Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.
Max CVSS
7.2
EPSS Score
0.06%
Published
2005-12-31
Updated
2017-07-20
Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-12-16
Updated
2011-03-08
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Max CVSS
10.0
EPSS Score
0.61%
Published
2005-12-31
Updated
2018-10-19
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
Max CVSS
7.5
EPSS Score
2.59%
Published
2005-04-22
Updated
2016-10-18
Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users.
Max CVSS
7.5
EPSS Score
0.72%
Published
2005-02-22
Updated
2011-03-08
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Max CVSS
7.5
EPSS Score
0.66%
Published
2005-04-27
Updated
2017-10-11
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
Max CVSS
7.5
EPSS Score
10.83%
Published
2005-05-02
Updated
2017-10-11
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.
Max CVSS
10.0
EPSS Score
1.01%
Published
2005-05-02
Updated
2008-09-10
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
Max CVSS
10.0
EPSS Score
0.86%
Published
2005-01-10
Updated
2017-07-11
Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
7.5
EPSS Score
6.49%
Published
2005-04-14
Updated
2017-07-11
fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.
Max CVSS
7.5
EPSS Score
1.04%
Published
2005-04-14
Updated
2017-07-19
The unison command in scponly before 4.0 does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via the (1) -rshcmd or (2) -sshcmd flags.
Max CVSS
7.5
EPSS Score
0.56%
Published
2005-01-10
Updated
2017-07-11
rssh 2.2.2 and earlier does not properly restrict programs that can be run, which could allow remote authenticated users to bypass intended access restrictions and execute arbitrary programs via (1) rdist -P, (2) rsync, or (3) scp -S.
Max CVSS
7.5
EPSS Score
2.15%
Published
2005-01-10
Updated
2016-10-18
The init scripts in ChessBrain 20407 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-01-10
Updated
2017-07-11
The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-01-10
Updated
2017-07-11
The init scripts in Search for Extraterrestrial Intelligence (SETI) project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-01-10
Updated
2017-07-11
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Max CVSS
7.5
EPSS Score
1.98%
Published
2005-01-10
Updated
2021-04-09
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
Max CVSS
10.0
EPSS Score
0.93%
Published
2005-03-01
Updated
2017-07-11

CVE-2004-1037

Public exploit
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
Max CVSS
10.0
EPSS Score
91.20%
Published
2005-03-01
Updated
2017-07-11
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
Max CVSS
10.0
EPSS Score
5.52%
Published
2005-03-01
Updated
2017-07-11
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-03-01
Updated
2017-07-11
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
Max CVSS
9.3
EPSS Score
19.17%
Published
2005-03-01
Updated
2017-10-11
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
Max CVSS
10.0
EPSS Score
5.47%
Published
2005-01-10
Updated
2017-10-11
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
Max CVSS
10.0
EPSS Score
2.21%
Published
2005-01-10
Updated
2017-10-11
Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
Max CVSS
7.5
EPSS Score
0.87%
Published
2005-04-14
Updated
2017-07-11
40 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!