ID: CVE-2004-2556 |
Title: NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. |
Type: Hardware |
Bulletins:
CVE-2004-2556 SFBID10459 |
Severity: Medium |
Description: NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration. | ||||
Applies to: Netgear Wireless AP WG602 |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-2557 |
Title: NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. |
Type: Hardware |
Bulletins:
CVE-2004-2557 SFBID10459 |
Severity: Medium |
Description: NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration. | ||||
Applies to: Netgear Wireless AP WG602 |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-2507 |
Title: Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. |
Type: Hardware |
Bulletins:
CVE-2004-2507 SFBID10476 |
Severity: Medium |
Description: Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter. | ||||
Applies to: wvc11b |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-2508 |
Title: Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. |
Type: Hardware |
Bulletins:
CVE-2004-2508 SFBID10533 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter. | ||||
Applies to: wvc11b |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-2606 |
Title: The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. |
Type: Hardware |
Bulletins:
CVE-2004-2606 SFBID10441 |
Severity: High |
Description: The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled. | ||||
Applies to: befsr41 v3 wrt54g |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-2377 |
Title: Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. |
Type: Hardware |
Bulletins:
CVE-2004-2377 SFBID9745 |
Severity: Medium |
Description: Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled. | ||||
Applies to: OmniSwitch 7800 |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-0467 |
Title: Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at... |
Type: Hardware |
Bulletins:
CVE-2004-0467 SFBID12379 |
Severity: Medium |
Description: Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed. | ||||
Applies to: |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-1446 |
Title: Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. |
Type: Hardware |
Bulletins:
CVE-2004-1446 SFBID10854 |
Severity: Medium |
Description: Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet. | ||||
Applies to: |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-2691 |
Title: Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this... |
Type: Hardware |
Bulletins:
CVE-2004-2691 |
Severity: High |
Description: Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports. | ||||
Applies to: 3Com SS3-4400-24PWR |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-1454 |
Title: Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet. |
Type: Hardware |
Bulletins:
CVE-2004-1454 SFBID10971 |
Severity: Medium |
Description: Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet. | ||||
Applies to: |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-1464 |
Title: Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. |
Type: Hardware |
Bulletins:
CVE-2004-1464 SFBID11060 |
Severity: Medium |
Description: Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port. | ||||
Applies to: |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: CVE-2004-1775 |
Title: Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. |
Type: Hardware |
Bulletins:
CVE-2004-1775 SFBID5030 |
Severity: Medium |
Description: Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string. | ||||
Applies to: |
Created: 2004-12-31 |
Updated: 2020-08-14 |
ID: MITRE:5070 |
Title: oval:org.mitre.oval:def:5070: Windows NT NNTP Component Buffer Overflow |
Type: Services |
Bulletins:
MITRE:5070 CVE-2004-0574 |
Severity: Low |
Description: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | ||||
Applies to: Network News Transport Protocol (NNTP) |
