Windows Operating Systems Only |
Vendor & Software Name |
Common Name |
Risk |
Source |
|
21-6 Productions
Orbz 2.10 and prior |
21-6 Productions Orbz Password Field Buffer
Overflow |
High |
SB04-350
SB04-336
|
1st Class Internet Solutions
1st Class Mail Server 4.0 |
1st Class Mail Server Remote Buffer Overflow
|
|
SB04-077 |
1st Class Internet Solutions
1st Class Mail Server 4.01 |
1st Class Mail Server Multiple Input Validation Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-105 |
2Wire, Inc.
Home Portal Series |
2Wire HomePortal Series Directory Traversal & Cross-Site Scripting |
Medium |
|
3am Labs Ltd.
RemotelyAnywhere Enterprise Edition |
Remotely Anywhere Login Message Injection |
Medium |
|
ACLogic
CesarFTP 0.98b, 0.99 g, 0.99 e |
CesarFTP Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-252 |
ACLogic
CesarFTP 0.99 e |
CesarFTP Remote Denial of Service
|
Low |
SB04-058
CyberNotes-2004-01 |
Acme Laboratories
thttpd 2.07 beta 0.4 10dec99 |
thttpd Input Validation Error Discloses Files to Remote Users |
Medium |
SB04-231 |
Active Server Corner
ASP Calendar 1.0 |
Active Server Corner ASP Calendar Administrative Access
|
High |
SB04-357 |
ActivePost
Standard 3.0, 3.1 |
ActivePost Messenger Multiple Remote Vulnerabilities
|
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-273 |
Adobe Systems
Adobe Acrobat 5.0.5 and prior, possibly 6.0.2 |
Adobe Acrobat/Acrobat Reader ActiveX Control Buffer Overflow Vulnerability
CVE Name:
CAN-2004-0629 |
High |
SB04-259
|
Adobe Systems Inc.
Acrobat Reader 5.1 |
Acrobat Reader XFDF File Handler Remote
Buffer Overflow
CVE Name:
CAN-2004-0194
|
|
SB04-077 |
Adobe Systems Incorpor-ated
Photoshop 8.0 |
Photoshop COM Objects Remote Denial of Service
|
Low |
SB04-105 |
Adobe
Adobe Acrobat Reader version 6.0.1 |
Adobe Reader 6.0 Filename Handler Buffer Overflow Vulnerability
CVE Name:
CAN-2004-0632 |
High |
SB04-203 |
Adobe
Adobe Acrobat 6.01 and 6.02; Adobe Reader 6.01 and 6.02 |
Adobe Acrobat / Adobe Reader Disclosure of Sensitive Information |
Medium |
SB04-294 |
Agnitum
Outpost Firewall Pro 2.1
|
Agnitum Outpost Firewall Pro Can Be Crashed By Remote Users Sending a Sustained Packet Flood |
Low |
SB04-147 |
Agnitum
Outpost Firewall 1.0. 2.0 |
Outpost Firewall Local Privilege Escalation |
High |
|
Akella
Age of Sail II 1.04.151 and prior versions |
Akella Age of Sail II Buffer Overflow |
High |
SB04-308
SB04-301 |
Alan Ward
A-Cart 2.0, A-Cart PRO 2.0 |
A-Cart Multiple Remote Input Validation
|
High |
SB04-105 |
Aldo's Tools
Aldo's Web Server 1.5 |
Aldo's Web Server Multiple
Input Validation
|
Medium |
SB04-133 |
Allied Telesyn
AT-TFTP Server version 1.8 and prior |
Allied Telesyn AT-TFTP Server Arbitrary File Execution or Denial of Service
|
Low/High
(High if arbitrary code can be executed)
|
SB04-308 |
AlShare Software
NetNote Server 2.2 (build 230) |
NetNote Server Remote Denial of Service
|
Low |
SB04-322 |
Altiris
AClient Service for Windows 5.6.181; 5.6 SP1 (Hotfix E) |
Altiris AClient Service Windows Tray Icon Access Control |
Medium |
SB04-329
|
Altiris
Altiris Carbon Copy Solution 6.0.5257 |
Altiris Carbon Copy Solution Privilege Escalation |
Medium |
SB04-301 |
Altiris
Altiris Deployment Server 5.x, 6.x; 6.1sp1 and prior versions |
Altiris Deployment Server Client Authentication Hole |
High |
SB04-301 |
Alt-N
MDaemon 7.2, 6.8.0-6.8.5 |
Alt-N MDaemon Privilege Escalation
|
Medium |
SB04-336
SB04-343 |
Alt-N Technologies
MDaemon/World Client 6.52 - 6.85
|
MDaemon/ WorldClient ‘Form2Raw’ Remote
Buffer Overflow
|
|
SB04-091
CyberNotes-2004-01 |
Alt-N Technologies
MDaemon 6.5.1 |
MDaemon IMAP/SMTP Server Multiple Remote Buffer Overflows |
Low/High
(High if arbitrary code can be executed)
|
SB04-273 |
| Alt-N
MDaemon 2.8-6.8.5
|
Alt-N MDaemon Remote Status Command Buffer Overflow Vulnerability |
Low/High
(High if arbitrary code can be executed)
|
SB04-147 |
altSoft
aGSM 2.35 c |
aGSM Half-Life Server Info Response Buffer Overflow |
High |
SB04-245 |
AMAX Information Technologies Inc.
