dm-crypt on Linux kernel 2.6.x, when used on certain file systems with a block size 1024 or greater, has certain "IV computation" weaknesses that allow watermarked files to be detected without decryption.
Max CVSS
2.1
EPSS Score
0.07%
Published
2004-02-19
Updated
2016-10-18
Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user. Therefore this issue may be REJECTED in the future.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-02-09
Updated
2017-07-11
eTrust InoculateIT for Linux 6.0 uses insecure permissions for multiple files and directories, including the application's registry and tmp directories, which allows local users to delete, modify, or examine sensitive information.
Max CVSS
4.6
EPSS Score
0.06%
Published
2004-02-09
Updated
2021-04-09
Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly identify systems that have been patched but remain vulnerable to exploit until the system is rebooted, possibly giving the administrator a false sense of security.
Max CVSS
5.0
EPSS Score
0.12%
Published
2004-02-10
Updated
2008-09-05
Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers to determine the existence of arbitrary files via the VBScript LoadPicture method, which returns an error code if the file does not exist.
Max CVSS
5.0
EPSS Score
5.93%
Published
2004-02-07
Updated
2021-07-23
Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command.
Max CVSS
5.0
EPSS Score
0.32%
Published
2004-02-06
Updated
2017-07-11
Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scanning by using a qmail generated Delivery Status Notification (DSN) where the original email is not included in the bounce message.
Max CVSS
5.0
EPSS Score
5.47%
Published
2004-02-12
Updated
2017-07-11
Unknown vulnerability in SandSurfer before 1.7.0 allows remote attackers to gain access as a logged-in user.
Max CVSS
7.5
EPSS Score
2.26%
Published
2004-02-08
Updated
2017-07-11

CVE-2004-2086

Public exploit
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
Max CVSS
5.0
EPSS Score
27.14%
Published
2004-02-06
Updated
2017-07-11
Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.
Max CVSS
4.3
EPSS Score
0.71%
Published
2004-02-04
Updated
2017-07-11
Cross-site scripting (XSS) vulnerability in search.php in JShop E-Commerce Server allows remote attackers to inject arbitrary web script or HTML via the xSearch parameter.
Max CVSS
4.3
EPSS Score
1.17%
Published
2004-02-07
Updated
2017-07-11
Opera Web Browser 7.0 through 7.23 allows remote attackers to trick users into executing a malicious file by embedding a CLSID in the file name, which causes the malicious file to appear as a trusted file type, aka "File Download Extension Spoofing."
Max CVSS
2.6
EPSS Score
0.82%
Published
2004-02-11
Updated
2022-02-28
The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authenticated users to cause a denial of service (pmsystem.exe crash) via a GET request wit a large number of leading "/" (slash) characters.
Max CVSS
5.0
EPSS Score
3.91%
Published
2004-02-13
Updated
2017-07-11
Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spaces in a Service Set Identifier (SSID) to a single space, which prevents Red-Alert from correctly identifying the SSID.
Max CVSS
5.0
EPSS Score
0.77%
Published
2004-02-09
Updated
2017-07-11
Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication to IP addresses, which allows remote attackers to bypass authentication by connecting from the same IP address as an active authenticated user.
Max CVSS
7.5
EPSS Score
1.44%
Published
2004-02-09
Updated
2017-07-11
Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attackers to cause a denial of service (reboot and loss of logged events) via a long request to TCP port 80, possibly triggering a buffer overflow.
Max CVSS
5.0
EPSS Score
6.89%
Published
2004-02-09
Updated
2017-07-11
Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.
Max CVSS
5.0
EPSS Score
6.96%
Published
2004-02-08
Updated
2017-07-11
Linux-VServer 1.24 allows local users with root privileges on a virtual server to gain access to the filesystem outside the virtual server via a modified chroot-again exploit using the chmod command.
Max CVSS
7.2
EPSS Score
0.04%
Published
2004-02-06
Updated
2017-07-11
Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when invoked by conv_lpd, allows local users to overwrite arbitrary files.
Max CVSS
2.1
EPSS Score
0.05%
Published
2004-02-27
Updated
2018-10-30
Windows Media Player 9 allows remote attackers to execute arbitrary code via a PNG file containing large (1) width or (2) height values, aka the "PNG Processing Vulnerability."
Max CVSS
7.5
EPSS Score
37.33%
Published
2004-02-08
Updated
2018-10-12
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
Max CVSS
5.0
EPSS Score
1.78%
Published
2004-02-16
Updated
2018-10-30
mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does not properly verify the nonce of a client response, which allows remote attackers to replay credentials.
Max CVSS
7.5
EPSS Score
0.26%
Published
2004-02-03
Updated
2018-10-30
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 generates easily predictable web session IDs, which allows remote attackers to hijack other sessions via the parentsessionid cookie.
Max CVSS
5.0
EPSS Score
0.36%
Published
2004-02-28
Updated
2008-09-05
WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote attackers to cause a denial of service (hang) via a URL containing an MS-DOS device name such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
Max CVSS
5.0
EPSS Score
2.65%
Published
2004-02-21
Updated
2017-07-11
Confirm 0.62 and earlier could allow remote attackers to execute arbitrary code via an e-mail header that contains shell metacharacters such as ", `, |, ;, or $.
Max CVSS
7.5
EPSS Score
2.69%
Published
2004-02-23
Updated
2017-07-11
91 vulnerabilities found
1 2 3 4
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!