CVE-2004-0989 – Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0989
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost. • https://www.exploit-db.com/exploits/24704 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000890 http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html http://marc.info/?l=bugtraq&m=109880813013482&w=2 http://secunia.com/advisories/13000 http://securitytracker.com/id?1011941 http://www.ciac.org/ciac/bulletins/p-029.shtml http://www.debian.org/security/2004/dsa-582 http://www.gentoo.org/security/en/glsa/glsa-200411-05.xml http://www •
CVE-2004-0888
https://notcve.org/view.php?id=CVE-2004-0888
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 http://marc.info/?l=bugtraq&m=109880927526773&w=2 http://marc.info/?l=bugtraq&m=110815379627883&w=2 http://www.debian.org/security/2004/dsa-573 http://www.debian.org/security/2004/dsa-581 http://www.debian.org/security/2004/dsa-599 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/ •
CVE-2004-0889
https://notcve.org/view.php?id=CVE-2004-0889
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. • http://marc.info/?l=bugtraq&m=109880927526773&w=2 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.securityfocus.com/bid/11501 https://exchange.xforce.ibmcloud.com/vulnerabilities/17819 •
CVE-2004-0891
https://notcve.org/view.php?id=CVE-2004-0891
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. • http://gaim.sourceforge.net/security/?id=9 http://www.gentoo.org/security/en/glsa/glsa-200410-23.xml http://www.redhat.com/support/errata/RHSA-2004-604.html https://bugzilla.fedora.us/show_bug.cgi?id=2188 https://exchange.xforce.ibmcloud.com/vulnerabilities/17786 https://exchange.xforce.ibmcloud.com/vulnerabilities/17787 https://exchange.xforce.ibmcloud.com/vulnerabilities/17790 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11790 https://www.ubuntu& •
CVE-2004-0957
https://notcve.org/view.php?id=CVE-2004-0957
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 http://www.ciac.org/ciac/bulletins/p-018.shtml http://www.debian.org/security/2005/dsa-707 http://www.mandriva.com/security/advisories?name=MDKSA-2005:070 http://www.redhat.com/support/errata/RHSA-2004-597.html http://www.redhat.com/support/errata/RHSA-2004-611.html https://exchange.xforce.ibmcloud.com/vulnerabilities/17783 https://www.ubuntu.com/usn/usn-32-1 https://access.redhat.com/security/cve/CVE •