redhat/fedora_core: The latest CVE Vulnerabilities and Exploits for Penetration Test

Last Updated: 2023-05-04

Page content

redhat/fedora_core Vulnerability Summary

Vendor name: redhat
Product name: fedora_core
Total vulnerabilities: 83 (as 2023-05-04)

redhat/fedora_core Vulnerability List

CVE-2008-2944: Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat…

Published: 2008-06-30T21:41:00 Last Modified: 2022-02-07T19:50:00

Summary

Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.

Common Weakness Enumeration (CWE): CWE-415: Double Free

CWE Description: The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2008-2944 vulnerability.

References

CVE-2007-6283: Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable…

Published: 2007-12-18T01:46:00 Last Modified: 2022-02-03T17:19:00

Summary

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.

Common Weakness Enumeration (CWE): CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE Description: Separate mistakes or weaknesses could inadvertently make the sensitive information available to an attacker, such as in a detailed error message that can be read by an unauthorized party

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2007-6283 vulnerability.

References

CVE-2007-6131: buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a…

Published: 2007-11-26T22:46:00 Last Modified: 2011-03-08T03:01:00

Summary

buttonpressed.sh in scanbuttond 0.2.3 allows local users to overwrite arbitrary files via a symlink attack on the (1) scan.pnm and (2) scan.jpg temporary files.

Common Weakness Enumeration (CWE): CWE-16: Configuration

CWE Description: This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2007-6131 vulnerability.

References

CVE-2007-2874: Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora…

Published: 2007-07-27T21:30:00 Last Modified: 2011-03-08T02:55:00

Summary

Buffer overflow in the wpa_printf function in the debugging code in wpa_supplicant in the Fedora NetworkManager package before 0.6.5-3.fc7 allows user-assisted remote attackers to execute arbitrary code via malformed frames on a WPA2 network. NOTE: some of these details are obtained from third party information.

Scores

Impact Score: 4.9
Exploitability Score: 8.6
CVSS: 5.8
CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2007-2874 vulnerability.

References

CVE-2007-3103: The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow…

Published: 2007-07-15T22:30:00 Last Modified: 2018-10-16T16:47:00

Summary

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.

Common Weakness Enumeration (CWE): CWE-59: Improper Link Resolution Before File Access (‘Link Following’)

CWE Description: The software attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2007-3103 vulnerability.

X.Org xorg-x11-xfs 1.0.2-3.1 - Local Race Condition by vl4dZ at 2008-02-21

References

CVE-2007-2030: lharc.c in lha does not securely create temporary files, which might allow local users to read or…

Published: 2007-04-16T20:19:00 Last Modified: 2017-07-29T01:31:00

Summary

lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N

Impact

Availability: NONE
Confidentiality: COMPLETE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2007-2030 vulnerability.

References

CVE-2007-1352: Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows…

Published: 2007-04-06T01:19:00 Last Modified: 2018-10-16T16:38:00

Summary

Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.

Scores

Impact Score: 4.9
Exploitability Score: 4.4
CVSS: 3.8
CVSS Vector: AV:A/AC:M/Au:S/C:N/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: MEDIUM
Vector: ADJACENT_NETWORK

Currently, there is no code for exploiting the CVE-2007-1352 vulnerability.

References

CVE-2006-6235: A “stack overwrite” vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0…

Published: 2006-12-07T11:28:00 Last Modified: 2018-10-17T21:47:00

Summary

A “stack overwrite” vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-6235 vulnerability.

References

CVE-2006-5701: Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5…

Published: 2006-11-03T23:07:00 Last Modified: 2017-07-20T01:33:00

Summary

Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

Scores

Impact Score: 6.9
Exploitability Score: 3.9
CVSS: 4.9
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2006-5701 vulnerability.

Linux Kernel 2.6.x - SquashFS Double-Free Denial of Service by LMH at 2006-11-02

References

CVE-2006-5170: pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other…

Published: 2006-10-10T04:06:00 Last Modified: 2022-02-03T17:19:00

Summary

pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-5170 vulnerability.

References

CVE-2006-0745: X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the…

Published: 2006-03-21T02:06:00 Last Modified: 2018-10-19T15:46:00

Summary

X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2006-0745 vulnerability.

X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation by H D Moore at 2006-03-20

References

CVE-2006-0452: dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause…

Published: 2006-02-14T22:06:00 Last Modified: 2017-07-20T01:29:00

Summary

dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of “,” (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-0452 vulnerability.

References

CVE-2006-0451: Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers…

Published: 2006-02-14T22:06:00 Last Modified: 2017-07-20T01:29:00

Summary

Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-0451 vulnerability.

References

CVE-2006-0453: The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of…

Published: 2006-02-14T22:06:00 Last Modified: 2017-07-20T01:29:00

Summary

The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain “bad BER sequence” that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.

