Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2004-1325 1 Microsoft 1 Windows Media Player 2026-04-16 N/A
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
CVE-2004-1326 1 Ultrix 1 Dxterm 2026-04-16 N/A
Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute arbitrary code via a long -setup parameter.
CVE-2004-1327 1 Crystal Art Software 1 Crystal Ftp 2026-04-16 N/A
Buffer overflow in Crystal FTP Client 2.8 allows remote malicious servers to execute arbitrary code via a response to a LIST command that contains a file name with a long extension.
CVE-2004-1328 1 Hp 1 Hp-ux 2026-04-16 N/A
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
CVE-2004-1329 1 Ibm 1 Aix 2026-04-16 N/A
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
CVE-2004-1330 1 Ibm 1 Aix 2026-04-16 N/A
Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users to execute arbitrary code via a long username.
CVE-2004-1331 1 Microsoft 2 Ie, Internet Explorer 2026-04-16 N/A
The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows remote attackers to bypass the "File Download - Security Warning" dialog and save arbitrary files with arbitrary extensions via the SaveAs command.
CVE-2004-1332 1 Hp 5 Hp-ux, Hp-ux Series 700, Hp-ux Series 800 and 2 more 2026-04-16 N/A
Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request.
CVE-2004-1333 2 Linux, Redhat 3 Linux Kernel, Fedora Core, Linux 2026-04-16 N/A
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
CVE-2004-1334 2 Linux, Redhat 3 Linux Kernel, Fedora Core, Linux 2026-04-16 N/A
Integer overflow in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (kernel crash) via a cmsg_len that contains a -1, which leads to a buffer overflow.
CVE-2004-1335 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Fedora Core and 1 more 2026-04-16 N/A
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
CVE-2004-1336 2 Debian, Gentoo 2 Tetex-bin, Linux 2026-04-16 N/A
The xdvizilla script in tetex-bin 2.0.2 creates temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2004-1337 3 Conectiva, Gnu, Ubuntu 3 Linux, Realtime Linux Security Module, Ubuntu Linux 2026-04-16 N/A
The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges.
CVE-2004-1338 1 Oracle 2 Database Server, Oracle9i 2026-04-16 N/A
The triggers in Oracle 9i and 10g allow local users to gain privileges by using a sequence of partially privileged actions: using CCBKAPPLROWTRIG or EXEC_CBK_FN_DML to add arbitrary functions to the SDO_CMT_DBK_FN_TABLE and SDO_CMT_CBK_DML_TABLE, then performing a DELETE on the SDO_TXN_IDX_INSERTS table, which causes the SDO_CMT_CBK_TRIG trigger to execute the user-supplied functions.
CVE-2004-1339 1 Oracle 2 Database Server, Oracle9i 2026-04-16 N/A
SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2) MDSYS.SDO_LRS_TRIG_INS default triggers in Oracle 9i and 10g allows remote attackers to execute arbitrary SQL commands via the new.table_name or new.column_name parameters.
CVE-2004-1340 1 Debian 1 Debian Linux 2026-04-16 N/A
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
CVE-2004-1341 1 Roar Smith 1 Info2www 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 allows remote attackers to inject arbitrary web script or HTML via the arguments to info2www.
CVE-2004-1342 1 Cvs 1 Cvs 2026-04-16 N/A
CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method.
CVE-2004-1343 1 Cvs 1 Cvs 2026-04-16 N/A
CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).
CVE-2004-1345 1 Sun 3 Enterprise Storage Manager, Storedge 3310 Scsi Array, Storedge 3510 Fc Array 2026-04-16 N/A
Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) 2.1 for Solaris 8 and Solaris 9 allows local users with the "ESMUser" role to gain root access.