Created: 2004-12-09 |
Updated: 2020-08-13 |
ID: MITRE:4392 |
Title: oval:org.mitre.oval:def:4392: Windows Server 2003 NNTP Component Buffer Overflow |
Type: Services |
Bulletins:
MITRE:4392 CVE-2004-0574 |
Severity: Low |
Description: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | ||||
Applies to: Network News Transport Protocol (NNTP) |
Created: 2004-12-09 |
Updated: 2020-01-23 |
ID: MITRE:5926 |
Title: oval:org.mitre.oval:def:5926: Windows 2000 NNTP Component Buffer Overflow |
Type: Services |
Bulletins:
MITRE:5926 CVE-2004-0574 |
Severity: Low |
Description: The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows. | ||||
Applies to: Network News Transport Protocol (NNTP) |
Created: 2004-12-09 |
Updated: 2020-01-23 |
ID: CVE-2004-0611 |
Title: Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. |
Type: Hardware |
Bulletins:
CVE-2004-0611 SFBID10585 |
Severity: Medium |
Description: Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections. | ||||
Applies to: FVS318v3 Firewall |
Created: 2004-12-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0615 |
Title: Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a... |
Type: Hardware |
Bulletins:
CVE-2004-0615 SFBID10587 |
Severity: Medium |
Description: Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request. | ||||
Applies to: DI-614+B DI-624 DI-704P |
Created: 2004-12-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0468 |
Title: Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. |
Type: Hardware |
Bulletins:
CVE-2004-0468 |
Severity: Medium |
Description: Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets. | ||||
Applies to: |
Created: 2004-12-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0312 |
Title: Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. |
Type: Hardware |
Bulletins:
CVE-2004-0312 SFBID9688 |
Severity: Medium |
Description: Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2. | ||||
Applies to: wap55ag |
Created: 2004-11-23 |
Updated: 2020-08-14 |
ID: CVE-2004-0244 |
Title: Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet,... |
Type: Hardware |
Bulletins:
CVE-2004-0244 SFBID9562 |
Severity: Medium |
Description: Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet. | ||||
Applies to: |
Created: 2004-11-23 |
Updated: 2020-08-14 |
ID: CVE-2004-0352 |
Title: Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. |
Type: Hardware |
Bulletins:
CVE-2004-0352 SFBID9806 |
Severity: Medium |
Description: Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002. | ||||
Applies to: Cisco CSS 11050 Content Services Switch Cisco CSS 11100 Content Services Switch Series Cisco CSS 11150 Content Services Switch Cisco CSS 11800 Content Services Switch |
Created: 2004-11-23 |
Updated: 2020-08-14 |
ID: MITRE:188 |
Title: oval:org.mitre.oval:def:188: MS Word Macro Security Bypass Vulnerability |
Type: Software |
Bulletins:
MITRE:188 CVE-2003-0664 |
Severity: High |
Description: Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certain properties of a document, which allows attackers to bypass the macro security model and automatically execute arbitrary macros via a malicious document. | ||||
Applies to: Microsoft Word 2000 Microsoft Word 2002 Microsoft Word 97 |
Created: 2004-09-29 |
Updated: 2018-09-11 |
ID: CVE-2004-1650 |
Title: D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. |
Type: Hardware |
Bulletins:
CVE-2004-1650 SFBID11072 |
Severity: High |
Description: D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet. | ||||
Applies to: DCS-900 |
Created: 2004-08-31 |
Updated: 2020-08-14 |
ID: CVE-2004-0580 |
Title: DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. |
Type: Hardware |
Bulletins:
CVE-2004-0580 SFBID10329 |
Severity: Medium |
Description: DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information. | ||||
