CVE-2004-0421 – CAN-2004-0421 libpng can access out of bounds memory
https://notcve.org/view.php?id=CVE-2004-0421
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message. La librería de Graficos de Red Portables (libpng) 1.0.15 y anteriores permiten a atacantes causar una denegación de servicio (caída) mediante un fichero de imagen PNG que dispara un error que causa un lectura fuera de límites cuando se crea el mensaje de error. • http://lists.apple.com/mhonarc/security-announce/msg00056.html http://marc.info/?l=bugtraq&m=108334922320309&w=2 http://marc.info/?l=bugtraq&m=108335030208523&w=2 http://marc.info/?l=fedora-announce-list&m=108451350029261&w=2 http://marc.info/?l=fedora-announce-list&m=108451353608968&w=2 http://secunia.com/advisories/22957 http://secunia.com/advisories/22958 http://www.debian.org/security/2004/dsa-498 http://www.mandriva.com/security/advisories? • CWE-125: Out-of-bounds Read •
CVE-2004-0333 – WinZip - MIME Parsing Overflow
https://notcve.org/view.php?id=CVE-2004-0333
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters. • https://www.exploit-db.com/exploits/272 http://secunia.com/advisories/10995 http://secunia.com/advisories/11019 http://www.ciac.org/ciac/bulletins/o-092.shtml http://www.idefense.com/application/poi/display?id=76&type=vulnerabiliti&flashstatus=true http://www.kb.cert.org/vuls/id/116182 http://www.openpkg.org/security/OpenPKG-SA-2004.006-uudeview.html http://www.osvdb.org/4119 http://www.securityfocus.com/bid/9758 http://www.winzip.com/fmwz90.htm https://exchang •
CVE-2003-0615
https://notcve.org/view.php?id=CVE-2003-0615
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados en start_form() de CGI.pm permite a atacantes remotos insertar script web mediante una URL que es introducida en parámetro "action" del formulario. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000713 http://marc.info/?l=bugtraq&m=105880349328877&w=2 http://marc.info/?l=bugtraq&m=106018783704468&w=2 http://marc.info/?l=full-disclosure&m=105875211018698&w=2 http://secunia.com/advisories/13638 http://securitytracker.com/id? •
CVE-2003-0190 – OpenSSH/PAM 3.6.1p1 - 'gossh.sh' Remote Users Ident
https://notcve.org/view.php?id=CVE-2003-0190
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack. OpenSSH-portable (OpenSSH) 3.6.1p1 y anteriores con soporte PAM activado envía inmediatamente un mensaje de error cuando un usuario no existe, lo que permite a atacantes remotos determinar nombres de usuario válidos mediante un ataque de temporización. • https://www.exploit-db.com/exploits/26 https://www.exploit-db.com/exploits/25 https://www.exploit-db.com/exploits/3303 http://lab.mediaservice.net/advisory/2003-01-openssh.txt http://lists.grok.org.uk/pipermail/full-disclosure/2003-April/004815.html http://marc.info/?l=bugtraq&m=105172058404810&w=2 http://marc.info/?l=bugtraq&m=106018677302607&w=2 http://www.redhat.com/support/errata/RHSA-2003-222.html http://www.redhat.com/support/errata/RHSA-2003-224.html • CWE-203: Observable Discrepancy •
CVE-2003-0147
https://notcve.org/view.php?id=CVE-2003-0147
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). • ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-014.0.txt ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0130.html http://crypto.stanford.edu/~dabo/papers/ssl-timing.pdf http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000625 http://marc.info/?l=bugtraq&m=104766550528628&w=2 http://marc.info/?l=bugtraq&m=104792570615648&w=2 http://marc.info/?l=bugtraq&m=104819602408063&w=2 •