LanGuard reports



Supported OVAL Bulletins


More information on 2020 updates



ID:
CVE-2004-2556
Title:
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
Type:
Hardware
Bulletins:
CVE-2004-2556
SFBID10459
Severity:
Medium
Description:
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
Applies to:
Netgear Wireless AP WG602
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-2557
Title:
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Type:
Hardware
Bulletins:
CVE-2004-2557
SFBID10459
Severity:
Medium
Description:
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Applies to:
Netgear Wireless AP WG602
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-2507
Title:
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Type:
Hardware
Bulletins:
CVE-2004-2507
SFBID10476
Severity:
Medium
Description:
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Applies to:
wvc11b
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-2508
Title:
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
Type:
Hardware
Bulletins:
CVE-2004-2508
SFBID10533
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
Applies to:
wvc11b
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-2606
Title:
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Type:
Hardware
Bulletins:
CVE-2004-2606
SFBID10441
Severity:
High
Description:
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Applies to:
befsr41 v3
wrt54g
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-2377
Title:
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Type:
Hardware
Bulletins:
CVE-2004-2377
SFBID9745
Severity:
Medium
Description:
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Applies to:
OmniSwitch 7800
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-0467
Title:
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at...
Type:
Hardware
Bulletins:
CVE-2004-0467
SFBID12379
Severity:
Medium
Description:
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed.
Applies to:
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-1446
Title:
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Type:
Hardware
Bulletins:
CVE-2004-1446
SFBID10854
Severity:
Medium
Description:
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Applies to:
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-2691
Title:
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this...
Type:
Hardware
Bulletins:
CVE-2004-2691
Severity:
High
Description:
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
Applies to:
3Com SS3-4400-24PWR
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-1454
Title:
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
Type:
Hardware
Bulletins:
CVE-2004-1454
SFBID10971
Severity:
Medium
Description:
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
Applies to:
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-1464
Title:
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Type:
Hardware
Bulletins:
CVE-2004-1464
SFBID11060
Severity:
Medium
Description:
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Applies to:
Created:
2004-12-31
Updated:
2020-08-14

ID:
CVE-2004-1775
Title:
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
Type:
Hardware
Bulletins:
CVE-2004-1775
SFBID5030
Severity:
Medium
Description:
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
Applies to:
Created:
2004-12-31
Updated:
2020-08-14

ID:
MITRE:5070
Title:
oval:org.mitre.oval:def:5070: Windows NT NNTP Component Buffer Overflow
Type:
Services
Bulletins:
MITRE:5070
CVE-2004-0574
Severity:
Low
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-12-09
Updated:
2020-08-13

ID:
MITRE:4392
Title:
oval:org.mitre.oval:def:4392: Windows Server 2003 NNTP Component Buffer Overflow
Type:
Services
Bulletins:
MITRE:4392
CVE-2004-0574
Severity:
Low
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-12-09
Updated:
2020-01-23

ID:
MITRE:5926
Title:
oval:org.mitre.oval:def:5926: Windows 2000 NNTP Component Buffer Overflow
Type:
Services
Bulletins:
MITRE:5926
CVE-2004-0574
Severity:
Low
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-12-09
Updated:
2020-01-23

ID:
CVE-2004-0611
Title:
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Type:
Hardware
Bulletins:
CVE-2004-0611
SFBID10585
Severity:
Medium
Description:
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Applies to:
FVS318v3 Firewall
Created:
2004-12-06
Updated:
2020-08-14

ID:
CVE-2004-0615
Title:
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a...
Type:
Hardware
Bulletins:
CVE-2004-0615
SFBID10587
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
Applies to:
DI-614+B
DI-624
DI-704P
Created:
2004-12-06
Updated:
2020-08-14

ID:
CVE-2004-0468
Title:
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
Type:
Hardware
Bulletins:
CVE-2004-0468
Severity:
Medium
Description:
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
Applies to:
Created:
2004-12-06
Updated:
2020-08-14

ID:
CVE-2004-0312
Title:
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
Type:
Hardware
Bulletins:
CVE-2004-0312
SFBID9688
Severity:
Medium
Description:
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
Applies to:
wap55ag
Created:
2004-11-23
Updated:
2020-08-14