Scores

Impact Score: 6.9
Exploitability Score: 10.0
CVSS: 7.8
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact

Availability: COMPLETE
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2006-0453 vulnerability.

References

CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml,…

Published: 2005-12-31T05:00:00 Last Modified: 2018-10-19T15:37:00

Summary

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Common Weakness Enumeration (CWE): CWE-189: Numeric Errors

CWE Description: Weaknesses in this category are related to improper calculation or conversion of numbers.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3624 vulnerability.

References

CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and…

Published: 2005-12-31T05:00:00 Last Modified: 2018-10-19T15:37:00

Summary

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3626 vulnerability.

References

CVE-2005-3630: Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such…

Published: 2005-12-31T05:00:00 Last Modified: 2008-09-05T20:54:00

Summary

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders “allow” directives before “deny” directives.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3630 vulnerability.

References

CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and…

Published: 2005-12-31T05:00:00 Last Modified: 2018-10-19T15:37:00

Summary

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka “Infinite CPU spins.”

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-3625 vulnerability.

References

CVE-2005-1267: The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the…

Published: 2005-06-10T04:00:00 Last Modified: 2018-10-19T15:31:00

Summary

The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2005-1267 vulnerability.

Tcpdump - bgp_update_print Remote Denial of Service by simon at 2005-06-09

References

CVE-2005-0085: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote…

Published: 2005-04-27T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0085 vulnerability.

References

CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete…

Published: 2005-04-27T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0206 vulnerability.

References

CVE-2005-0754: Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user,…

Published: 2005-04-22T04:00:00 Last Modified: 2016-10-18T03:14:00

Summary

Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0754 vulnerability.

References

CVE-2005-0004: The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and…

Published: 2005-04-14T04:00:00 Last Modified: 2019-12-17T17:12:00

Summary

The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2005-0004 vulnerability.

References

CVE-2004-1235: Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux…

Published: 2005-04-14T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

Scores

Impact Score: 10.0
Exploitability Score: 1.9
CVSS: 6.2
CVSS Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: HIGH
Vector: LOCAL

Exploits Database (Total Exploits Count: 3)

Code designed for conducting penetration testing on CVE-2004-1235 vulnerability.

References

CVE-2005-0750: The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1…

Published: 2005-03-27T05:00:00 Last Modified: 2017-10-11T01:30:00

Summary

The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 4)

Code designed for conducting penetration testing on CVE-2005-0750 vulnerability.

References

CVE-2005-0736: Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local…

Published: 2005-03-09T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2005-0736 vulnerability.

References

CVE-2005-0667: Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers…

Published: 2005-03-07T05:00:00 Last Modified: 2008-09-05T20:46:00

Summary

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0667 vulnerability.

References

CVE-2005-0109: Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel…

Published: 2005-03-05T05:00:00 Last Modified: 2018-10-16T12:06:00

Summary

Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Scores

Impact Score: 6.9
Exploitability Score: 3.4
CVSS: 4.7
CVSS Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Impact

Availability: NONE
Confidentiality: COMPLETE
Integrity: NONE

Access

Authentication: NONE
Complexity: MEDIUM
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2005-0109 vulnerability.

References

CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value…

Published: 2005-03-02T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0605 vulnerability.

References

CVE-2004-0989: Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may…

Published: 2005-03-01T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0989 vulnerability.

Libxml2 - Multiple Remote Stack Buffer Overflow Vulnerabilities by Sean at 2004-10-26

References

CVE-2004-0986: Iptables before 1.2.11, under certain conditions, does not properly load the required modules at…

Published: 2005-03-01T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0986 vulnerability.

References

CVE-2004-0974: The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating…

Published: 2005-02-09T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0974 vulnerability.

References

CVE-2004-0960: FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via…

Published: 2005-02-09T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0960 vulnerability.

References

CVE-2004-0961: Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service…

Published: 2005-02-09T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0961 vulnerability.

References

CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support…

Published: 2005-02-07T05:00:00 Last Modified: 2018-08-13T21:47:00

Summary

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2005-0156 vulnerability.

Setuid perl - 'PerlIO_Debug()' Local Overflow by Kevin Finisterre at 2005-02-07

References

CVE-2004-0902: Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla…

Published: 2005-01-27T05:00:00 Last Modified: 2018-05-03T01:29:00

Summary

Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the “Send page” functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0902 vulnerability.

References

CVE-2004-0930: The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other versions allows remote authenticated users to cause a denial of service (CPU consumption) via a SAMBA request that contains multiple * (wildcard) characters.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0930 vulnerability.

References

CVE-2004-0918: The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.

Common Weakness Enumeration (CWE): CWE-399: Resource Management Errors

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0918 vulnerability.

