CVE-2004-0803
https://notcve.org/view.php?id=CVE-2004-0803
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. Múltiples vulnerabilidades en los decodificadores RLE (run length encoding) de libtiff 3.6.1 y anteriores, relacionadas con desbordamientos de enteros y de búfer, permite a atacantes remotos ejecutar código arbitrario mediante ficheros TIFF. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 http://marc.info/?l=bugtraq&m=109778785107450&w=2 http://scary.beasts.org/security/CESA-2004-006.txt http://secunia.com/advisories/12818 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 http://www.debian.org/security/2004/dsa-567 http://www.gentoo.org/security/en/glsa/glsa-200410-11.xml http://www.kb.cert& •
CVE-2004-0746
https://notcve.org/view.php?id=CVE-2004-0746
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. Konqueror en KDE 3.2.3 Y anteriores pemiten a sitios web establecer cookies para dominios de nivel superior específicos de países, como ltd.uk o com.es, lo que podría permitir a atacantes remotos realizar un ataque de fijación de sesión y secuestrar una sesión HTTP de un usuario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109327681304401&w=2 http://secunia.com/advisories/12341 http://www.kde.org/info/security/advisory-20040823-1.txt http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:086 http://www.securityfocus.com/bid/10991 https://exchange.xforce.ibmcloud.com/vulnerabilities/17063 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11281 https://access& •
CVE-2004-0690
https://notcve.org/view.php?id=CVE-2004-0690
The DCOPServer in KDE 3.2.3 and earlier allows local users to gain unauthorized access via a symlink attack on DCOP files in the /tmp directory. El servidor DCOP en KDE 3.2.3 y anteriores permite a usuarios locales ganar acceso autorizado mediante un ataque de enlaces simbólicos en ficheros DCOP en el directorio /tmp. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=261386 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.kb.cert.org/vuls/id/330638 http://www.kde.org/info/security/advisory-20040811-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:086 http://www.securityfocus.com/bid/10924 https:/ •
CVE-2004-0689
https://notcve.org/view.php?id=CVE-2004-0689
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. KDE 3.3.0 no maneja adecuadamente ciertos enlaces simbólicos que apuntan a localizaciones "gastadas", lo que podría permitir a usaurios locales crear o truncar ficheros arbitrarios. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://secunia.com/advisories/12276 http://security.gentoo.org/glsa/glsa-200408-13.xml http://www.debian.org/security/2004/dsa-539 http://www.kde.org/info/security/advisory-20040811-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/16963 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9334 https://access.redhat.com/se • CWE-59: Improper Link Resolution Before File Access ('Link Following') •