Applies to: BEFSR41 BEFSR81 BEFSX41 BEFVP41 befsr11 befsr41w befsru31 wap55ag wrt54g |
Created: 2004-08-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0661 |
Title: Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid... |
Type: Hardware |
Bulletins:
CVE-2004-0661 SFBID10621 |
Severity: Medium |
Description: Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years. | ||||
Applies to: DI-604 DI-614+B DI-624 |
Created: 2004-08-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0551 |
Title: Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the... |
Type: Hardware |
Bulletins:
CVE-2004-0551 |
Severity: Medium |
Description: Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack." | ||||
Applies to: Cisco Catalyst 2902 Switch Cisco Catalyst 2926 Switch Cisco Catalyst 2926GL Switch Cisco Catalyst 2948G-GE-TX Switch Cisco Catalyst 2980G Switch Cisco Catalyst 2980G-A... Cisco Catalyst C2948G-L3 Ethernet Switch |
Created: 2004-08-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0589 |
Title: Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages. |
Type: Hardware |
Bulletins:
CVE-2004-0589 |
Severity: Medium |
Description: Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages. | ||||
Applies to: |
Created: 2004-08-06 |
Updated: 2020-08-14 |
ID: CVE-2004-0710 |
Title: IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of... |
Type: Hardware |
Bulletins:
CVE-2004-0710 SFBID10083 |
Severity: Medium |
Description: IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet. | ||||
Applies to: |
Created: 2004-07-27 |
Updated: 2020-08-14 |
ID: MITRE:2190 |
Title: oval:org.mitre.oval:def:2190: Windows XP (32-Bit) DirectPlay Denial of Service |
Type: Software |
Bulletins:
MITRE:2190 CVE-2004-0202 |
Severity: Medium |
Description: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
Applies to: DirectX |
Created: 2004-07-21 |
Updated: 2020-01-23 |
ID: MITRE:2413 |
Title: oval:org.mitre.oval:def:2413: Windows XP (64-Bit) DirectPlay Denial of Service |
Type: Software |
Bulletins:
MITRE:2413 CVE-2004-0202 |
Severity: Medium |
Description: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
Applies to: DirectX |
Created: 2004-07-21 |
Updated: 2020-01-23 |
ID: MITRE:2516 |
Title: oval:org.mitre.oval:def:2516: Windows Server 2003 (32-Bit) DirectPlay Denial of Service |
Type: Software |
Bulletins:
MITRE:2516 CVE-2004-0202 |
Severity: Medium |
Description: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
Applies to: DirectX |
Created: 2004-07-21 |
Updated: 2020-01-23 |
ID: MITRE:2705 |
Title: oval:org.mitre.oval:def:2705: Windows XP/Server 2003 DirectPlay Denial of Service |
Type: Software |
Bulletins:
MITRE:2705 CVE-2004-0202 |
Severity: Medium |
Description: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
Applies to: DirectX |
Created: 2004-07-21 |
Updated: 2020-01-23 |
ID: CVE-2002-0082 |
Title: mod_ssl is old |
Type: Services |
Bulletins:
CVE-2002-0082 SFBID10736 |
Severity: High |
Description: mod ssl older than 2.8.7 have a buffer over which could allow users to gain a shell remotely. | ||||
Applies to: Apache |
Created: 2004-07-16 |
Updated: 2010-08-21 |
ID: CVE-2004-0595 |
Title: PHP older than 4.3.8 |
Type: Services |
Bulletins:
CVE-2004-0595 SFBID10724 |
Severity: Medium |
Description: PHP older than 4.3.8 is vulnerable to a remote code execution vulnerability. | ||||
Applies to: PHP |
Created: 2004-07-14 |
Updated: 2010-08-21 |
ID: MITRE:1027 |
Title: oval:org.mitre.oval:def:1027: Windows 2000 DirectPlay Denial of Service |
Type: Miscellaneous |
Bulletins:
MITRE:1027 CVE-2004-0202 |
Severity: Medium |
Description: IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet. | ||||
Applies to: Microsoft DirectPlay |
Created: 2004-07-12 |
Updated: 2020-01-23 |
ID: MITRE:958 |
Title: oval:org.mitre.oval:def:958: Windows XP RPCSS Service DCOM Activation Denial of Service |
Type: Software |
Bulletins:
MITRE:958 CVE-2004-0116 |
Severity: Medium |
Description: An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field. | ||||
Applies to: |
Created: 2004-06-16 |
Updated: 2020-08-13 |
ID: MITRE:900 |
Title: oval:org.mitre.oval:def:900: Windows XP RPCSS DCOM Buffer Overflow |
Type: Software |
Bulletins:
MITRE:900 CVE-2003-0813 |
Severity: Medium |
Description: A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities. | ||||
Applies to: |
Created: 2004-06-16 |
Updated: 2020-08-13 |
ID: MITRE:1014 |
Title: oval:org.mitre.oval:def:1014: IE File Download Dialog Deception Vulnerability |
Type: Web |
Bulletins:
MITRE:1014 CVE-2001-0875 |
Severity: Low |
Description: Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download. | ||||
Applies to: Microsoft Internet Explorer |
Created: 2004-06-16 |
Updated: 2020-01-23 |
ID: MITRE:921 |
Title: oval:org.mitre.oval:def:921: IE File Execution User-prompt Bypass Vulnerability |
Type: Web |
Bulletins:
MITRE:921 CVE-2001-0727 |
Severity: Low |
Description: Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability." | ||||
Applies to: Microsoft Internet Explorer |
Created: 2004-06-16 |
Updated: 2020-01-23 |
ID: MITRE:925 |
Title: oval:org.mitre.oval:def:925: MS IE HTML Directive Buffer Overflow |
Type: Web |
Bulletins:
MITRE:925 CVE-2002-0022 |
Severity: High |
Description: Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated. | ||||
Applies to: Microsoft Internet Explorer |
Created: 2004-06-16 |
Updated: 2020-01-23 |
ID: MITRE:974 |
Title: oval:org.mitre.oval:def:974: IE Frame Domain Verification Vulnerability |
Type: Web |
Bulletins:
MITRE:974 CVE-2002-0027 |
Severity: High |
Description: Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874. | ||||
Applies to: Microsoft Internet Explorer |
Created: 2004-06-16 |
Updated: 2020-01-23 |
ID: CVE-2004-0413 |
Title: Subversion version older than 1.0.5 |
Type: Services |
Bulletins:
CVE-2004-0413 SFBID10519 |
Severity: Low |
Description: Additional Bugtraq IDs: http://www.securityfocus.com/bid/10386 http://www.securityfocus.com/bid/10428 | ||||
Applies to: Subversion |
Created: 2004-06-11 |
Updated: 2010-08-21 |
ID: MITRE:990 |
Title: oval:org.mitre.oval:def:990: Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability |
Type: |
Bulletins:
MITRE:990 CVE-2004-0380 |
Severity: Low |
Description: The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability." | ||||
Applies to: Microsoft Outlook Express |
Created: 2004-05-25 |
Updated: 2020-01-23 |
ID: MITRE:946 |
Title: oval:org.mitre.oval:def:946: Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
MITRE:946 CVE-2004-0117 |
Severity: High |
Description: Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. | ||||
Applies to: |
Created: 2004-05-25 |
Updated: 2020-08-13 |
ID: MITRE:885 |
Title: oval:org.mitre.oval:def:885: Windows Server 2003 SSL Library Denial of Service |
Type: Software |
Bulletins:
MITRE:885 CVE-2004-0120 |
Severity: Medium |
Description: The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | ||||
Applies to: |
Created: 2004-05-25 |
Updated: 2020-08-13 |
ID: MITRE:886 |
Title: oval:org.mitre.oval:def:886: Windows XP SSL Library Denial of Service |
Type: Software |
Bulletins:
MITRE:886 CVE-2004-0120 |
Severity: Medium |
Description: The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages. | ||||
Applies to: |
Created: 2004-05-25 |
Updated: 2020-08-13 |
ID: MITRE:898 |
Title: oval:org.mitre.oval:def:898: Windows XP LSASS Buffer Overflow |
Type: Software |
Bulletins:
MITRE:898 CVE-2003-0533 |
Severity: High |
Description: Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | ||||
Applies to: |
Created: 2004-05-25 |
Updated: 2020-08-13 |
ID: MITRE:919 |
Title: oval:org.mitre.oval:def:919: Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability |
Type: Software |
Bulletins:
MITRE:919 CVE-2003-0533 |
Severity: High |
