CVSS: 10.0EPSS: 34%CPEs: 25EXPL: 1CVE-2004-0990 – GD Graphics Library - Local Heap Overflow
https://notcve.org/view.php?id=CVE-2004-0990
28 Oct 2004 — Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. Wait.. No.. what is this? Even more potential integer overflows have been found in the GD graphics library which were not covered by security ad... • https://www.exploit-db.com/exploits/600 •
CVSS: 7.8EPSS: 5%CPEs: 21EXPL: 3CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
26 Oct 2004 — Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 9.8EPSS: 17%CPEs: 74EXPL: 0CVE-2004-0803 – dsa-567.txt
https://notcve.org/view.php?id=CVE-2004-0803
26 Oct 2004 — Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. Múltiples vulnerabilidades en los decodificadores RLE (run length encoding) de libtiff 3.6.1 y anteriores, relacionadas con desbordamientos de enteros y de búfer, permite a atacantes remotos ejecutar código arbitrario mediante ficheros TIFF. Several problems have been discovered in libtiff, the Ta... • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 •
CVSS: 7.5EPSS: 11%CPEs: 75EXPL: 1CVE-2004-0886 – dsa-567.txt
https://notcve.org/view.php?id=CVE-2004-0886
26 Oct 2004 — Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. Several problems have been discovered in libtiff, the Tag Image File Format library for processing TIFF graphics files. An attacker could prepare a specially crafted TIFF graphic that would cause the client to execute arbitrary code or crash. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 •
CVSS: 7.8EPSS: 0%CPEs: 99EXPL: 0CVE-2004-0957 – dsa-707.txt
https://notcve.org/view.php?id=CVE-2004-0957
21 Oct 2004 — Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. Debian Security Advisory 707-1. Multiple issues with MySQL, including: incorrect privilege handling (users get illegitimate access to databases named similarly to those they have legitimate access to), arbitrary command execution for any user that h... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 •
CVSS: 7.5EPSS: 68%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
13 Oct 2004 — The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. Remote exploitation of a design error in the SNMP module of Squid Web Proxy Cache may lead to a denial of service. The problem specifically exists due to an ASN1 parsing error where certain header length combinations can slip through the validati... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt • CWE-399: Resource Management Errors •
CVSS: 10.0EPSS: 59%CPEs: 7EXPL: 2CVE-2004-0600 – Samba 3.0.4 - SWAT Authorisation Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0600
22 Jul 2004 — Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication. Desbordamiento de búfer en la Herramienta de Adminstración Web de Samba (SWAT) en Samba 3.0.2 a 3.0.4 permite a atacantes remotos ejecutar código de su elección mediante un carácter en base-64 inválido durante autenticación básica HTTP. Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun ... • https://packetstorm.news/files/id/33855 •
CVSS: 9.8EPSS: 8%CPEs: 5EXPL: 0CVE-2004-0686 – sambaOverruns.txt
https://notcve.org/view.php?id=CVE-2004-0686
22 Jul 2004 — Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. Desbordamiento de búfer en Samba 2.2.x a 2.2.9 y 3.0.0 a 3.0.4, cuando la opción "mangling method = hash" está establecida en smb.conf, con impacto y vectores de ataque desconocidos. Samba versions greater or equal to 2.2.29 and 3.0.0 have a buffer overrun located in the code used to support the mangling method = hash smb.conf option. Versions 3... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 •
CVSS: 9.8EPSS: 78%CPEs: 18EXPL: 2CVE-2004-0594 – PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-0594
14 Jul 2004 — The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. La funcionalidad memory_limit de PHP 4.x a 4.3.7 y 5.x a 5.0.0RC3, bajo ciertas condiciones, como cuando register_globals es... • https://packetstorm.news/files/id/35185 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.8EPSS: 31%CPEs: 38EXPL: 2CVE-2004-0595 – PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass
https://notcve.org/view.php?id=CVE-2004-0595
14 Jul 2004 — The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities. La función strip_tags en PHP 4.x hasta 4.3.7, y 5.x hasta 5.0.0RC3, no filtra caractéres null() dentro de nombreres de etiquetas cuanto se r... • https://www.exploit-db.com/exploits/24280 •