CVE-2004-0667
https://notcve.org/view.php?id=CVE-2004-0667
Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows access to sys_creat, sys_open, and sys_mknod inside jails, which could allow local users to gain elevated privileges. • http://marc.info/?l=bugtraq&m=108861182906067&w=2 http://marc.info/?l=bugtraq&m=108879977120430&w=2 http://www.rsbac.org/download/bugfixes http://www.securityfocus.com/bid/10640 https://exchange.xforce.ibmcloud.com/vulnerabilities/16552 •
CVE-2004-0456
https://notcve.org/view.php?id=CVE-2004-0456
Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly other versions allows remote web sites to execute arbitrary code via a long HTTP Location header. Desbordamiento basado en la pila en pavuk 0.9pl28, 0.9pl27, y posiblemente otras versiones permite a sitios web remotos ejecutar código de su elección mediante una cabecera de localización HTTP larga. • http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/023322.html http://security.gentoo.org/glsa/glsa-200406-22.xml http://www.debian.org/security/2004/dsa-527 http://www.securityfocus.com/bid/10633 https://exchange.xforce.ibmcloud.com/vulnerabilities/16551 •
CVE-2004-0608 – Unreal Tournament 2004 (Linux) - 'secure' Remote Overflow
https://notcve.org/view.php?id=CVE-2004-0608
The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation 390 and earlier, Mobile Forces 20000 and earlier, Nerf Arena Blast 1.2 and earlier, Postal 2 1337 and earlier, Rune 107 and earlier, Tactical Ops 3.4.0 and earlier, Unreal 1 226f and earlier, Unreal II XMP 7710 and earlier, Unreal Tournament 451b and earlier, Unreal Tournament 2003 2225 and earlier, Unreal Tournament 2004 before 3236, Wheel of Time 333b and earlier, and X-com Enforcer, allows remote attackers to execute arbitrary code via a UDP packet containing a secure query with a long value, which overwrites memory. El Motor de Unreal, usado en in DeusEx 1.112fm y anteriores, , Devastation 390 y anteriores, Mobile Forces 20000 y anteriores, Nerf Arena Blast 1.2 y anteriores, Postal 2 1337 y anteriores, Rune 107 y anteriores, Tactical Ops 3.4.0 y anteriores, Unreal 1 226f y anteriores, Unreal II XMP 7710 y anteriores, Unreal Tournament 451b y anteriores, Unreal Tournament 2003 2225 y anteriores, Unreal Tournament 2004 anteriores a 3236, Wheel of Time 333b y anteriores, and X-com Enforcer permite a atacantes remotos ejecutar código de su elección mediante un paquete UDP conteniendo una consulta segura con un valor largo, lo que sobreescribe memoria. • https://www.exploit-db.com/exploits/16848 https://www.exploit-db.com/exploits/10032 https://www.exploit-db.com/exploits/16693 http://aluigi.altervista.org/adv/unsecure-adv.txt http://marc.info/?l=bugtraq&m=108787105023304&w=2 http://www.gentoo.org/security/en/glsa/glsa-200407-14.xml http://www.securityfocus.com/bid/10570 https://exchange.xforce.ibmcloud.com/vulnerabilities/16451 •
CVE-2004-0604
https://notcve.org/view.php?id=CVE-2004-0604
The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows remote attackers to cause a denial of service (crash), possibly via an empty search query, which triggers a NULL dereference. El cliente y servidor HTTP de giFT-FastTrack 0.8.6 y anteriores permite a atacantes remotos causar una denegación de servicio (caída), posiblemente mediante una consulta de búsqueda vacía, lo que dispara una desreferencia de puntero NULL. • http://developer.berlios.de/bugs/?func=detailbug&bug_id=1573&group_id=809 http://gift-fasttrack.berlios.de http://secunia.com/advisories/11941 http://www.gentoo.org/security/en/glsa/glsa-200406-19.xml http://www.securityfocus.com/bid/10604 https://exchange.xforce.ibmcloud.com/vulnerabilities/16508 •
CVE-2004-0493 – Apache - Arbitrary Long HTTP Headers Denial of Service
https://notcve.org/view.php?id=CVE-2004-0493
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters. La función ap_get_mime_headers_core de Apache httpd 2.0.49 permite a atacantes remotos causar una denegación de servicio (consumición de memoria) y posiblemente un error de entero sin signo que conduce a un desbordamiento de búfer basado en el montón en en sistemas de 64 bits, mediante líneas de cabecera largas con muchos caractéres espacio o tabulador. • https://www.exploit-db.com/exploits/371 https://www.exploit-db.com/exploits/360 http://lists.grok.org.uk/pipermail/full-disclosure/2004-June/023133.html http://marc.info/?l=bugtraq&m=108853066800184&w=2 http://marc.info/?l=bugtraq&m=109181600614477&w=2 http://security.gentoo.org/glsa/glsa-200407-03.xml http://www.apacheweek.com/features/security-20 http://www.guninski.com/httpd1.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:064 http://www.r •