Security Vulnerabilities, CVEs, Published In 2004 (Code Execution) CVSS score >= 9

Multiple stack-based buffer overflows in Sybase Adaptive Server Enterprise (ASE) 12.x before 12.5.3 ESD#1 allow remote authenticated users to execute arbitrary code via the (1) attrib_valid function, (2) covert function, (3) declare statement, or (4) a crafted query plan, or remote authenticated users with database owner or "sa" role privileges to execute arbitrary code via (5) a crafted install java statement.

Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.

Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code.

Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 allows remote attackers to execute arbitrary code via a long SELECT command.

Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.

Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earlier allow remote attackers to execute arbitrary code via a GET request with a long ftp:// URL.

Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.

Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.

Multiple stack-based buffer overflows in Agent Common Services (1) cam.exe and (2) awservices.exe in Unicenter TNG 2.4 allow remote attackers to execute arbitrary code.

The login page for cPanel 9.1.0, and possibly other versions, allows remote attackers to execute arbitrary code via shell metacharacters in the user parameter.

The "Allow cPanel users to reset their password via email" feature in cPanel 9.1.0 build 34 and earlier, including 8.x, allows remote attackers to execute arbitrary code via the user parameter to resetpass.

Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 (build 91) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long project name.

Heap-based buffer overflow in the AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 allows remote attackers to execute arbitrary code via a long SAUTH command during RSA authentication.

Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.

Format string vulnerability in log.c in rssh before 2.2.2 allows remote authenticated users to execute arbitrary code.

Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 allow remote attackers to execute arbitrary code via a long argument to the (1) -F, (2) name, (3) en, (4) upscript, (5) downscript, (6) retries, (7) timeout, (8) scriptdetach, (9) noscript, (10) nodetach, (11) remote_mac, or (12) local_mac flags.

Stack-based buffer overflow in Oracle 9i and 10g allows remote attackers to execute arbitrary code via a long token in the text of a wrapped procedure.

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed.

Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 through 9 allows remote attackers to execute arbitrary code.

Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code.

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."

Internet Explorer 6.x on Windows XP SP2 allows remote attackers to execute arbitrary code, as demonstrated using a document with a draggable file type such as .xml, .doc, .py, .cdf, .css, .pdf, or .ppt, and using ADODB.Connection and ADODB.recordset to write to a .hta file that is interpreted in the Local Zone by HTML Help.

Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.

The SMTP (Simple Mail Transfer Protocol) component of Microsoft Windows XP 64-bit Edition, Windows Server 2003, Windows Server 2003 64-bit Edition, and the Exchange Routing Engine component of Exchange Server 2003, allows remote attackers to execute arbitrary code via a malicious DNS response message containing length values that are not properly validated.

Buffer overflow in the mysql_real_connect function in MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows remote DNS servers to cause a denial of service and possibly execute arbitrary code via a DNS response with a large address length (h_length).