Full List

Search

Recent Vulnerabilities

• CVE-2004-0752 • published on September 14, 2004 OpenOffice (OOo) 1.1.2 creates predictable directory names with insecure permissions during startup, which may allow local users to read or list files of other users.
• CVE-2004-0839 • published on September 14, 2004 Internet Explorer in Windows XP SP2, and other versions including 5.01 and 5.5, allows remote attackers to install arbitrary programs via a web page that uses certain styles and the AnchorClick behavior, popup windows, and drag-and-drop capabilities to drop the program in the local startup folder, as demonstrated by "wottapoop.html".
• CVE-2004-0842 • published on September 14, 2004 Internet Explorer 6.0 SP1 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (application crash from "memory corruption") via certain malformed Cascading Style Sheet (CSS) elements that trigger heap-based buffer overflows, as demonstrated using the "STYLE@;/*" string, possibly due to a missing comment terminator that may cause an invalid length to trigger a large memory copy operation, aka the "CSS Heap Memory Corruption Vulnerability."
• CVE-2004-0775 • published on September 14, 2004 Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in products such as BTStackServer 1.3.2.7 and 1.4.2.10, Windows XP and Windows 98 with MSI Bluetooth Dongles, and HP IPAQ 5450 running WinCE 3.0, allows remote attackers to execute arbitrary code via certain service requests.
• CVE-2004-0781 • published on September 14, 2004 Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast internal web server (icecast-server) 1.3.12 and earlier allows remote attackers to inject arbitrary web script via the UserAgent parameter.
• CVE-2004-0642 • published on September 10, 2004 Double free vulnerabilities in the error handling code for ASN.1 decoders in the (1) Key Distribution Center (KDC) library and (2) client library for MIT Kerberos 5 (krb5) 1.3.4 and earlier may allow remote attackers to execute arbitrary code.
• CVE-2004-0644 • published on September 10, 2004 The asn1buf_skiptail function in the ASN.1 decoder library for MIT Kerberos 5 (krb5) 1.2.2 through 1.3.4 allows remote attackers to cause a denial of service (infinite loop) via a certain BER encoding.
• CVE-2004-0643 • published on September 10, 2004 Double free vulnerability in the krb5_rd_cred function for MIT Kerberos 5 (krb5) 1.3.1 and earlier may allow local users to execute arbitrary code.
• CVE-2004-0748 • published on September 10, 2004 mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
• CVE-2004-0751 • published on September 10, 2004 The char_buffer_read function in the mod_ssl module for Apache 2.x, when using reverse proxying to an SSL server, allows remote attackers to cause a denial of service (segmentation fault).
• CVE-2004-0745 • published on September 10, 2004 LHA 1.14 and earlier allows attackers to execute arbitrary commands via a directory with shell metacharacters in its name.
• CVE-2004-0772 • published on September 10, 2004 Double free vulnerabilities in error handling code in krb524d for MIT Kerberos 5 (krb5) 1.2.8 and earlier may allow remote attackers to execute arbitrary code.
• CVE-2004-0829 • published on September 10, 2004 smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
• CVE-2004-0500 • published on September 2, 2004 Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
• CVE-2004-0754 • published on September 2, 2004 Integer overflow in Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via the size variable in Groupware server messages.
• CVE-2004-0826 • published on September 2, 2004 Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message.
• CVE-2004-0784 • published on September 2, 2004 The smiley theme functionality in Gaim before 0.82 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of the tar file that is dragged to the smiley selector.
• CVE-2004-0785 • published on September 2, 2004 Multiple buffer overflows in Gaim before 0.82 allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) Rich Text Format (RTF) messages, (2) a long hostname for the local system as obtained from DNS, or (3) a long URL that is not properly handled by the URL decoder.
• CVE-2004-0820 • published on September 2, 2004 Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
• CVE-2004-0819 • published on September 2, 2004 The bridge functionality in OpenBSD 3.4 and 3.5, when running a gateway configured as a bridging firewall with the link2 option for IPSec enabled, allows remote attackers to cause a denial of service (crash) via an ICMP echo (ping) packet.