CVSS: 7.8EPSS: 4%CPEs: 21EXPL: 3CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
26 Oct 2004 — Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 68%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
21 Oct 2004 — The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 99EXPL: 0CVE-2004-0957
https://notcve.org/view.php?id=CVE-2004-0957
21 Oct 2004 — Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2004-0977
https://notcve.org/view.php?id=CVE-2004-0977
20 Oct 2004 — The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136300 •
CVSS: 7.8EPSS: 2%CPEs: 10EXPL: 0CVE-2004-0801
https://notcve.org/view.php?id=CVE-2004-0801
16 Sep 2004 — Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows local users or remote attackers with access to CUPS to execute arbitrary commands. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.12/SCOSA-2005.12.txt •
CVSS: 7.5EPSS: 14%CPEs: 30EXPL: 1CVE-2004-0809
https://notcve.org/view.php?id=CVE-2004-0809
16 Sep 2004 — The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. • http://cvs.apache.org/viewcvs.cgi/httpd-2.0/modules/dav/fs/lock.c?r1=1.32&r2=1.33 •
CVSS: 9.1EPSS: 0%CPEs: 87EXPL: 1CVE-2004-0415 – Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure
https://notcve.org/view.php?id=CVE-2004-0415
05 Aug 2004 — Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory. • https://www.exploit-db.com/exploits/375 •
CVSS: 10.0EPSS: 59%CPEs: 7EXPL: 1CVE-2004-0600 – Samba 3.0.4 - SWAT Authorisation Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0600
23 Jul 2004 — Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication. Desbordamiento de búfer en la Herramienta de Adminstración Web de Samba (SWAT) en Samba 3.0.2 a 3.0.4 permite a atacantes remotos ejecutar código de su elección mediante un carácter en base-64 inválido durante autenticación básica HTTP. • https://www.exploit-db.com/exploits/364 •
CVSS: 9.8EPSS: 12%CPEs: 5EXPL: 0CVE-2004-0686
https://notcve.org/view.php?id=CVE-2004-0686
23 Jul 2004 — Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the "mangling method = hash" option is enabled in smb.conf, has unknown impact and attack vectors. Desbordamiento de búfer en Samba 2.2.x a 2.2.9 y 3.0.0 a 3.0.4, cuando la opción "mangling method = hash" está establecida en smb.conf, con impacto y vectores de ataque desconocidos. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000851 •
CVSS: 9.8EPSS: 86%CPEs: 18EXPL: 1CVE-2004-0594 – PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-0594
16 Jul 2004 — The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. La funcionalidad memory_limit de PHP 4.x a 4.3.7 y 5.x a 5.0.0RC3, bajo ciertas condiciones, como cuando register_globals es... • https://www.exploit-db.com/exploits/660 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •