Max CVSS 10.0 Min CVSS 2.1 Total Count35
IDCVSSSummaryLast (major) updatePublished
CVE-2005-0064 7.5
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
19-12-2016 - 21:59 02-05-2005 - 00:00
CVE-2004-1018 10.0
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underfl
07-12-2016 - 21:59 10-01-2005 - 00:00
CVE-2004-1019 10.0
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free
25-10-2016 - 21:59 10-01-2005 - 00:00
CVE-2005-0305 7.5
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
17-10-2016 - 23:10 02-05-2005 - 00:00
CVE-2005-0005 7.5
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
17-10-2016 - 23:07 02-05-2005 - 00:00
CVE-2005-0004 4.6
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.
17-10-2016 - 23:07 14-04-2005 - 00:00
CVE-2005-0001 6.9
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same vir
17-10-2016 - 23:07 02-05-2005 - 00:00
CVE-2004-1371 9.0
Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1370 7.5
Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.S
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1369 5.0
The TNS Listener in Oracle 10g allows remote attackers to cause a denial of service (listener crash) via a malformed service_register_NSGR request containing a value that is used as an invalid offset for a pointer that references incorrect memory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1368 7.8
ISQL*Plus in Oracle 10g Application Server allows remote attackers to execute arbitrary files via an absolute pathname in the file parameter to the load.uix script.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1367 4.4
Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow loca
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1365 4.6
Extproc in Oracle 9i and 10g does not require authentication to load a library or execute a function, which allows local users to execute arbitrary commands as the Oracle user.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1364 8.5
Directory traversal vulnerability in extproc in Oracle 9i and 10g allows remote attackers to access arbitrary libraries outside of the $ORACLE_HOME\bin directory.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1363 7.2
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1362 7.5
The PL/SQL module for the Oracle HTTP Server in Oracle Application Server 10g, when using the WE8ISO8859P1 character set, does not perform character conversions properly, which allows remote attackers to bypass access restrictions for certain procedu
17-10-2016 - 22:53 04-08-2004 - 00:00
CVE-2004-1235 6.2
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
17-10-2016 - 22:52 14-04-2005 - 00:00
CVE-2004-1189 7.2
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an arr
17-10-2016 - 22:52 31-12-2004 - 00:00
CVE-2004-1074 2.1
The binfmt functionality in the Linux kernel, when "memory overcommit" is enabled, allows local users to cause a denial of service (kernel oops) via a malformed a.out binary.
17-10-2016 - 22:51 10-01-2005 - 00:00
CVE-2004-0791 5.0
Multiple TCP/IP and ICMP implementations allow remote attackers to cause a denial of service (network throughput reduction for TCP connections) via a blind throughput-reduction attack using spoofed Source Quench packets, aka the "ICMP Source Quench a
17-10-2016 - 22:49 12-04-2005 - 00:00
CVE-2005-0003 2.1
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbit
03-08-2013 - 00:53 14-04-2005 - 00:00
CVE-2004-1237 2.1
Unknown vulnerability in the system call filtering code in the audit subsystem for Red Hat Enterprise Linux 3 allows local users to cause a denial of service (system crash) via unknown vectors.
21-08-2010 - 00:22 14-04-2005 - 00:00
CVE-2004-0971 2.1
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
21-08-2010 - 00:21 09-02-2005 - 00:00
CVE-2005-0186 5.0
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed p
04-03-2009 - 00:29 19-01-2005 - 00:00
CVE-2005-0020 7.2
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
10-09-2008 - 15:34 14-04-2005 - 00:00
CVE-2004-1300 10.0
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
10-09-2008 - 15:29 10-01-2005 - 00:00
CVE-2004-1188 10.0
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that l
10-09-2008 - 15:29 10-01-2005 - 00:00
CVE-2004-1187 10.0
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-11
10-09-2008 - 15:29 10-01-2005 - 00:00
CVE-2004-0991 7.5
Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to execute arbitrary code via frame headers in MP2 or MP3 files.
10-09-2008 - 15:28 11-01-2005 - 00:00
CVE-2004-0637 6.5
Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to execute commands with additional privileges via the ctxsys.driload package, which is publicly accessible.
10-09-2008 - 00:00 02-09-2004 - 00:00
CVE-2004-2218 7.5
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
05-09-2008 - 16:43 31-12-2004 - 00:00
CVE-2004-1061 4.3
Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
05-09-2008 - 16:40 04-01-2005 - 00:00
CVE-2004-0820 4.6
Winamp before 5.0.4 allows remote attackers to execute arbitrary script in the Local computer zone via script in HTML files that are referenced from XML files contained in a .wsz skin file.
05-09-2008 - 16:39 28-08-2004 - 00:00
CVE-2004-1366 4.6
Oracle 10g Database Server stores the password for the SYSMAN account in cleartext in the world-readable emoms.properties file, which could allow local users to gain DBA privileges.
05-09-2008 - 00:00 04-08-2004 - 00:00
CVE-2004-0638 8.5
Buffer overflow in the KSDWRTB function in the dbms_system package (dbms_system.ksdwrt) for Oracle 9i Database Server Release 2 9.2.0.3 and 9.2.0.4, 9i Release 1 9.0.1.4 and 9.0.1.5, and 8i Release 1 8.1.7.4, allows remote authorized users to execute
05-09-2008 - 00:00 31-12-2004 - 00:00
Back to Top Mark selected
Back to Top