References

CVE-2004-0882: Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow…

Published: 2005-01-27T05:00:00 Last Modified: 2018-10-30T16:25:00

Summary

Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small “maximum data bytes” value.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0882 vulnerability.

References

CVE-2004-0886: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0886 vulnerability.

References

CVE-2004-0888: Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0888 vulnerability.

References

CVE-2004-0903: Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox…

Published: 2005-01-27T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0903 vulnerability.

References

CVE-2004-0889: Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow…

Published: 2005-01-27T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0889 vulnerability.

References

CVE-2004-1184: The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute…

Published: 2005-01-21T05:00:00 Last Modified: 2018-10-19T15:30:00

Summary

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1184 vulnerability.

References

CVE-2004-0883: Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 allow remote samba servers to cause a denial of service (crash) or gain sensitive information from kernel memory via a samba server (1) returning more data than requested to the smb_proc_read function, (2) returning a data offset from outside the samba packet to the smb_proc_readX function, (3) sending a certain TRANS2 fragmented packet to the smb_receive_trans2 function, (4) sending a samba packet with a certain header size to the smb_proc_readX_data function, or (5) sending a certain packet based offset for the data in a packet to the smb_receive_trans2 function.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0883 vulnerability.

References

CVE-2004-1158: Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the “window injection” vulnerability.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1158 vulnerability.

References

CVE-2004-1269: lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1269 vulnerability.

Easy Software Products LPPassWd 1.1.22 - Resource Limit Denial of Service by Bartlomiej Sieka at 2004-12-11

References

CVE-2004-1011: Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1011 vulnerability.

References

CVE-2004-1071: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly handle a failed call to the mmap function, which causes an incorrect mapped image and may allow local users to execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1071 vulnerability.

References

CVE-2004-1013: The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote…

Published: 2005-01-10T05:00:00 Last Modified: 2016-12-08T02:59:00

Summary

The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) “body[p”, (2) “binary[p”, or (3) “binary[p”) that cause an index increment error that leads to an out-of-bounds memory corruption.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1013 vulnerability.

References

CVE-2004-1073: The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1073 vulnerability.

Linux Kernel 2.4.27/2.6.8 - 'binfmt_elf' Executable File Read by Paul Starzetz at 2004-11-10

References

CVE-2004-1171: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user’s .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1171 vulnerability.

References

CVE-2004-1268: lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1268 vulnerability.

References

CVE-2004-0914: Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE’s content decisions.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0914 vulnerability.

References

CVE-2004-1015: Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1015 vulnerability.

References

CVE-2004-1070: The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, does not properly check return values from calls to the kernel_read function, which may allow local users to modify sensitive memory in a setuid program and execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1070 vulnerability.

References

CVE-2004-1154: Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-30T16:25:00

Summary

Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1154 vulnerability.

References

CVE-2004-0949: The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The smb_recv_trans2 function call in the samba filesystem (smbfs) in Linux kernel 2.4 and 2.6 does not properly handle the re-assembly of fragmented packets correctly, which could allow remote samba servers to (1) read arbitrary kernel information or (2) raise a counter value to an arbitrary number by sending the first part of the fragmented packet multiple times.

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0949 vulnerability.

References

CVE-2004-1012: The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command (“body[p”) that is treated as a different command (“body.peek”) and causes an index increment error that leads to an out-of-bounds memory corruption.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1012 vulnerability.

References

CVE-2004-1067: Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads…

Published: 2005-01-10T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1067 vulnerability.

References

CVE-2004-1072: The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8,…

Published: 2005-01-10T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, may create an interpreter name string that is not NULL terminated, which could cause strings longer than PATH_MAX to be used, leading to buffer overflows that allow local users to cause a denial of service (hang) and possibly execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1072 vulnerability.

References

CVE-2004-1267: Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 6.4
Exploitability Score: 8.0
CVSS: 6.5
CVSS Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: SINGLE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1267 vulnerability.

CUPS 1.1.x - '.HPGL' File Processor Buffer Overflow by Ariel Berkman at 2004-12-15

References

CVE-2004-1270: lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1,…

Published: 2005-01-10T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N

Impact

Availability: NONE
Confidentiality: NONE
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-1270 vulnerability.

References

CVE-2004-0802: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute…

Published: 2004-12-31T05:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0802 vulnerability.

References

CVE-2004-0817: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to…

Published: 2004-12-31T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0817 vulnerability.

References

CVE-2004-0904: Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release,…

Published: 2004-12-31T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0904 vulnerability.

References

CVE-2004-0803: Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier,…

Published: 2004-12-23T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0803 vulnerability.

References

CVE-2004-1333: Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows…

Published: 2004-12-15T05:00:00 Last Modified: 2018-10-03T21:29:00

Summary

Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1333 vulnerability.

