Full List

Search

Recent Vulnerabilities

• CVE-2004-0798 • published on August 27, 2004 Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gold before 8.03 Hotfix 1 allows remote attackers to execute arbitrary code via a long instancename parameter.
• CVE-2004-0693 • published on August 25, 2004 The GIF parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0692.
• CVE-2004-0691 • published on August 25, 2004 Heap-based buffer overflow in the BMP image format parser for the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.
• CVE-2004-0692 • published on August 25, 2004 The XPM parser in the QT library (qt3) before 3.3.3 allows remote attackers to cause a denial of service (application crash) via a malformed image file that triggers a null dereference, a different vulnerability than CVE-2004-0693.
• CVE-2004-0800 • published on August 25, 2004 Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 allows local users to gain privileges via format strings in the argv[0] value.
• CVE-2004-0796 • published on August 24, 2004 SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to cause a denial of service via certain malformed messages.
• CVE-2002-1583 • published on August 20, 2004 Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Database 6.0 and 7.0 allows local users to execute arbitrary code via a long username that is read from a file descriptor argument.
• CVE-2003-1049 • published on August 20, 2004 IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS directories with insecure permissions (777), which allows local users to modify or delete certain DB2 files.
• CVE-2003-1052 • published on August 20, 2004 IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs.
• CVE-2003-1051 • published on August 20, 2004 Multiple format string vulnerabilities in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via certain command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
• CVE-2003-1050 • published on August 20, 2004 Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
• CVE-2004-0795 • published on August 20, 2004 DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe.
• CVE-2004-0408 • published on August 19, 2004 Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code.
• CVE-2004-0457 • published on August 19, 2004 The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
• CVE-2004-0458 • published on August 19, 2004 mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference.
• CVE-2004-0689 • published on August 19, 2004 KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files.
• CVE-2004-0755 • published on August 19, 2004 The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions.
• CVE-2004-0768 • published on August 19, 2004 libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
• CVE-2004-0777 • published on August 19, 2004 Format string vulnerability in the auth_debug function in Courier-IMAP 1.6.0 through 2.2.1 and 3.x through 3.0.3, when login debugging (DEBUG_LOGIN) is enabled, allows remote attackers to execute arbitrary code.
• CVE-2004-0794 • published on August 19, 2004 Multiple signal handler race conditions in lukemftpd (aka tnftpd before 20040810) allow remote authenticated attackers to cause a denial of service or execute arbitrary code.