Sgi Propack vulnerabilities

CVE-2004-0081 [MEDIUM] CVE-2004-0081: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote atta OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

CVE-2004-1613 [MEDIUM] CVE-2004-1613: Mozilla allows remote attackers to cause a denial of service (application crash from null dereferenc Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.

CVE-2004-0523 [CRITICAL] CVE-2004-0523: Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier all Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root.

CVE-2004-0507 [CRITICAL] CVE-2004-0507: Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

CVE-2004-0226 [CRITICAL] CVE-2004-0226: Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a den Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

CVE-2004-0521 [CRITICAL] CVE-2004-0521: SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unau SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.

CVE-2004-0234 [CRITICAL] CWE-119 CVE-2004-0234: Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used i Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.

CVE-2004-0506 [MEDIUM] CVE-2004-0506: The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of servic The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.

CVE-2004-0235 [MEDIUM] CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to cr Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").

CVE-2004-0520 [MEDIUM] CVE-2004-0520: Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote att Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.

CVE-2004-0519 [MEDIUM] CVE-2004-0519: Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.

CVE-2004-0232 [MEDIUM] CVE-2004-0232: Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers t Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

CVE-2004-0505 [MEDIUM] CVE-2004-0505: The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert er The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.

CVE-2004-0504 [MEDIUM] CVE-2004-0504: Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP message Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.

CVE-2004-0233 [LOW] CVE-2004-0233: Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows l Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.

CVE-2004-0231 [LOW] CVE-2004-0231: Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "I Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

CVE-2004-0492 [CRITICAL] CVE-2004-0492: Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote at Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service (process crash) and possibly execute arbitrary code via a negative Content-Length HTTP header field, which causes a large amount of data to be copied.

CVE-2004-0414 [CRITICAL] CVE-2004-0414: CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" li CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.

CVE-2004-0416 [CRITICAL] CWE-119 CVE-2004-0416: Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x th Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.