CVSS: 7.5EPSS: 42%CPEs: 23EXPL: 0CVE-2004-0687 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0687
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file. Múltiples desbordamientos de búfer basados en la pila en (1) xpmParseColors en parse.c, (2) ParseAndPutPixels en create.c, y (3) ParsePixels en parse.c de libXpm anteriores a 6.8.1 permite a atacantes remotos ejecutar código de su elección mediante una imagen XPM malformada. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000924 http://ftp.x.org/pub/X11R6.8.0/patches/README.xorg-CAN-2004-0687-0688.patch http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://marc.info/?l=bugtraq&m=109530851323415&w=2 http://packetstormsecurity.com/files/170620/Solaris-10-dtprintinfo-libXm-libXpm-Security-Issues.html http://scary.beasts.org/security/CESA-2004-003.txt http://secunia.com/advisories/20235 http://sunsolve.sun.com/search&# •
CVSS: 7.5EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijación de sesión y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versión 2.X también se encuentra afectada por esta vulnerabilidad. • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://secunia.com/advisories/12580 http://securitytracker.com/id?1011331 http://www.securityfocus.com/bid/11186 https://bugzilla.mozilla.org/show_bug.cgi?id=252342 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 7%CPEs: 73EXPL: 0CVE-2004-0817
https://notcve.org/view.php?id=CVE-2004-0817
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1 http://www.debian.org/security/2004/dsa-548 http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:089 http://www.redhat.com/support/errata/RHSA-2004-465.html http://www.securityfocus.com/bid/11084 https://exchange.xforce.ibmcloud.com/vulnerabilities/17182 https://oval.cisecurity.org •
CVSS: 7.5EPSS: 4%CPEs: 73EXPL: 0CVE-2004-0827
https://notcve.org/view.php?id=CVE-2004-0827
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. • http://secunia.com/advisories/28800 http://sunsolve.sun.com/search/document.do?assetkey=1-26-231321-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201006-1 http://www.debian.org/security/2004/dsa-547 http://www.redhat.com/support/errata/RHSA-2004-480.html http://www.redhat.com/support/errata/RHSA-2004-494.html http://www.vupen.com/english/advisories/2008/0412 https://exchange.xforce.ibmcloud.com/vulnerabilities/17173 https://oval.cisecurity.org/repository/search& •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://securitytracker.com/id?1011332 http://www.securityfocus.com/bid/11186 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 •