ID:
CVE-2004-0244
Title:
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet,...
Type:
Hardware
Bulletins:
CVE-2004-0244
SFBID9562
Severity:
Medium
Description:
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
Applies to:
Created:
2004-11-23
Updated:
2020-08-14

ID:
CVE-2004-0352
Title:
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
Type:
Hardware
Bulletins:
CVE-2004-0352
SFBID9806
Severity:
Medium
Description:
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
Applies to:
Cisco CSS 11050 Content Services Switch
Cisco CSS 11100 Content Services Switch Series
Cisco CSS 11150 Content Services Switch
Cisco CSS 11800 Content Services Switch
Created:
2004-11-23
Updated:
2020-08-14

ID:
MITRE:188
Title:
oval:org.mitre.oval:def:188: MS Word Macro Security Bypass Vulnerability
Type:
Software
Bulletins:
MITRE:188
CVE-2003-0664
Severity:
High
Description:
Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document.
Applies to:
Microsoft Word 2000
Microsoft Word 2002
Microsoft Word 97
Created:
2004-09-29
Updated:
2018-09-11

ID:
CVE-2004-1650
Title:
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Type:
Hardware
Bulletins:
CVE-2004-1650
SFBID11072
Severity:
High
Description:
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Applies to:
DCS-900
Created:
2004-08-31
Updated:
2020-08-14

ID:
CVE-2004-0580
Title:
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
Type:
Hardware
Bulletins:
CVE-2004-0580
SFBID10329
Severity:
Medium
Description:
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
Applies to:
BEFSR41
BEFSR81
BEFSX41
BEFVP41
befsr11
befsr41w
befsru31
wap55ag
wrt54g
Created:
2004-08-06
Updated:
2020-08-14

ID:
CVE-2004-0661
Title:
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid...
Type:
Hardware
Bulletins:
CVE-2004-0661
SFBID10621
Severity:
Medium
Description:
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
Applies to:
DI-604
DI-614+B
DI-624
Created:
2004-08-06
Updated:
2020-08-14

ID:
CVE-2004-0551
Title:
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the...
Type:
Hardware
Bulletins:
CVE-2004-0551
Severity:
Medium
Description:
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
Applies to:
Cisco Catalyst 2902 Switch
Cisco Catalyst 2926 Switch
Cisco Catalyst 2926GL Switch
Cisco Catalyst 2948G-GE-TX Switch
Cisco Catalyst 2980G Switch
Cisco Catalyst 2980G-A...
Cisco Catalyst C2948G-L3 Ethernet Switch
Created:
2004-08-06
Updated:
2020-08-14

ID:
CVE-2004-0589
Title:
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
Type:
Hardware
Bulletins:
CVE-2004-0589
Severity:
Medium
Description:
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
Applies to:
Created:
2004-08-06
Updated:
2020-08-14

ID:
CVE-2004-0710
Title:
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of...
Type:
Hardware
Bulletins:
CVE-2004-0710
SFBID10083
Severity:
Medium
Description:
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
Applies to:
Created:
2004-07-27
Updated:
2020-08-14

ID:
MITRE:2190
Title:
oval:org.mitre.oval:def:2190: Windows XP (32-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2190
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2020-01-23

ID:
MITRE:2413
Title:
oval:org.mitre.oval:def:2413: Windows XP (64-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2413
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2020-01-23

ID:
MITRE:2516
Title:
oval:org.mitre.oval:def:2516: Windows Server 2003 (32-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2516
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2020-01-23

ID:
MITRE:2705
Title:
oval:org.mitre.oval:def:2705: Windows XP/Server 2003 DirectPlay Denial of Service
Type:
Software
Bulletins:
MITRE:2705
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-07-21
Updated:
2020-01-23

ID:
CVE-2002-0082
Title:
mod_ssl is old
Type:
Services
Bulletins:
CVE-2002-0082
SFBID10736
Severity:
High
Description:
mod ssl older than 2.8.7 have a buffer over which could allow users to gain a shell remotely.
Applies to:
Apache
Created:
2004-07-16
Updated:
2010-08-21