Description: Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm. | ||||
Applies to: |
Created: 2004-05-25 |
Updated: 2020-08-13 |
ID: MITRE:964 |
Title: oval:org.mitre.oval:def:964: Windows XP H.323 Protocol Remote Code Execution Vulnerability |
Type: Software |
Bulletins:
MITRE:964 CVE-2004-0117 |
Severity: High |
Description: Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code. | ||||
Applies to: |
Created: 2004-05-25 |
Updated: 2020-08-13 |
ID: MITRE:968 |
Title: oval:org.mitre.oval:def:968: MS Jet Database Buffer Overflow |
Type: Services |
Bulletins:
MITRE:968 CVE-2004-0197 |
Severity: High |
Description: Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query. | ||||
Applies to: Microsoft Jet 4.0 Database Engine |
Created: 2004-05-25 |
Updated: 2020-01-23 |
ID: MITRE:585 |
Title: oval:org.mitre.oval:def:585: MS Word 97 Macro Names Buffer Overflow |
Type: Software |
Bulletins:
MITRE:585 CVE-2003-0820 |
Severity: High |
Description: Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||||
Applies to: Microsoft Word 97 |
Created: 2004-03-25 |
Updated: 2018-09-11 |
ID: MITRE:586 |
Title: oval:org.mitre.oval:def:586: MS Word 98 Macro Names Buffer Overflow |
Type: Software |
Bulletins:
MITRE:586 CVE-2003-0820 |
Severity: High |
Description: Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2001 through 2004, do not properly check the length of the "Macro names" data value, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. | ||||
Applies to: Microsoft Word 98 |
Created: 2004-03-25 |
Updated: 2018-09-11 |
ID: MITRE:141 |
Title: oval:org.mitre.oval:def:141: Microsoft Internet Explorer MIME Hack |
Type: Web |
Bulletins:
MITRE:141 CVE-2001-0154 |
Severity: Low |
Description: HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. | ||||
Applies to: Microsoft Internet Explorer |
Created: 2004-03-25 |
Updated: 2020-01-23 |
ID: MITRE:675 |
Title: oval:org.mitre.oval:def:675: MS Excel 97 Malicious Macro Security Bypass Vulnerability |
Type: Software |
Bulletins:
MITRE:675 CVE-2003-0821 |
Severity: High |
Description: Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute arbitrary code via a spreadsheet with a malicious XLM (Excel 4) macro that bypasses the macro security model. | ||||
Applies to: Microsoft Excel 97 |
Created: 2004-03-25 |
Updated: 2018-09-11 |
ID: CVE-2004-0054 |
Title: Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the... |
Type: Hardware |
Bulletins:
CVE-2004-0054 SFBID9406 |
Severity: High |
Description: Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol. | ||||
Applies to: |
Created: 2004-02-17 |
Updated: 2020-08-14 |
ID: CVE-2004-0129 |
Title: phpMyAdmin mysql web administration tool vulnerability |
Type: Services |
Bulletins:
CVE-2004-0129 SFBID9564 |
Severity: Medium |
Description: This phpMyAdmin allows remote users to read sensitive files remotely. | ||||
Applies to: phpMyAdmin |
Created: 2004-02-03 |
Updated: 2010-08-21 |
ID: CVE-2003-0789 |
Title: Apache is older than 2.0.48 |
Type: Miscellaneous |
Bulletins:
CVE-2003-0789 SFBID8926 SFBID9504 |
Severity: Low |
Description: Apache versions older than 2.0.48 have various flaws which need patching. | ||||
Applies to: Apache |
Created: 2004-01-27 |
Updated: 2010-08-21 |
ID: CVE-2003-1001 |
Title: Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. |
Type: Hardware |
Bulletins:
CVE-2003-1001 |
Severity: Medium |
Description: Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication. | ||||
Applies to: Cisco Catalyst 6500 Series Switches |
Created: 2004-01-05 |
Updated: 2020-08-14 |
ID: CVE-2003-1002 |
Title: Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. |
Type: Hardware |
Bulletins:
CVE-2003-1002 |
Severity: Medium |
Description: Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set. | ||||
Applies to: Cisco Catalyst 6500 Series Switches |
Created: 2004-01-05 |
Updated: 2020-08-14 |