CVE-2004-0952
https://notcve.org/view.php?id=CVE-2004-0952
HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. • http://marc.info/?l=bugtraq&m=112420609211136&w=2 http://marc.info/?l=bugtraq&m=112422597529112&w=2 http://secunia.com/advisories/16456 http://securitytracker.com/id?1014711 https://exchange.xforce.ibmcloud.com/vulnerabilities/21857 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5775 •
CVE-2004-1332
https://notcve.org/view.php?id=CVE-2004-1332
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. • http://marc.info/?l=bugtraq&m=110797179710695&w=2 http://secunia.com/advisories/13608 http://securitytracker.com/id?1012650 http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false http://www.kb.cert.org/vuls/id/647438 http://www.securityfocus.com/bid/12077 https://exchange.xforce.ibmcloud.com/vulnerabilities/18636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701 •
CVE-2004-1375
https://notcve.org/view.php?id=CVE-2004-1375
Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. • http://marc.info/?l=bugtraq&m=110384155209555&w=2 http://www.ciac.org/ciac/bulletins/p-085.shtml http://www.securityfocus.com/bid/12098 https://exchange.xforce.ibmcloud.com/vulnerabilities/18674 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5435 •
CVE-2004-1029 – Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
https://notcve.org/view.php?id=CVE-2004-1029
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2004-0965
https://notcve.org/view.php?id=CVE-2004-0965
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. • http://marc.info/?l=bugtraq&m=109837243713696&w=2 http://www.nsfocus.com/english/homepage/research/0402.htm http://www.securityfocus.com/advisories/7351 http://www.securityfocus.com/bid/11493 https://exchange.xforce.ibmcloud.com/vulnerabilities/17813 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5538 •