Full List

Search

Recent Vulnerabilities

• CVE-2004-1290 • published on December 22, 2004 Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file.
• CVE-2004-1304 • published on December 22, 2004 Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
• CVE-2004-1314 • published on December 22, 2004 Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.
• CVE-2004-1271 • published on December 22, 2004 Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows remote attackers to execute arbitrary code via a crafted DXF file.
• CVE-2004-1273 • published on December 22, 2004 Buffer overflow in the DownloadLoop function in main.c for greed 0.81p allows remote attackers to execute arbitrary code via a GRX file containing a long filename.
• CVE-2004-1275 • published on December 22, 2004 Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file.
• CVE-2004-1276 • published on December 22, 2004 IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
• CVE-2004-1279 • published on December 22, 2004 Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.
• CVE-2004-1280 • published on December 22, 2004 The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename.
• CVE-2004-1282 • published on December 22, 2004 Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation.
• CVE-2004-1286 • published on December 22, 2004 Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
• CVE-2004-1293 • published on December 22, 2004 Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file.
• CVE-2004-1297 • published on December 22, 2004 Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.
• CVE-2004-1303 • published on December 22, 2004 Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.
• CVE-2004-1302 • published on December 22, 2004 The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.
• CVE-2004-1308 • published on December 22, 2004 Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
• CVE-2004-1309 • published on December 22, 2004 Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.
• CVE-2004-0568 • published on December 15, 2004 HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
• CVE-2004-0571 • published on December 15, 2004 Microsoft Word for Windows 6.0 Converter does not properly validate certain data lengths, which allows remote attackers to execute arbitrary code via a .wri, .rtf, and .doc file sent by email or malicious web site, aka "Table Conversion Vulnerability," a different vulnerability than CVE-2004-0901.
• CVE-2004-0914 • published on December 15, 2004 Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.