Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command. Date published : 2004-12-31 http://marc.info/?l=bugtraq&m=110425875504586&w=2 http://marc.info/?l=bugtraq&m=110426936423890&w=2
Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol.cpp for Mozilla 1.7.3 and earlier allows remote attackers to cause a denial of service (application crash) via an NNTP URL (news:) with a trailing ” (backslash) character,...
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so...
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2004-12-31 http://marc.info/?l=bugtraq&m=110358225615424&w=2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286371
load_elf_binary in Linux before 2.4.26 allows local users to cause a denial of service (system crash) via an ELF binary in which the interpreter is NULL. Date published : 2004-12-31 http://www.securityfocus.com/bid/12101 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=142965
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy’s history count and the maximum number of...
The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7.7 allows local users to overwrite arbitrary files via a symlink attack on temporary directories. Date published : 2004-12-31 http://www.securityfocus.com/bid/12078 http://www.debian.org/security/2004/dsa-615
Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and (2) login.c for CVSTrac before 1.1.5 allow remote attackers to inject arbitrary HTML and web script. Date published : 2004-12-31 http://www.securityfocus.com/bid/12017 http://www.cvstrac.org/cvstrac/chngview?cn=320
Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which...
Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD64 systems allows local users to gain privileges. Date published : 2004-12-31 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10439 http://www.redhat.com/support/errata/RHSA-2004-689.html
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet. Date published : 2004-12-31 http://www.securityfocus.com/bid/11943 http://www.ciac.org/ciac/bulletins/p-061.shtml
The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote attackers to cause a denial of service (application crash) via a certain packet that causes the dissector to access previously-freed memory. Date published :...
Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (application hang) and possibly fill available disk space via an invalid RTP timestamp. Date published : 2004-12-31 http://www.securityfocus.com/bid/11943 http://www.ciac.org/ciac/bulletins/p-061.shtml
Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash). Date published : 2004-12-31 http://www.securityfocus.com/bid/11943 http://www.ciac.org/ciac/bulletins/p-061.shtml