Security Vulnerabilities, CVEs, Published In May 2004 CVSS score >= 8
The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH.
Max CVSS
10.0
EPSS Score
0.88%
Published
2004-05-06
Updated
2017-07-11
The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password.
Max CVSS
10.0
EPSS Score
18.31%
Published
2004-05-04
Updated
2017-07-11
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
Max CVSS
10.0
EPSS Score
28.71%
Published
2004-05-04
Updated
2017-07-11
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Max CVSS
10.0
EPSS Score
96.59%
Published
2004-05-04
Updated
2018-10-12
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
Max CVSS
10.0
EPSS Score
3.49%
Published
2004-05-04
Updated
2017-07-11
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet.
Max CVSS
10.0
EPSS Score
85.17%
Published
2004-05-04
Updated
2017-10-11
isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a denial of service via an ISAKMP packet with a malformed Cert Request payload, which causes an integer underflow that is used in a malloc operation that is not properly handled, as demonstrated by the Striker ISAKMP Protocol Test Suite.
Max CVSS
10.0
EPSS Score
1.76%
Published
2004-05-04
Updated
2017-07-11
Multiple buffer overflows in ecartis before 1.0.0 allow attackers to cause a denial of service and possibly execute arbitrary code.
Max CVSS
10.0
EPSS Score
0.32%
Published
2004-05-04
Updated
2017-07-11
Unknown vulnerability in ecartis before 1.0.0 does not properly validate user input, which allows attackers to obtain mailing list passwords.
Max CVSS
10.0
EPSS Score
0.23%
Published
2004-05-04
Updated
2017-07-11
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code.
Max CVSS
10.0
EPSS Score
0.23%
Published
2004-05-04
Updated
2017-07-11
10 vulnerabilities found