CVE-2004-0421 – CAN-2004-0421 libpng can access out of bounds memory
https://notcve.org/view.php?id=CVE-2004-0421
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. La librería de Graficos de Red Portables (libpng) 1.0.15 y anteriores permiten a atacantes causar una denegación de servicio (caída) mediante un fichero de imagen PNG que dispara un error que causa un lectura fuera de límites cuando se crea el mensaje de error. • http://lists.apple.com/mhonarc/security-announce/msg00056.html http://marc.info/?l=bugtraq&m=108334922320309&w=2 http://marc.info/?l=bugtraq&m=108335030208523&w=2 http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2 http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2 http://secunia.com/advisories/22957 http://secunia.com/advisories/22958 http://www.debian.org/security/2004/dsa-498 http://www.mandriva.com/security/advisories? • CWE-125: Out-of-bounds Read •
CVE-2003-0615
https://notcve.org/view.php?id=CVE-2003-0615
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en parámetro "action" del formulario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713 http://marc.info/?l=bugtraq&m=105880349328877&w=2 http://marc.info/?l=bugtraq&m=106018783704468&w=2 http://marc.info/?l=full-disclosure&m=105875211018698&w=2 http://secunia.com/advisories/13638 http://securitytracker.com/id? •
CVE-2003-0190 – OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident
https://notcve.org/view.php?id=CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. OpenSSH-portable (OpenSSH) 3.6.1p1 y anteriores con soporte PAM activado envía inmediatamente un mensaje de error cuando un usuario no existe, lo que permite a atacantes remotos determinar nombres de usuario válidos mediante un ataque de temporización. • https://www.exploit-db.com/exploits/26 https://www.exploit-db.com/exploits/25 https://www.exploit-db.com/exploits/3303 http://lab.mediaservice.net/advisory/2003-01-openssh.txt http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html http://marc.info/?l=bugtraq&m=105172058404810&w=2 http://marc.info/?l=bugtraq&m=106018677302607&w=2 http://www.redhat.com/support/errata/RHSA-2003-222.html http://www.redhat.com/support/errata/RHSA-2003-224.html • CWE-203: Observable Discrepancy •