ID:
CVE-2004-0595
Title:
PHP older than 4.3.8
Type:
Services
Bulletins:
CVE-2004-0595
SFBID10724
Severity:
Medium
Description:
PHP older than 4.3.8 is vulnerable to a remote code execution vulnerability.
Applies to:
PHP
Created:
2004-07-14
Updated:
2010-08-21

ID:
MITRE:1027
Title:
oval:org.mitre.oval:def:1027: Windows 2000 DirectPlay Denial of Service
Type:
Miscellaneous
Bulletins:
MITRE:1027
CVE-2004-0202
Severity:
Medium
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
Microsoft DirectPlay
Created:
2004-07-12
Updated:
2020-01-23

ID:
MITRE:958
Title:
oval:org.mitre.oval:def:958: Windows XP RPCSS Service DCOM Activation Denial of Service
Type:
Software
Bulletins:
MITRE:958
CVE-2004-0116
Severity:
Medium
Description:
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
Applies to:
Created:
2004-06-16
Updated:
2020-08-13

ID:
MITRE:900
Title:
oval:org.mitre.oval:def:900: Windows XP RPCSS DCOM Buffer Overflow
Type:
Software
Bulletins:
MITRE:900
CVE-2003-0813
Severity:
Medium
Description:
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
Applies to:
Created:
2004-06-16
Updated:
2020-08-13

ID:
MITRE:1014
Title:
oval:org.mitre.oval:def:1014: IE File Download Dialog Deception Vulnerability
Type:
Web
Bulletins:
MITRE:1014
CVE-2001-0875
Severity:
Low
Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2020-01-23

ID:
MITRE:921
Title:
oval:org.mitre.oval:def:921: IE File Execution User-prompt Bypass Vulnerability
Type:
Web
Bulletins:
MITRE:921
CVE-2001-0727
Severity:
Low
Description:
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2020-01-23

ID:
MITRE:925
Title:
oval:org.mitre.oval:def:925: MS IE HTML Directive Buffer Overflow
Type:
Web
Bulletins:
MITRE:925
CVE-2002-0022
Severity:
High
Description:
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2020-01-23

ID:
MITRE:974
Title:
oval:org.mitre.oval:def:974: IE Frame Domain Verification Vulnerability
Type:
Web
Bulletins:
MITRE:974
CVE-2002-0027
Severity:
High
Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
Applies to:
Microsoft Internet Explorer
Created:
2004-06-16
Updated:
2020-01-23

ID:
CVE-2004-0413
Title:
Subversion version older than 1.0.5
Type:
Services
Bulletins:
CVE-2004-0413
SFBID10519
Severity:
Low
Description:
Additional Bugtraq IDs: http://www.securityfocus.com/bid/10386 http://www.securityfocus.com/bid/10428
Applies to:
Subversion
Created:
2004-06-11
Updated:
2010-08-21

ID:
MITRE:990
Title:
oval:org.mitre.oval:def:990: Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability
Type:
Mail
Bulletins:
MITRE:990
CVE-2004-0380
Severity:
Low
Description:
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Applies to:
Microsoft Outlook Express
Created:
2004-05-25
Updated:
2020-01-23

ID:
MITRE:946
Title:
oval:org.mitre.oval:def:946: Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:946
CVE-2004-0117
Severity:
High
Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
Applies to:
Created:
2004-05-25
Updated:
2020-08-13

ID:
MITRE:885
Title:
oval:org.mitre.oval:def:885: Windows Server 2003 SSL Library Denial of Service
Type:
Software
Bulletins:
MITRE:885
CVE-2004-0120
Severity:
Medium
Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
Applies to:
Created:
2004-05-25
Updated:
2020-08-13

ID:
MITRE:886
Title:
oval:org.mitre.oval:def:886: Windows XP SSL Library Denial of Service
Type:
Software
Bulletins:
MITRE:886
CVE-2004-0120
Severity:
Medium
Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
Applies to:
Created:
2004-05-25
Updated:
2020-08-13

