Full List

Search

Recent Vulnerabilities

• CVE-2004-0873 • published on September 24, 2004 Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execute arbitrary programs via a "link" that references the program.
• CVE-2004-0875 • published on September 24, 2004 Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (aka webdistro) 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module.
• CVE-2004-0811 • published on September 24, 2004 Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
• CVE-2004-0821 • published on September 24, 2004 The CFPlugIn in Core Foundation framework in Mac OS X allows user supplied libraries to be loaded, which could allow local users to gain privileges.
• CVE-2004-0822 • published on September 24, 2004 Buffer overflow in The Core Foundation framework (CoreFoundation.framework) in Mac OS X 10.2.8, 10.3.4, and 10.3.5 allows local users to execute arbitrary code via a certain environment variable.
• CVE-2004-0825 • published on September 24, 2004 QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3.5 allows remote attackers to cause a denial of service (application deadlock) via a certain sequence of operations.
• CVE-2004-0827 • published on September 24, 2004 Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
• CVE-2004-0903 • published on September 24, 2004 Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
• CVE-2004-0904 • published on September 24, 2004 Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
• CVE-2004-0907 • published on September 24, 2004 The Linux install .tar.gz archives for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8, create certain files with insecure permissions, which could allow local users to overwrite those files and execute arbitrary code.
• CVE-2004-0880 • published on September 24, 2004 getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file.
• CVE-2004-0881 • published on September 24, 2004 getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir.
• CVE-2004-0908 • published on September 24, 2004 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
• CVE-2004-0905 • published on September 24, 2004 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
• CVE-2004-0902 • published on September 24, 2004 Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
• CVE-2004-0906 • published on September 24, 2004 The XPInstall installer in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 sets insecure permissions for certain installed files within xpi packages, which could allow local users to overwrite arbitrary files or execute arbitrary code.
• CVE-2004-0909 • published on September 24, 2004 Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 may allow remote attackers to trick users into performing unexpected actions, including installing software, via signed scripts that request enhanced abilities using the enablePrivilege parameter, then modify the meaning of certain security-relevant dialog messages.
• CVE-2004-0687 • published on September 24, 2004 Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
• CVE-2004-0200 • published on September 17, 2004 Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
• CVE-2004-0558 • published on September 17, 2004 The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.