
Updated: 2024-08-07T21:28:27.162Z

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

Published: 2005-03-07T05:00:00.000Z
Updated: 2024-08-07T21:21:06.463Z

Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.

Published: 2005-02-24T05:00:00.000Z
Updated: 2024-08-07T21:13:54.548Z

Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.

Published: 2005-02-19T05:00:00.000Z
Updated: 2024-08-07T21:13:54.262Z

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Published: 2005-02-15T05:00:00.000Z
Updated: 2024-08-07T21:05:25.397Z

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

Published: 2005-01-29T05:00:00.000Z
Updated: 2024-08-07T20:57:41.090Z

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.

Published: 2005-02-17T05:00:00.000Z
Updated: 2024-08-08T00:53:24.096Z

The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.

Published: 2005-01-06T05:00:00.000Z
Updated: 2024-08-08T00:46:12.439Z

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

Published: 2005-05-04T04:00:00.000Z
Updated: 2024-08-08T00:46:12.284Z

Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

Published: 2004-12-22T05:00:00.000Z
Updated: 2024-08-08T00:46:12.358Z

Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.909Z

fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.943Z

direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.873Z

The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.

Published: 2004-12-10T05:00:00.000Z
Updated: 2024-08-08T00:39:00.859Z

rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.

Published: 2004-12-10T05:00:00.000Z
Updated: 2024-08-08T00:39:00.899Z

The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.819Z

The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.923Z

The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.767Z

The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.900Z

qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.865Z

dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.910Z

Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.859Z

Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.876Z

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.854Z

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.814Z

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.892Z

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.811Z

Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.

Published: 2004-11-18T05:00:00.000Z
Updated: 2024-08-08T00:39:00.586Z

The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:39:00.584Z

Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.

Published: 2004-11-16T05:00:00.000Z
Updated: 2024-08-08T00:39:00.552Z

Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.

Published: 2004-11-16T05:00:00.000Z
Updated: 2024-08-08T00:39:00.753Z

Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.

Published: 2004-11-24T05:00:00.000Z
Updated: 2024-08-08T00:39:00.608Z

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.

Published: 2004-11-24T05:00:00.000Z
Updated: 2024-08-08T00:39:00.421Z

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.

Published: 2004-11-24T05:00:00.000Z
Updated: 2024-08-08T00:39:00.423Z

fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.

Published: 2004-11-24T05:00:00.000Z
Updated: 2024-08-08T00:39:00.462Z

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.

Published: 2004-11-24T05:00:00.000Z
Updated: 2024-08-08T00:39:00.544Z

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Published: 2004-11-16T05:00:00.000Z
Updated: 2024-08-08T00:38:59.903Z

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

Published: 2004-12-10T05:00:00.000Z
Updated: 2024-08-08T00:39:00.427Z

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

Published: 2004-12-15T05:00:00.000Z
Updated: 2024-08-08T00:39:00.595Z

Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:38:59.810Z

Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:39:00.461Z

Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

Published: 2005-01-22T05:00:00.000Z
Updated: 2024-08-08T00:38:59.668Z

main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Published: 2004-12-01T05:00:00.000Z
Updated: 2024-08-08T00:39:00.654Z

Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.

Published: 2004-10-28T04:00:00.000Z
Updated: 2024-08-08T00:39:00.367Z

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:38:59.645Z

Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:39:00.397Z

Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:39:00.592Z

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:39:00.442Z

The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:38:59.663Z

The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Published: 2004-10-20T04:00:00.000Z
Updated: 2024-08-08T00:38:59.628Z

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Published: 2004-11-24T05:00:00.000Z
Updated: 2024-08-08T00:31:48.138Z

Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.243Z

RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.229Z

Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.168Z

Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.124Z

Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:47.979Z

McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.096Z

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Published: 2004-11-19T05:00:00.000Z
Updated: 2024-08-08T00:31:48.134Z

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Published: 2004-10-21T04:00:00.000Z
Updated: 2024-08-08T00:31:48.079Z

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.

Published: 2004-12-15T05:00:00.000Z
Updated: 2024-08-08T00:31:48.097Z

Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.

Published: 2004-10-21T04:00:00.000Z
Updated: 2024-08-08T00:31:47.791Z

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

Published: 2004-10-26T04:00:00.000Z
Updated: 2024-08-08T00:31:48.137Z

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Published: 2004-10-26T04:00:00.000Z
Updated: 2024-08-08T00:31:47.615Z

The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

Published: 2004-07-08T04:00:00.000Z
Updated: 2024-08-08T00:24:26.981Z

The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.

Published: 2004-07-08T04:00:00.000Z
Updated: 2024-08-08T00:24:27.044Z

The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.

Published: 2004-07-08T04:00:00.000Z
Updated: 2024-08-08T00:24:26.976Z

The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.

Published: 2004-07-06T04:00:00.000Z
Updated: 2024-08-08T00:24:26.885Z

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

Published: 2004-07-08T04:00:00.000Z
Updated: 2024-08-08T00:24:25.856Z

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

Published: 2004-07-06T04:00:00.000Z
Updated: 2024-08-08T00:17:15.122Z

Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

Published: 2004-07-06T04:00:00.000Z
Updated: 2024-08-08T00:17:15.052Z