cbcvebase.

Sgi Propack vulnerabilities

54 known vulnerabilities affecting sgi/propack.

Total CVEs
54
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH12MEDIUM28LOW4

Vulnerabilities

Page 1 of 3
CVE-2004-0416P3CRITICALCVSS 10.0PoCv2.4v3.02004-08-06
CVE-2004-0416 [CRITICAL] CWE-119 CVE-2004-0416: Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x th Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
nvd
CVE-2004-0104P3HIGHCVSS 7.5PoCv2.3v2.42004-03-03
CVE-2004-0104 [HIGH] CVE-2004-0104: Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
nvd
CVE-2004-0110P3HIGHCVSS 7.5PoCv2.3v2.42004-03-15
CVE-2004-0110 [HIGH] CVE-2004-0110: Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 throu Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
nvd
CVE-2004-0519P4MEDIUMCVSS 6.8PoCv3.02004-08-18
CVE-2004-0519 [MEDIUM] CVE-2004-0519: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
nvd
CVE-2004-0492P3CRITICALCVSS 10.0v2.42004-08-06
CVE-2004-0492 [CRITICAL] CVE-2004-0492: Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote at Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.
nvd
CVE-2004-1471P4HIGHCVSS 7.1PoCv2.4v3.02004-12-31
CVE-2004-1471 [HIGH] CVE-2004-1471: Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 al Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
nvd
CVE-2004-0523P3CRITICALCVSS 10.0v2.4v3.02004-08-18
CVE-2004-0523 [CRITICAL] CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier all Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.
nvd
CVE-2004-0520P4MEDIUMCVSS 6.8PoCv3.02004-08-18
CVE-2004-0520 [MEDIUM] CVE-2004-0520: Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote att Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
nvd
CVE-2004-0424P4HIGHCVSS 7.2PoCv3.02004-07-07
CVE-2004-0424 [HIGH] CVE-2004-0424: Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 throu Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option.
nvd
CVE-2004-0639P4MEDIUMCVSS 6.8PoCv3.02004-08-06
CVE-2004-0639 [MEDIUM] CVE-2004-0639: Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.
nvd
CVE-2004-0418P3CRITICALCVSS 10.0v2.4v3.02004-08-06
CVE-2004-0418 [CRITICAL] CVE-2004-0418: serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empt serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
nvd
CVE-2003-0795P4MEDIUMCVSS 5.0PoCv2.2.1v2.32003-12-15
CVE-2003-0795 [MEDIUM] CWE-20 CVE-2003-0795: The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotia The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.
nvd
CVE-2004-0234P3CRITICALCVSS 10.0v2.4v3.02004-08-18
CVE-2004-0234 [CRITICAL] CWE-119 CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used i Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
nvd
CVE-2004-0507P3CRITICALCVSS 10.0v2.4v3.02004-08-18
CVE-2004-0507 [CRITICAL] CVE-2004-0507: Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
nvd
CVE-2005-0156P4LOWCVSS 2.1PoCv3.02005-02-07
CVE-2005-0156 [LOW] CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sper Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
nvd
CVE-2004-0414P3CRITICALCVSS 10.0v2.4v3.02004-08-06
CVE-2004-0414 [CRITICAL] CVE-2004-0414: CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" li CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
nvd
CVE-2004-0105P3HIGHCVSS 7.5v2.3v2.42004-03-03
CVE-2004-0105 [HIGH] CVE-2004-0105: Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary co Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
nvd
CVE-2004-1307P3HIGHCVSS 7.5v3.02004-12-21
CVE-2004-1307 [HIGH] CVE-2004-1307: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remot Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
nvd
CVE-2004-0521P3CRITICALCVSS 10.0v3.02004-08-18
CVE-2004-0521 [CRITICAL] CVE-2004-0521: SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unau SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
nvd
CVE-2004-0233P4LOWCVSS 2.1PoCv2.4v3.02004-08-18
CVE-2004-0233 [LOW] CVE-2004-0233: Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows l Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
nvd
Sgi Propack vulnerabilities | cvebase