CVSS: 10.0EPSS: 5%CPEs: 16EXPL: 1CVE-2004-1304 – File ELF 4.x - Header Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-1304
22 Dec 2004 — Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file. • https://www.exploit-db.com/exploits/24784 •
CVSS: 8.8EPSS: 5%CPEs: 68EXPL: 0CVE-2004-1307
https://notcve.org/view.php?id=CVE-2004-1307
21 Dec 2004 — Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html •
CVSS: 10.0EPSS: 0%CPEs: 40EXPL: 0CVE-2004-0914 – openmotif21 stack overflows in libxpm
https://notcve.org/view.php?id=CVE-2004-0914
15 Dec 2004 — Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candida... • http://rhn.redhat.com/errata/RHSA-2004-537.html •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2004-1025
https://notcve.org/view.php?id=CVE-2004-1025
15 Dec 2004 — Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. Múltiples desbordamientos de búfer basados en el montón en imlib 1.9.14 y anteriores, que es usado en gkrellm y varios gestores de ventas, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y ejecutar código de su elección mediante cie... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:007 •
CVSS: 8.8EPSS: 4%CPEs: 6EXPL: 2CVE-2004-1161 – RSSH 2.x - Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2004-1161
10 Dec 2004 — rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S. • https://www.exploit-db.com/exploits/24795 •
CVSS: 10.0EPSS: 2%CPEs: 7EXPL: 0CVE-2004-1026
https://notcve.org/view.php?id=CVE-2004-1026
10 Dec 2004 — Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. Múltiples desbordamientos de búfer en el manejador de imágenes de imlib 1.9.14 y anteriores, que es usado en gkrellm y varios gestores de ventanas, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) y ejecutar código arbitr... • http://www.debian.org/security/2005/dsa-628 •
CVSS: 8.8EPSS: 0%CPEs: 10EXPL: 1CVE-2004-1162
https://notcve.org/view.php?id=CVE-2004-1162
10 Dec 2004 — The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags. • http://marc.info/?l=bugtraq&m=110202047507273&w=2 •
CVSS: 6.8EPSS: 1%CPEs: 8EXPL: 0CVE-2004-1106
https://notcve.org/view.php?id=CVE-2004-1106
01 Dec 2004 — Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earlier allows remote attackers to execute arbitrary web script or HTML via "specially formed URLs," possibly via the include parameter in index.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Gallery 1.4.4-pl3 y anteriores permite a atacantes remotos ejecutar script web o HTML de su elección mediante "URL s especialmente malformadas", posiblemente mediante un parámetro include en index.php • http://g3cko.info/gallery2-4.patch •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1117
https://notcve.org/view.php?id=CVE-2004-1117
01 Dec 2004 — The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. • http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2004-1116
https://notcve.org/view.php?id=CVE-2004-1116
01 Dec 2004 — The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs. • http://www.gentoo.org/security/en/glsa/glsa-200411-26.xml •