CVSS: 10.0EPSS: 3%CPEs: 22EXPL: 0CVE-2004-1067
https://notcve.org/view.php?id=CVE-2004-1067
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username. Error de fuera-por-uno en la función myasl_canon_user en Cyrus IMAP Server 2.2.9 y anteriores conduce a un desbordamiento de búfer, lo que puede permitir a atacantes remotos ejecutar código de su elección mediante el nombre de usuario. • http://asg.web.cmu.edu/cyrus/download/imapd/changes.html http://www.securityfocus.com/bid/11738 https://exchange.xforce.ibmcloud.com/vulnerabilities/18333 https://www.ubuntu.com/usn/usn-37-1 •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1063
https://notcve.org/view.php?id=CVE-2004-1063
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** No usar este número de candidata. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915 http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.osvdb.org/12412 http://www.php.net/release_4_3_10.php http://www.securityfocus.com/advisories/9028 http://www.securityfocus.com/archive/1/384545 http://www&# •
CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0CVE-2004-1064
https://notcve.org/view.php?id=CVE-2004-1064
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** No usar este número de candidata. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915 http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.php.net/release_4_3_10.php http://www.securityfocus.com/advisories/9028 http://www.securityfocus.com/archive/1/384545 http://www.securityfocus.com/bid/11964 https: •
CVSS: 7.2EPSS: 0%CPEs: 32EXPL: 0CVE-2004-1151
https://notcve.org/view.php?id=CVE-2004-1151
Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm86_warning functions in sys_ia32.c for Linux 2.6.x may allow local attackers to modify kernel memory and gain privileges. • http://linux.bkbits.net:8080/linux-2.6/cset%401.2079 http://linux.bkbits.net:8080/linux-2.6/gnupatch%4041ae6af1cR3mJYlW6D8EHxCKSxuJiQ http://marc.info/?l=bugtraq&m=110306397320336&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:022 http://www.novell.com/linux/security/advisories/2004_44_kernel.html http://www.ussg.iu.edu/hypermail/linux/kernel/0411.3/1467.html •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 2CVE-2004-1018 – PHP 3/4/5 - Multiple Local/Remote Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1018
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** NO USE ESTE NÚMERO DE CANDIDATA. • https://www.exploit-db.com/exploits/24854 https://www.exploit-db.com/exploits/24855 http://marc.info/?l=bugtraq&m=110314318531298&w=2 http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.osvdb.org/12411 http://www.php.net/release_4_3_10.php http://www.redhat.com/support/errata/RHSA-2005-032.html http://www.redhat.com/support& •