Magic Winmail Server 3.6 |
Magic Winmail Server LDapLib.PHP Remote Information Disclosure |
Medium |
SB04-077 |
AMAX Information Technologies Inc.
Winmail Server 4.0 (Build 1112) |
Winmail Server 'chgpwd.php', 'domain.php', and 'user.php' Information Disclosure |
Medium |
SB04-350 |
America Online
Instant Messenger all versions |
Instant Messenger Remote Denial of Service |
Low |
|
America OnLine
Instant Messenger 4.3, 4.3.2229, 4.4-4.7, 4.7.2480, 4.8 .2646, 4.8.2616, 4.8.2790, 5.0.2938, 5.1.3036, 5.2.3292, 5.5, 5.5.3415 Beta |
AOL Instant Messenger Buddy Icon |
High |
SB04-077 |
Anteco Visual Technologies
Own Server 1.0 & prior |
OwnServer Directory Traversal |
Medium |
|
Apache Software Foundation
Apache 2.0.49 (Win32) with PHP 5.0.0 RC2 |
Apache Can Be Crashed By PHP Code |
Low |
SB04-203 |
Apache Software Foundation
Apache 0.8.11, 0.8.14, 1.0, 1.0.2, 1.0.3, 1.0.5, 1.1, 1.1.1, 1.2, 1.2.5, 1.3, 1.3.1, 1.3.3, 1.3.4, 1.3.6, 1.3.7 -dev, 1.3.9, 1.3.11, 1.3.12, 1.3.14, 1.3.17- 1.3.20, 1.3.22- 1.3.29, 2.0 a9, 2.0, 2.0.28, Beta, 2.0.32, 2.0.35, 2.0.36- 2.0.48 |
Apache Cygwin Directory Traversal |
Medium |
SB04-077 |
Apple
QuickTime prior to 6.5.2 |
|
High |
SB04-308 |
ArGo Software Design
ArGoSoft FTP Server 1.4.x |
ArGoSoft FTP Server Shortcut Upload |
Not Specified |
SB04-315 |
ArGoSoft
FTP Server 1.0,
1.2.2 .2, 1.4.1 .1- 1.4.1 .5
|
ArGoSoft FTP Server Multiple Remote Vulnerabilities
|
Low/Medium/ High
(Low if a DoS; Medium is sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-077 |
ASP Portal
ASP Portal |
Multiple ASP Portal Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-058 |
AspDotNetStore
front
AspDotNetStore
front 3.3, PRO 3.3 |
AspDotNet Storefront Multiple Vulnerabilities
|
High |
SB04-175 |
ASP-Rider
ASP-Rider |
ASP-Rider Remote SQL Injection
|
High |
SB04-357 |
| ASP-Rider
ASP-Rider 1.6
|
ASP-Rider Administrative Access |
High |
SB04-175 |
Atari
Clever's Games Terminator 3: War of the Machines 1.0 |
Clever's Games Terminator 3: War of the Machines Remote Client Buffer Overflow |
|
SB04-091 |
AtHoc
AtHoc Toolbar |
AtHoc Toolbar Remote Code Execution |
High |
SB04-287 |
BEA Systems, Inc.
WebLogic Server & Express 5.1, SP1- SP13, 6.1 SP1-SP6, 7.0, SP1-SP4, 8.1, SP1 & SP2 |
WebLogic Server & Express HTTP TRACE Cross-Site Scripting
|
High |
CyberNotes-2004-03 |
BEA Systems, Inc.
WebLogic Server & Express 7.0 SP1-SP4 |
WebLogic Server & Express SSL Client Elevated Privileges |
Medium |
CyberNotes-2004-03 |
BEA Systems, Inc.
WebLogic Server & Express 8.1 (SP1 & SP2, 7.0 (SP1-SP4, 6.1 (SP1-SP6 |
WebLogic Operator/ Information Disclosure |
Medium |
CyberNotes-2004-03 |
BEA Systems, Inc.
WebLogic Server & Express 8.1, SP1 |
WebLogic Server/Express Administrator Password Disclosure |
Medium |
CyberNotes-2004-03 |
BEA Systems, Inc.
