CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 0CVE-2004-1110
https://notcve.org/view.php?id=CVE-2004-1110
The mtink status monitor before 1.0.5 for Epson printers allows local users to overwrite arbitrary files via a symlink attack on the epson temporary file. • http://bugs.gentoo.org/show_bug.cgi?id=70310 http://www.gentoo.org/security/en/glsa/glsa-200411-17.xml http://www.securityfocus.com/bid/11640 https://exchange.xforce.ibmcloud.com/vulnerabilities/18011 •
CVSS: 6.8EPSS: 0%CPEs: 17EXPL: 2CVE-2004-1055
https://notcve.org/view.php?id=CVE-2004-1055
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser. • http://www.netvigilance.com/html/advisory0005.htm http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2004-3 https://exchange.xforce.ibmcloud.com/vulnerabilities/18158 •
CVSS: 10.0EPSS: 10%CPEs: 8EXPL: 0CVE-2004-0947
https://notcve.org/view.php?id=CVE-2004-0947
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. • http://lwn.net/Articles/121827 http://www.debian.org/security/2005/dsa-652 http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml http://www.redhat.com/support/errata/RHSA-2005-007.html http://www.securityfocus.com/bid/11665 https://exchange.xforce.ibmcloud.com/vulnerabilities/18044 https://access.redhat.com/security/cve/CVE-2004-0947 https://bugzilla.redhat.com/show_bug.cgi?id=1617328 •
CVSS: 9.3EPSS: 19%CPEs: 157EXPL: 1CVE-2004-1029 – Sun Java Runtime Environment 1.x Java Plugin - JavaScript Security Restriction Bypass
https://notcve.org/view.php?id=CVE-2004-1029
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1031
https://notcve.org/view.php?id=CVE-2004-1031
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ. • http://security.gentoo.org/glsa/glsa-200411-27.xml http://www.idefense.com/application/poi/display?id=157&type=vulnerabilities&flashstatus=false http://www.securityfocus.com/bid/11684 https://exchange.xforce.ibmcloud.com/vulnerabilities/18076 •