CVSS: 7.5EPSS: 13%CPEs: 48EXPL: 2CVE-2004-0936 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-0936
19 Nov 2004 — RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. • https://www.exploit-db.com/exploits/629 •
CVSS: 7.7EPSS: 13%CPEs: 48EXPL: 2CVE-2004-0937 – Multiple AntiVirus - '.zip' Detection Bypass
https://notcve.org/view.php?id=CVE-2004-0937
19 Nov 2004 — Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. • https://www.exploit-db.com/exploits/629 •
CVSS: 10.0EPSS: 5%CPEs: 42EXPL: 0CVE-2004-0891
https://notcve.org/view.php?id=CVE-2004-0891
21 Oct 2004 — Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer. • http://gaim.sourceforge.net/security/?id=9 •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2004-0834
https://notcve.org/view.php?id=CVE-2004-0834
20 Oct 2004 — Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. Vulnerabilidad de cadena de formato en Speedtouch USB driver anteriores a 1.3.1 permite a usuarios locales ejecutar código de su elección mediante modem_run pppoa2, o pppoa3 • http://sourceforge.net/project/showfiles.php?group_id=32758&package_id=28264&release_id=271734 •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0880
https://notcve.org/view.php?id=CVE-2004-0880
24 Sep 2004 — getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2004-0881
https://notcve.org/view.php?id=CVE-2004-0881
24 Sep 2004 — getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as root, allows local users to write files in arbitrary directories via a symlink attack on subdirectories in the maildir. • http://marc.info/?l=bugtraq&m=109571883130372&w=2 •
CVSS: 7.5EPSS: 14%CPEs: 30EXPL: 1CVE-2004-0809
https://notcve.org/view.php?id=CVE-2004-0809
16 Sep 2004 — The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. • http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33 •
CVSS: 9.1EPSS: 1%CPEs: 27EXPL: 0CVE-2004-0746
https://notcve.org/view.php?id=CVE-2004-0746
14 Sep 2004 — Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión... • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 •
CVSS: 9.8EPSS: 3%CPEs: 34EXPL: 0CVE-2004-0500
https://notcve.org/view.php?id=CVE-2004-0500
02 Sep 2004 — Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. Desbordamiento de búfer en los conectores de protocolo MSN (1) object.c y (2) slp.c en Gaim anteriores a 0.83 permite a atacantes remotos causar una denegación de servicio y posiblemente ejecutar código de su elección mediante mensajes de protocolo MSNS... • http://gaim.sourceforge.net/security/?id=0 •
CVSS: 9.8EPSS: 3%CPEs: 20EXPL: 3CVE-2004-1737 – RaXnet Cacti 0.6.x/0.8.x - 'Auth_Login.php' SQL Injection
https://notcve.org/view.php?id=CVE-2004-1737
16 Aug 2004 — SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. • https://www.exploit-db.com/exploits/24375 •