CVE-2002-2004
published 2002-12-31CVE-2002-2004: portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
PriorityP415medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.24%
65.4th percentile
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| compaq | tru64 | — | — |
| compaq | tru64 | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_redhat10.0CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v372-4hc9-7w5p: portmapper in Compaq Tru64 4
ghsa_unreviewed·2022-04-30
CVE-2002-2004 [MEDIUM] GHSA-v372-4hc9-7w5p: portmapper in Compaq Tru64 4
portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets.
Red Hat
security flaw
vendor_redhat·2004-11-02·CVSS 10.0
CVE-2004-1006 [CRITICAL] security flaw
security flaw
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
Red Hat
CVE-2004-1717: Multiple buffer overflows in the psscan function in ps
vendor_redhat·CVSS 4.6
CVE-2004-1717 [MEDIUM] CVE-2004-1717: Multiple buffer overflows in the psscan function in ps
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
Statement: This CVE is a duplicate (rediscovery) of CVE-2002-0838
No detection rules found.
Exploit-DB
PMB Services 3.0.13 - Multiple Remote File Inclusions
exploitdb·2007-03-09
CVE-2007-1415 PMB Services 3.0.13 - Multiple Remote File Inclusions
PMB Services 3.0.13 - Multiple Remote File Inclusions
---
____________________ ___ ___ ________
\_ _____/\_ ___ \ / | \\_____ \
| __)_ / \ \// ~ \/ | \
| \\ \___\ Y / | \
/_______ / \______ /\___|_ /\_______ /
\/ \/ \/ \/
.OR.ID
ECHO_ADV_68$2007
[ECHO_ADV_68$2007] PMB Services
- - Invalid include function at opac_css/includes/author_see.inc.php :
--------------------opac_css/includes/author_see.inc.php------------------------
<?php
// +-------------------------------------------------+
// © 2002-2004 PMB Services / www.sigb.net [email protected] et contributeurs (voir www.sigb.net)
// +-------------------------------------------------+
// $Id: author_see.inc.php,v 1.32 2006/12/29 16:10:04 touraine37 Exp $
// affichage du detail pour un auteur
require_once($base_path.'/includes/templates
Exploit-DB
Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
exploitdb·2005-12-08
CVE-2005-4131 Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
---
source: https://www.securityfocus.com/bid/15780/info
Microsoft Excel is susceptible to a remote code-execution vulnerability. This issue was originally disclosed through an eBay auction that has since been terminated.
This issue is due to the application's failure to properly bounds-check user-supplied input data in the 'Named Range' definition in Excel data files. This results in the corruption of critical memory sections, allowing code execution.
The following is a proof-of-concept example segment of an Excel data file. The '*' characters represent the location of the affected value that triggers this issue. Setting these locations to '0xFF' will crash the application.
00000720 00 80 00 ff 93 02 04 00
Exploit-DB
Sysinternals Regmon 6.11 - Local Denial of Service
exploitdb·2004-08-25
CVE-2004-1748 Sysinternals Regmon 6.11 - Local Denial of Service
Sysinternals Regmon 6.11 - Local Denial of Service
---
// source: https://www.securityfocus.com/bid/11042/info
Regmon is reported prone to a local denial of service vulnerability. This issue presents itself because the application fails to handle exceptional conditions and references unvalidated pointers to kernel functions.
Successful exploitation may allow a local unauthorized attacker to cause a denial of service condition in the application. The attacker may then obfuscate changes to the registry from the administrator and carry out further attacks against a vulnerable computer.
Regmon 6.11 for NT/9x and prior versions are reportedly affected by this issue.
/*
* ntregmon-dos.c (up to 6.11)
*
* Copyright (c) 2002-2004 By Next Generation Security S.L.
