Full List

Search

Recent Vulnerabilities

• CVE-2004-0477 • published on July 8, 2004 Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router allows remote attackers to bypass authentication via repeated attempts using any username and password. NOTE: this identifier was inadvertently re-used for another issue due to a typo; that issue was assigned CVE-2004-0447. This candidate is ONLY for the ADSL router bypass.
• CVE-2004-0448 • published on July 8, 2004 Format string vulnerability in the log function for jftpgw 0.13.4 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in certain syslog messages.
• CVE-2004-0468 • published on July 8, 2004 Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
• CVE-2004-0602 • published on July 8, 2004 The binary compatibility mode for FreeBSD 4.x and 5.x does not properly handle certain Linux system calls, which could allow local users to access kernel memory to gain privileges or cause a system panic.
• CVE-2004-0565 • published on July 8, 2004 Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
• CVE-2004-0627 • published on July 8, 2004 The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to bypass authentication via a zero-length scrambled string.
• CVE-2004-0628 • published on July 8, 2004 Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long scramble string.
• CVE-2004-0634 • published on July 8, 2004 The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
• CVE-2004-0633 • published on July 8, 2004 The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
• CVE-2004-0635 • published on July 8, 2004 The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
• CVE-2002-1581 • published on July 6, 2004 Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3.20 through 2.3.31 allows remote attackers to view arbitrary files via .. (dot dot) sequences and a null byte (%00) in the configLanguage parameter.
• CVE-2002-1582 • published on July 6, 2004 compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi.
• CVE-2004-0456 • published on July 6, 2004 Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header.
• CVE-2004-0496 • published on July 6, 2004 Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
• CVE-2004-0497 • published on July 6, 2004 Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
• CVE-2004-0578 • published on July 6, 2004 WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files via leading slash (//) characters in a URL request to the wingate-internal directory.
• CVE-2004-0577 • published on July 6, 2004 WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions such as 5.0.5, allows remote attackers to read arbitrary files from the root directory via a URL request to the wingate-internal directory.
• CVE-2004-0626 • published on July 6, 2004 The tcp_find_option function of the netfilter subsystem in Linux kernel 2.6, when using iptables and TCP options rules, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a large option length that produces a negative integer after a casting operation to the char type.
• CVE-2004-0393 • published on June 30, 2004 Format string vulnerability in the msg function for rlpr daemon (rlprd) 2.0.4 allows remote attackers to execute arbitrary code via format string specifiers in a buffer that can not be resolved, which is provided to the syslog function.
• CVE-2004-0454 • published on June 30, 2004 Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allows local users to execute arbitrary code.