| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Unknown vulnerability in Linux before 2.4.26 for IA64 allows local users to cause a denial of service, with unknown impact. NOTE: due to a typo, this issue was accidentally assigned CVE-2004-0477. This is the proper candidate to use for the Linux local DoS. |
| Format string vulnerability in the monitor "memory dump" command in VICE 1.6 to 1.14 allows local users to cause a denial of service (emulator crash) and possibly execute arbitrary code via format string specifiers in an output string. |
| The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. |
| mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. |
| Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file. |
| Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and FireWall-1 NG products, before VPN-1/FireWall-1 R55 HFA-03, R54 HFA-410 and NG FP3 HFA-325, or VPN-1 SecuRemote/SecureClient R56, may allow remote attackers to execute arbitrary code during VPN tunnel negotiation. |
| The showHelp function in Internet Explorer 6 on Windows XP Pro allows remote attackers to execute arbitrary local .CHM files via a double backward slash ("\\") before the target CHM file, as demonstrated using an "ms-its" URL to ntshared.chm. NOTE: this bug may overlap CVE-2003-1041. |
| Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 allows remote attackers to cause a denial of service (reboot or packet loss) via a long string containing Telnet escape characters to the Telnet port. |
| Internet Explorer 6 allows remote attackers to cause a denial of service (crash) via Javascript that creates a new popup window and disables the imagetoolbar functionality with a META tag, which triggers a null dereference. |
| Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote attackers to cause a denial of service (infinite loop) via certain RPC requests. |
| mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference. |
| The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 10.2.8 allows remote attackers to write arbitrary files by causing a disk image file (.dmg) to be mounted as a disk volume. |
| Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information. |
| HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did not initiate, which can allow attackers to execute arbitrary code, an issue that was originally reported as a directory traversal vulnerability in the Safari web browser using the runscript parameter in a help: URI handler. |
| The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors. |
| A certain ActiveX control in Symantec Norton AntiVirus 2004 allows remote attackers to cause a denial of service (resource consumption) and possibly execute arbitrary programs. |
| Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. |
| The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference. |
| Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code. |
| Cross-site scripting (XSS) vulnerability in Polopoly 9 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. NOTE: the vendor has disputed this vulnerability, stating that the "XSS flaw was only part of the custom implementation of the [polopoly] site". As of 20061003, CVE has no further information on this issue, except that the original researcher has a history of testing live sites and assuming that discoveries indicate vulnerabilities in the associated package |
