CVE-2004-0867
https://notcve.org/view.php?id=CVE-2004-0867
Mozilla Firefox 0.9.2 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. NOTE: it was later reported that 2.x is also affected. Mozilla Firefox 0.9.2 pemite a sitios web establecer cookies para dominios de nivel superior específicos de países, como .ltd.uk, .plc.uk, y .sch.uk, lo que podría permitir a atacantes remotos realizar ataques de fijación de sesión y secuestrar sesiones HTTP de un usuario. NOTA: se ha informado posteriormente que la versión 2.X también se encuentra afectada por esta vulnerabilidad. • http://kuza55.blogspot.com/2008/02/understanding-cookie-security.html http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://secunia.com/advisories/12580 http://securitytracker.com/id?1011331 http://www.securityfocus.com/bid/11186 https://bugzilla.mozilla.org/show_bug.cgi?id=252342 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2004-0866
https://notcve.org/view.php?id=CVE-2004-0866
Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 http://securitytracker.com/id?1011332 http://www.securityfocus.com/bid/11186 https://exchange.xforce.ibmcloud.com/vulnerabilities/17415 •
CVE-2004-0905
https://notcve.org/view.php?id=CVE-2004-0905
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 http://marc.info/?l=bugtraq&m=109698896104418&w=2 http://marc.info/?l=bugtraq&m=109900315219363&w=2 http://security.gentoo.org/glsa/glsa-200409-26.xml http://www.kb.cert.org/vuls/id/651928 http://www.mozilla.org/projects/security/known-vulnerabilities.html#mozilla1.7.3 http://www.novell.com/linux/security/advisories/2004_36_mozilla.html http://www.securityfocus.com/bid/11177 http://www.us-cert.gov/cas/techalerts& •
CVE-2004-0496
https://notcve.org/view.php?id=CVE-2004-0496
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. Multiples vulnerabilidades desconocidas en el kernel 2.6 de Linux permite a usuarios locales ganar privilegios o acceder a memoria del kernel, un grupo de vulerabilidades distinto de los identificado por CAN-2004-0495, como se ha encontrado con la herramienta de comprobación de código fuente Sparse • http://www.novell.com/linux/security/advisories/2004_20_kernel.html https://exchange.xforce.ibmcloud.com/vulnerabilities/16625 •
CVE-2004-0461
https://notcve.org/view.php?id=CVE-2004-0461
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code. El demonio DHCP (DHCPD) de ISC DHCP 3.0.1rc12 y 3.0.1rc13, cuando se compila en entornos que no proveen la función vsnprintf, usa ficheros de inclusión de C que definen vsnprintf usando la función menos segura vsprintf, lo que puede ocasionar vulnerabilidades de desbordamiento de búfer que permitan una denegación de servicio (caída del servidor) y la ejecución de código arbitrario. • http://marc.info/?l=bugtraq&m=108795911203342&w=2 http://marc.info/?l=bugtraq&m=108843959502356&w=2 http://marc.info/?l=bugtraq&m=108938625206063&w=2 http://secunia.com/advisories/23265 http://www.kb.cert.org/vuls/id/654390 http://www.mandriva.com/security/advisories?name=MDKSA-2004:061 http://www.novell.com/linux/security/advisories/2004_19_dhcp_server.html http://www.securityfocus.com/bid/10591 http://www.us-cert.gov/cas/techalerts/TA04-174A.html http:/ •