Linux Kernel 2.4.28/2.6.9 - vc_resize int Local Overflow by Georgi Guninski at 2004-12-16

References

CVE-2004-1335: Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users…

Published: 2004-12-15T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-1335 vulnerability.

Linux Kernel 2.4.28/2.6.9 - 'ip_options_get' Local Overflow by Georgi Guninski at 2004-12-16

References

CVE-2004-0619: Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows…

Published: 2004-12-06T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.

Scores

Impact Score: 10.0
Exploitability Score: 3.9
CVSS: 7.2
CVSS Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0619 vulnerability.

References

CVE-2004-0415: Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local…

Published: 2004-11-23T05:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0415 vulnerability.

Linux Kernel 2.4.26 - File Offset Pointer Handling Memory Disclosure by Paul Starzetz at 2004-08-04

References

CVE-2004-1613: Mozilla allows remote attackers to cause a denial of service (application crash from null…

Published: 2004-10-18T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

Scores

Impact Score: 2.9
Exploitability Score: 10.0
CVSS: 5.0
CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-1613 vulnerability.

References

CVE-2005-0373: Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in…

Published: 2004-10-07T04:00:00 Last Modified: 2017-07-11T01:32:00

Summary

Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2005-0373 vulnerability.

References

CVE-2004-0827: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before…

Published: 2004-09-16T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

Scores

Impact Score: 6.4
Exploitability Score: 10.0
CVSS: 7.5
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0827 vulnerability.

References

CVE-2004-0905: Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8…

Published: 2004-09-14T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.

Scores

Impact Score: 6.4
Exploitability Score: 3.9
CVSS: 4.6
CVSS Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0905 vulnerability.

References

CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as…

Published: 2004-08-18T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

Common Weakness Enumeration (CWE): CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE Description: The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0234 vulnerability.

References

CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to…

Published: 2004-08-18T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

Scores

Impact Score: 4.9
Exploitability Score: 10.0
CVSS: 6.4
CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

Impact

Availability: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0235 vulnerability.

References

CVE-2004-0461: The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that…

Published: 2004-08-06T04:00:00 Last Modified: 2017-07-11T01:30:00

Summary

The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0461 vulnerability.

References

CVE-2004-0460: Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and…

Published: 2004-08-06T04:00:00 Last Modified: 2017-07-11T01:30:00

Summary

Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Currently, there is no code for exploiting the CVE-2004-0460 vulnerability.

References

CVE-2004-0557: Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX)…

Published: 2004-08-06T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.

Scores

Impact Score: 10.0
Exploitability Score: 10.0
CVSS: 10.0
CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Impact

Availability: COMPLETE
Confidentiality: COMPLETE
Integrity: COMPLETE

Access

Authentication: NONE
Complexity: LOW
Vector: NETWORK

Exploits Database (Total Exploits Count: 2)

Code designed for conducting penetration testing on CVE-2004-0557 vulnerability.

References

CVE-2004-0587: Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to…

Published: 2004-08-06T04:00:00 Last Modified: 2017-10-11T01:29:00

Summary

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

Scores

Impact Score: 2.9
Exploitability Score: 3.9
CVSS: 2.1
CVSS Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P

Impact

Availability: PARTIAL
Confidentiality: NONE
Integrity: NONE

Access

Authentication: NONE
Complexity: LOW
Vector: LOCAL

Currently, there is no code for exploiting the CVE-2004-0587 vulnerability.

References

CVE-2004-0595: The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0)…

Published: 2004-07-27T04:00:00 Last Modified: 2018-10-30T16:25:00

Summary

The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, does not filter null (\0) characters within tag names when restricting input to allowed tags, which allows dangerous tags to be processed by web browsers such as Internet Explorer and Safari, which ignore null characters and facilitate the exploitation of cross-site scripting (XSS) vulnerabilities.

Scores

Impact Score: 6.4
Exploitability Score: 8.6
CVSS: 6.8
CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: MEDIUM
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0595 vulnerability.

PHP 4.x/5.0 - 'Strip_Tags()' Function Bypass by Stefan Esser at 2004-07-14

References

CVE-2004-0594: The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain…

Published: 2004-07-27T04:00:00 Last Modified: 2018-10-30T16:25:00

Summary

The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.

Scores

Impact Score: 6.4
Exploitability Score: 4.9
CVSS: 5.1
CVSS Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Impact

Availability: PARTIAL
Confidentiality: PARTIAL
Integrity: PARTIAL

Access

Authentication: NONE
Complexity: HIGH
Vector: NETWORK

Exploits Database (Total Exploits Count: 1)

Code designed for conducting penetration testing on CVE-2004-0594 vulnerability.

PHP 4.3.7/5.0.0RC3 - 'memory_limit' Remote Overflow by Gyan Chawdhary at 2004-11-27

References