* All rights reserved
* http:/
Exploit-DB
Norton AntiVirus - Denial of Service
exploitdb·2004-07-12
CVE-2004-0683 Norton AntiVirus - Denial of Service
Norton AntiVirus - Denial of Service
---
Norton AntiVirus Denial Of Service Vulnerability
*vulnerable [...only tested on!]
Symantec Norton AntiVirus 2003 Professional Edition
Symantec Norton AntiVirus 2002
*not vulnerable
Mcafee 7*
Mcafee 8*
Risk Impact: Medium
Remote: yes
Description:
While having a virus scan [automatic/manual] of some specially crafted compressed files; NAV triggers a DoS using 100% CPU for a very long time. Morover, NAV is unable to stop the scan in middle, even if the user wishes to manually stop the virus scan.
Then, in this situation the only alternate is to kill the process.
--- [Proof of Concept] ---
Please download this file.
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/312.zip (av_bomb_3.zip) <--- For symantec.
The
Exploit-DB
Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation
exploitdb·2004-07-07
CVE-2004-0682 Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation
Comersus Open Technologies Comersus 5.0 - 'comersus_gatewayPayPal.asp' Price Manipulation
---
source: https://www.securityfocus.com/bid/10674/info
Comersus Cart is reported prone to multiple vulnerabilities. These issues may allow a remote attacker to carry out cross-site scripting attacks and manipulate parameters to change the price of an order.
Comersus Cart version 5.09 is affected by these issues, however, other versions may be prone to these vulnerabilities as well.
http://www.example.com/comersus/store/comersus_gatewayPayPal.asp?idOrder=2002&OrderTotal=|102|222|228|22|130|36|209&name=Thomas&lastName=Ryan&address=123+Easy+Modify+Street&city=New+York&state=NY&zip=10001&country=US&phone=212%2D857%2D1731&email=tommy%40providesecurity%2Ecom&orderDetails=1x+%23RDHT%2F11+Red+Hat+Delux
Exploit-DB
Symantec Multiple Firewall - DNS Response Denial of Service
exploitdb·2004-05-16
CVE-2004-0445 Symantec Multiple Firewall - DNS Response Denial of Service
Symantec Multiple Firewall - DNS Response Denial of Service
---
/* HOD-symantec-firewall-DoS-expl.c:
*
* Symantec Multiple Firewall DNS Response Denial-of-Service
*
* Exploit version 0.1 coded by
*
*
* .::[ houseofdabus ]::.
*
*
*
* Bug discoveried by eEye:
* http://www.eeye.com/html/Research/Advisories/AD20040512B.html
*
* -------------------------------------------------------------------
* Tested on:
* - Symantec Norton Personal Firewall 2004
*
*
* Systems Affected:
* - Symantec Norton Internet Security 2002
* - Symantec Norton Internet Security 2003
* - Symantec Norton Internet Security 2004
* - Symantec Norton Internet Security Professional 2002
* - Symantec Norton Internet Security Professional 2003
* - Symantec Norton Internet Security Professional 2004
* - Symantec Norton Persona
Exploit-DB
Microsoft Outlook 2002 - 'Mailto' Quoting Zone Bypass
exploitdb·2004-03-09
CVE-2004-0121 Microsoft Outlook 2002 - 'Mailto' Quoting Zone Bypass
Microsoft Outlook 2002 - 'Mailto' Quoting Zone Bypass
---
source: https://www.securityfocus.com/bid/9827/info
Microsoft Outlook is prone to a vulnerability that may permit execution of arbitrary code on client systems. This issue is exposed through Outlook, but will reportedly cause Internet Explorer to load malicious content in the Local Zone.
This is related to how mailto URIs are handled by the software and may be exploited from a malicious web page or through HTML e-mail. This issue will permit a remote attacker to influence how Outlook invoked via mailto URIs, allowing for execution of malicious scripting in the Local Zone through an attacker-specified Outlook profile parameter.
