CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Redhat : Security Vulnerabilities Published In 2004 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-0373 Exec Code Overflow 2004-10-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
2 CVE-2004-0905 Exec Code 2004-09-14 2010-08-21
4.6
User Local Low Not required Partial Partial Partial
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
3 CVE-2004-0904 Exec Code Overflow 2004-12-31 2013-08-02
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to execute arbitrary code via wide bitmap files that trigger heap-based buffer overflows.
4 CVE-2004-0827 DoS Exec Code Overflow 2004-09-16 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
5 CVE-2004-0817 Exec Code Overflow 2004-12-31 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
6 CVE-2004-0803 Exec Code Overflow 2004-12-23 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files.
7 CVE-2004-0802 Exec Code Overflow 2004-12-31 2010-01-28
5.1
User Remote High Not required Partial Partial Partial
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
8 CVE-2004-0619 DoS Exec Code Overflow 2004-12-06 2010-08-21
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
9 CVE-2004-0594 Exec Code 2004-07-27 2010-08-21
5.1
User Remote High Not required Partial Partial Partial
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete.
10 CVE-2004-0557 Exec Code Overflow 2004-08-06 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the st_wavstartread function in wav.c for Sound eXchange (SoX) 12.17.2 through 12.17.4 allow remote attackers to execute arbitrary code via certain WAV file header fields.
11 CVE-2004-0461 DoS Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that enable a denial of service (server crash) and possibly execute arbitrary code.
12 CVE-2004-0460 DoS Exec Code Overflow 2004-08-06 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
13 CVE-2004-0234 119 Exec Code Overflow 2004-08-18 2013-08-18
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
14 CVE-2004-0105 Exec Code Overflow 2004-03-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
15 CVE-2004-0104 Exec Code 2004-03-03 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
Total number of vulnerabilities : 15   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.