ID:
MITRE:898
Title:
oval:org.mitre.oval:def:898: Windows XP LSASS Buffer Overflow
Type:
Software
Bulletins:
MITRE:898
CVE-2003-0533
Severity:
High
Description:
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Applies to:
Created:
2004-05-25
Updated:
2020-08-13

ID:
MITRE:919
Title:
oval:org.mitre.oval:def:919: Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability
Type:
Software
Bulletins:
MITRE:919
CVE-2003-0533
Severity:
High
Description:
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Applies to:
Created:
2004-05-25
Updated:
2020-08-13

ID:
MITRE:964
Title:
oval:org.mitre.oval:def:964: Windows XP H.323 Protocol Remote Code Execution Vulnerability
Type:
Software
Bulletins:
MITRE:964
CVE-2004-0117
Severity:
High
Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
Applies to:
Created:
2004-05-25
Updated:
2020-08-13

ID:
MITRE:968
Title:
oval:org.mitre.oval:def:968: MS Jet Database Buffer Overflow
Type:
Services
Bulletins:
MITRE:968
CVE-2004-0197
Severity:
High
Description:
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
Applies to:
Microsoft Jet 4.0 Database Engine
Created:
2004-05-25
Updated:
2020-01-23

ID:
MITRE:585
Title:
oval:org.mitre.oval:def:585: MS Word 97 Macro Names Buffer Overflow
Type:
Software
Bulletins:
MITRE:585
CVE-2003-0820
Severity:
High
Description:
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Applies to:
Microsoft Word 97
Created:
2004-03-25
Updated:
2018-09-11

ID:
MITRE:586
Title:
oval:org.mitre.oval:def:586: MS Word 98 Macro Names Buffer Overflow
Type:
Software
Bulletins:
MITRE:586
CVE-2003-0820
Severity:
High
Description:
Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack.
Applies to:
Microsoft Word 98
Created:
2004-03-25
Updated:
2018-09-11

ID:
MITRE:141
Title:
oval:org.mitre.oval:def:141: Microsoft Internet Explorer MIME Hack
Type:
Web
Bulletins:
MITRE:141
CVE-2001-0154
Severity:
Low
Description:
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
Applies to:
Microsoft Internet Explorer
Created:
2004-03-25
Updated:
2020-01-23

ID:
MITRE:675
Title:
oval:org.mitre.oval:def:675: MS Excel 97 Malicious Macro Security Bypass Vulnerability
Type:
Software
Bulletins:
MITRE:675
CVE-2003-0821
Severity:
High
Description:
Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model.
Applies to:
Microsoft Excel 97
Created:
2004-03-25
Updated:
2018-09-11

ID:
CVE-2004-0054
Title:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the...
Type:
Hardware
Bulletins:
CVE-2004-0054
SFBID9406
Severity:
High
Description:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Applies to:
Created:
2004-02-17
Updated:
2020-08-14

ID:
CVE-2004-0129
Title:
phpMyAdmin mysql web administration tool vulnerability
Type:
Services
Bulletins:
CVE-2004-0129
SFBID9564
Severity:
Medium
Description:
This phpMyAdmin allows remote users to read sensitive files remotely.
Applies to:
phpMyAdmin
Created:
2004-02-03
Updated:
2010-08-21

ID:
CVE-2003-0789
Title:
Apache is older than 2.0.48
Type:
Miscellaneous
Bulletins:
CVE-2003-0789
SFBID8926
SFBID9504
Severity:
Low
Description:
Apache versions older than 2.0.48 have various flaws which need patching.
Applies to:
Apache
Created:
2004-01-27
Updated:
2010-08-21

ID:
CVE-2003-1001
Title:
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Type:
Hardware
Bulletins:
CVE-2003-1001
Severity:
Medium
Description:
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Applies to:
Cisco Catalyst 6500 Series Switches
Created:
2004-01-05
Updated:
2020-08-14

ID:
CVE-2003-1002
Title:
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Type:
Hardware
Bulletins:
CVE-2003-1002
Severity:
Medium
Description:
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Applies to:
Cisco Catalyst 6500 Series Switches
Created:
2004-01-05
Updated:
2020-08-14