CVSS: 6.5EPSS: 1%CPEs: 43EXPL: 4CVE-2004-1613
https://notcve.org/view.php?id=CVE-2004-1613
18 Oct 2004 — Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme. • http://lcamtuf.coredump.cx/mangleme/gallery •
CVSS: 7.5EPSS: 9%CPEs: 27EXPL: 0CVE-2004-0807 – samba30x.txt
https://notcve.org/view.php?id=CVE-2004-0807
13 Sep 2004 — Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. Samba 3.0.x is susceptible to multiple denial of services bugs that can remotely crash the daemons nmbd and smbd. • ftp://patches.sgi.com/support/free/security/advisories/20041201-01-P •
CVSS: 6.8EPSS: 3%CPEs: 21EXPL: 2CVE-2004-0639 – SquirrelMail 1.2.x - From Email Header HTML Injection
https://notcve.org/view.php?id=CVE-2004-0639
09 Jul 2004 — Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados en Squirrelmail 1.2.10 y anteriores permiten a atacantes remotos inyectar HTML o script d... • https://www.exploit-db.com/exploits/24167 •
CVSS: 10.0EPSS: 21%CPEs: 17EXPL: 0CVE-2004-0492 – httpd mod_proxy buffer overflow
https://notcve.org/view.php?id=CVE-2004-0492
23 Jun 2004 — Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied. Desbordamiento de búfer basado en el montón en proxy_util.c de mod_proxy en Apache 1.3.25 a 1.3.31 permite a atacantes remotos causar un denegación de servicio (caída del proceso) y posiblemente ejecutar código de su elecció... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2004-0136 – HexView Security Advisory 2004-06-01.01
https://notcve.org/view.php?id=CVE-2004-0136
18 Jun 2004 — The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system crash) via a "corrupted binary." La llamada a la función mapelf32exec en IRIX 6.5.20 6.5.24 permite a usuarios locales causar una denegación de servicio (caída del sistema) mediante un "binario corrupto". Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write... • ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc •
CVSS: 7.8EPSS: 0%CPEs: 103EXPL: 0CVE-2004-0135 – HexView Security Advisory 2004-06-01.01
https://notcve.org/view.php?id=CVE-2004-0135
18 Jun 2004 — The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allows local users to gain privileges by reading and writing to kernel memory. La llamada de sistema syssgi SGI_IOPROVE en IRIX 6.5.20 a 6.5.24 permite a usuarios locales ganar privilegios leyendo y escribiendo en la memoria del kernel. Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssgi system call SGI_IOPROBE to read and write kernel memory which... • ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2004-0137 – HexView Security Advisory 2004-06-01.01
https://notcve.org/view.php?id=CVE-2004-0137
18 Jun 2004 — Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows local users to cause a denial of service (system panic) as a result of "page invalidation issues." Vulnerabilidad desconocida en init de IRIX 6.5.20 A 6.5.24 permite a usuarios locales causar una denegación de servicio (pánico de sistema) como resultado de "problemas con invalidación de página". Adam Gowdiak from the Poznan Supercomputing and Networking Center has reported that under certain conditions non privileged users can use the syssg... • ftp://patches.sgi.com/support/free/security/advisories/20040601-01-P.asc •
CVSS: 10.0EPSS: 14%CPEs: 29EXPL: 0CVE-2004-0418 – 092004.txt
https://notcve.org/view.php?id=CVE-2004-0418
10 Jun 2004 — serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data. serve_notify en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 no maneja adecuadamente líneas de datos vacías, lo que puede permitir a atacantes remotos realizar una escritura "fuera de límites" en un solo byte para ejecutar código arbitrario o modificar datos... • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 10.0EPSS: 5%CPEs: 29EXPL: 0CVE-2004-0414 – 092004.txt
https://notcve.org/view.php?id=CVE-2004-0414
10 Jun 2004 — CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution. CVS 1.12.z a 1.12.8, y 1.11.x a 1.11.16, no maneja adecuadamente líneas "Entry" malformadas, lo que impide que un terminador NULL sea usado y puede conducir a una denegación de servicio (caída), modificación de datos de programa críticos, o ejec... • ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc •
CVSS: 7.5EPSS: 4%CPEs: 29EXPL: 0CVE-2004-0417 – 092004.txt
https://notcve.org/view.php?id=CVE-2004-0417
10 Jun 2004 — Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space. Desobordamiento de enteros en la orden de protocolo CVS "Max-dotdot" (serve_max_dotdot) en CVS 1.12.x a 1.12.8 y 1.11.x a 1.11.16 puede permitir a atacantes remotos causar una caída del servidor, lo que podría hacer que datos temporales permanezca... • ftp://patches.sgi.com/support/free/security/advisories/20040605-01-U.asc •