CVSS: 9.8EPSS: 5%CPEs: 111EXPL: 1CVE-2004-1471 – CVS 1.11.x - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-1471
31 Dec 2004 — Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line. • https://www.exploit-db.com/exploits/24182 •
CVSS: 10.0EPSS: 7%CPEs: 65EXPL: 0CVE-2004-1019
https://notcve.org/view.php?id=CVE-2004-1019
22 Dec 2004 — The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results. El código de deserialización en PHP anteriores a 4.3.10 y PHP 5.x hasta 5.0.2 permite a atacantes remotos causar una denegación de servicio y ejecutar código de su elección mediante datos "no de confianza" ... • http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00029.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 8%CPEs: 65EXPL: 0CVE-2004-1065
https://notcve.org/view.php?id=CVE-2004-1065
22 Dec 2004 — Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file. Desbordamiento de búfer en la función exif_read_data de PHP anteriores a 4.3.10 y PHP 5.x hasta 5.0.2 permite a atacantes remotos ejecutar código arbitrario mediante un nombre de sección largo en un fichero de imagen. • http://msgs.securepoint.com/cgi-bin/get/bugtraq0412/157.html •
CVSS: 10.0EPSS: 16%CPEs: 23EXPL: 0CVE-2004-1011
https://notcve.org/view.php?id=CVE-2004-1011
01 Dec 2004 — Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015. Desbordamiento basado en la pila en Cyrus IMAP Server 2.2.4 a 2.2.8, con la opción imapmagicplus establecida, permite a atacantes remotos ejecuta código de su elección mediante un comando PROXY o LOGIN largo, una vulnerabilidad distinta de CAN-2004-1015. • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 •
CVSS: 10.0EPSS: 10%CPEs: 23EXPL: 0CVE-2004-1012
https://notcve.org/view.php?id=CVE-2004-1012
01 Dec 2004 — The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption. El procesador de argumentos de la orden PARTIAL de Cyrus IMAP Server 2.2.6 y anteriores permite a usuarios remotos autentificados ejecutar código de su elección mediante una cierta orden ("body[p") ... • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 •
CVSS: 10.0EPSS: 10%CPEs: 23EXPL: 0CVE-2004-1013
https://notcve.org/view.php?id=CVE-2004-1013
01 Dec 2004 — The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption. El procesador de argumentos de la orden FETCH de Cyrus IMAP Server 2.2.x a 2.2.8 permite a usuarios remotos autenticados ejecutar código de su elección mediante ciertos comandos como (1) "body[p", (2) "bina... • http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-announce&msg=143 •
CVSS: 10.0EPSS: 36%CPEs: 25EXPL: 1CVE-2004-0990 – GD Graphics Library - Local Heap Overflow
https://notcve.org/view.php?id=CVE-2004-0990
28 Oct 2004 — Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941. • https://www.exploit-db.com/exploits/600 •
CVSS: 7.8EPSS: 4%CPEs: 21EXPL: 3CVE-2004-0940 – Apache 1.3.31 mod_include - Local Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0940
26 Oct 2004 — Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 7.5EPSS: 68%CPEs: 26EXPL: 0CVE-2004-0918 – Squid SNMP DoS
https://notcve.org/view.php?id=CVE-2004-0918
21 Oct 2004 — The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 99EXPL: 0CVE-2004-0957
https://notcve.org/view.php?id=CVE-2004-0957
21 Oct 2004 — Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947 •