Security Vulnerabilities, CVEs, Published In January 2004 CVSS score >= 6

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.

Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildTangent Web Driver 4.0 allows remote attackers to execute arbitrary code via a long filename.

SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable.

Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.

The default installation of Cisco voice products, when running the IBM Director Agent on IBM servers before OS 2000.2.6, does not require authentication, which allows remote attackers to gain administrator privileges by connecting to TCP port 14247.

FirstClass Desktop Client 7.1 allows remote attackers to execute arbitrary commands via hyperlinks in FirstClass RTF messages.

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.

PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.

PHP remote file inclusion vulnerability in (1) functions.php, (2) authentication_index.php, and (3) config_gedcom.php for PHPGEDVIEW 2.61 allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains the code.

Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier allows remote web servers to execute arbitrary code via certain long strings.

Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.

Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct drag and drop behaviors and other mouse click actions to other windows by using method caching (SaveRef) to access the window.moveBy method, which is otherwise inaccessible, as demonstrated by HijackClickV2, a different vulnerability than CVE-2003-0823, aka the "Function Pointer Drag and Drop Vulnerability."

Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass zone restrictions via a javascript protocol URL in a sub-frame, which is added to the history list and executed in the top window's zone when the history.back (back) function is called, as demonstrated by BackToFramedJpu, aka the "Travel Log Cross Domain Vulnerability."

Unknown vulnerability in the ls-F builtin function in tcsh on Solaris 8 allows local users to create or delete files as other users, and gain privileges.

Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.

The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows remote attackers to cause a denial of service (crash) via a malformed Q.931, which triggers a null dereference.

Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.

xchat 2.0.6 allows remote attackers to cause a denial of service (crash) via a passive DCC request with an invalid ID number, which causes a null dereference.

Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint library in Solaris 2.6 through 9 may allow attackers to execute arbitrary code or read or write arbitrary files.

Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows remote attackers to cause a denial of service (RPC service crash) via a queue registration request.

The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.