** It was initially reported that exploitation of this issue will depend on the Outlook Today page bei
Bugzilla
CVE-2004-1006 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2004-1006 [CRITICAL] CVE-2004-1006 security flaw
CVE-2004-1006 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
Bugzilla
CAN-2003-0977 fix pushed for RH9, but not FC1
bugzilla·2004-03-20
[MEDIUM] CAN-2003-0977 fix pushed for RH9, but not FC1
CAN-2003-0977 fix pushed for RH9, but not FC1
Description of problem:
CAN-2003-0977 fix pushed for RH9, but not FC1
Version-Release number of selected component (if applicable):
cvs-1.11.5-3
Additional info:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=111221#c5
https://rhn.redhat.com/errata/RHSA-2004-003.html
http://ccvs.cvshome.org/servlets/NewsItemView?newsID=84
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0977
Discussion:
A rebuild from cvs-1.11.11-1 (or higher) from Fedora Development
at Fedora Core 1 solves the problem, so maybe one of the Red Hat
maintainers could do that? Would be very nice :)
BTW: Maybe the kerberos 4 support has to be disabled.
---
Maybe that issue is fixed soon by one of
CWE
Path Equivalence: 'filename/' (Trailing Slash)
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-49 Path Equivalence: 'filename/' (Trailing Slash)
CWE-49: Path Equivalence: 'filename/' (Trailing Slash)
The product accepts path input in the form of trailing slash ('filedir/') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
Phase: Implementation
Phase: Operation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories.
Observed Examples:
CVE-2002-0253: Overlaps infoleak
CVE-2001-0446: Application server allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
CVE-2004-0334: Bypass Basic Authentication for files using trailing "/"
CVE-2001-0893: Read sensitive files with trailing "/
CWE
Path Equivalence: '//multiple/leading/slash'
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-50 Path Equivalence: '//multiple/leading/slash'
CWE-50: Path Equivalence: '//multiple/leading/slash'
The product accepts path input in the form of multiple leading slash ('//multiple/leading/slash') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality, Integrity. Impact: Read Files or Directories, Modify Files or Directories.
Observed Examples:
CVE-2002-1483: Read files with full pathname using multiple internal slash.
CVE-1999-1456: Server allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
CVE-2004-0578: Server allows remote attackers to read ar
CWE
Path Equivalence: 'filename.' (Trailing Dot)
mitre_cwe·CVSS 5.0
CVE-2000-1114 [MEDIUM] CWE-42 Path Equivalence: 'filename.' (Trailing Dot)
CWE-42: Path Equivalence: 'filename.' (Trailing Dot)
The product accepts path input in the form of trailing dot ('filedir.') without appropriate validation, which can lead to ambiguous path resolution and allow an attacker to traverse the file system to unintended locations or access arbitrary files.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Access Control. Impact: Bypass Protection Mechanism.
Observed Examples:
CVE-2000-1114: Source code disclosure using trailing dot
CVE-2002-1986: Source code disclosure using trailing dot
CVE-2004-2213: Source code disclosure using trailing dot
CVE-2005-3293: Source code disclosure using trailing dot
CVE-2004-0061: Bypass directory access restrictions using trailing dot in URL
CVE-2000-1133: Bypass directory access rest
CWE
Improper Handling of Missing Values
mitre_cwe·CVSS 5.0
[MEDIUM] CWE-230 Improper Handling of Missing Values
CWE-230: Improper Handling of Missing Values
The product does not handle or incorrectly handles when a parameter, field, or argument name is specified, but the associated value is missing, i.e. it is empty, blank, or null.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Unexpected State.
Examples:
This Android application has registered to handle a URL when sent an intent:
The application assumes the URL will always be included in the intent. When the URL is not present, the call to getStringExtra() will return null, thus causing a null pointer exception when length() is called.
Observed Examples:
CVE-2002-0422: Blank Host header triggers resultant infoleak.
CVE-2000-1006: Blank "charset" attribute in MIME header triggers crash.
CVE-2004-150
2002-12-31
Published