WebLogic Server & Express 8.1, SP1 |
WebLogic MBean Passwords
|
High |
CyberNotes-2004-03 |
Best Software
SalesLogix 6 |
Best Software SalesLogix Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-301
SB04-294 |
birdchat.sourceforge.net
Internet Chat Server 1.61 |
Bird Chat Remote Denial of Service |
Low |
SB04-245 |
Blaine R. Southam (BRS)
Web Weaver 1.07 |
WebWeaver ‘ISAPISkele-ton.dl’l Cross-Site Scripting |
High |
CyberNotes-2004-03 |
Blaxxun technologies GmbH
Contact 3D |
Contact 3D Remote Buffer Overflow
|
High |
SB04-105 |
Borland
Borland Web Server / (Corel Paradox 1.0b3 & prior |
Webserver for Corel Paradox Directory Traversal |
Medium |
CyberNotes-2004-03 |
BroadBoard.com
Broadboard ASP Message Board 1.x
|
Broadboard Input Validation |
High |
SB04-273 |
Burton Tjin
Chatter Box 2.0 |
ChatterBox Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
Burut Creative Team
Burut Kreed 1.5 |
Burut Kreed Game Server Multiple Remote Vulnerabilities |
Low/High
(High if arbitrary code can be executed)
|
SB04-343 |
Business Objects
Crystal Reports 10.0 |
Business Objects Crystal Reports Multiple Unspecified Vulnerabilities |
Low/ Medium
(Medium if arbitrary files can be viewed or deleted)
|
SB04-133 |
Business Objects
Crystal Reports 9, 10
Crystal Enterprise 9, 10 |
Business Objects Crystal Reports Buffer Overflow JPEG Processing |
High |
SB04-287 |
ButtUglySoftware.com
CleanCache 2.19 |
ButtUglySoftware CleanCache Fails to Delete Files |
Low
|
SB04-364 |
BYTE/ 400
Platinum FTPserver 1.0.18 |
Multiple PlatinumFTP Server Format String Vulnerabilities |
High |
|
Cactusoft Ltd.
Cactu Shop Lite 5.0 |
CactuShop Lite Remote Arbitrary File Deletion Backdoor |
Low |
SB04-058 |
CactuSoft
Cactu Shop 5.0 5.1 |
CactuShop Input Validation Vulnerabilities |
High |
SB04-105 |
CalaCode.com
@mail Webmail System 3.64 |
@mail Webmail System Cross-Site Scripting & Denial of Service |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Caucho Technology
Resin 2.1.12
|
Resin Information & Directory Listing Disclosure |
Medium |
SB04-058 |
Cerulean Studios
Trillian 0.74i |
Trillian Remote Buffer Overflow MSN Module |
|
SB04-259 |
Chris Burge
Web Server Com-pieuw.1, beta 2,
Compieuw
|
DiGi WWW Server Remote Denial of Service
|
Low |
SB04-133 |
Cisco Systems
Personal Assistant 1.4(1), 1.4(2) |
Personal Assistant Authentication Bypass |
Medium |
|
Cisco Systems
Access Control Server Solution Engine, Secure Access Control Server 3.2 (3), 3.2 (2), 3.2, Secure ACS for Windows Server 3.2 |
Secure Access Control Server Multiple Remote Vulnerabilities |
Low/Medium
(Medium if authentication can be bypassed)
|
SB04-294
SB04-245 |
Cisco Systems
CNS Network Registrar 6.0-6.0.5 .4, 6.1-6.1.1 .3 |
Cisco CNS Network Registrar DNS & DHCP Server Remote Denial of Service |
Low |
SB04-343 |
Cisco
Cisco Secure Access Control Server 3.3.1 |
Cisco Secure Access Control Server EAP-TLS Authentication |
Medium |
SB04-315 |
Cisco
Cisco Security Agent (CSA) prior to 4.0.3 build 728 |
Cisco Security Agent Specially Timed Buffer Overflow |
High |
SB04-322 |
Citrix
ICA Win32 client (The ICA Win32 Web Client, ICA Win32 Program Neighborhood Client, and ICA Win32 Program Neighborhood Agent) version 8.0 and prior |
Citrix ICA Client Keystroke Monitor |
Medium |
SB04-329 |
Citrix
Meta Frame for Microsoft Windows 2000 1.8, Meta Frame for MS NT 4.0 Server Terminal Server 1.8, Meta Frame XP for Microsoft Windows 2000 1.0, 2003 1.0, XP for MS NT 4.0 Server Terminal Server 1.0, XP Presentation Server for Windows 1.0 |
MetaFrame Presentation Target User's Client Drives |
Medium |
SB04-133 |
Citrix
Meta Frame Password Manager 2.0 |
MetaFrame Failure To Encrypt Application Password |
Medium |
SB04-105 |
Citrix
MetaFrame XP for Windows |
Citrix Metaframe XP Buffer Overflow Vulnerability |
High |
SB04-364 |
Clearswift Limited
MAIL sweeper for SMTP 4.3_13 & prior |
MAILsweeper For SMTP Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
Clearswift
MIMEsweeper for SMTP 5.0, 5.0.5 |
Clearswift MIMEsweeper For SMTP Remote Denial of Service |
Low |
SB04-350 |
Clearswift
MAILsweeper prior to 4.3.15 |
MAILsweeper Fails to Detect and Analyze Some Attachment Formats
CVE Names:
CAN-2003-0928
CAN-2003-0929
CAN-2003-0930 |
Medium |
SB04-231 |
Clearswift
MIMEsweeper for SMTP 5.x |
Clearswift MIMEsweeper for SMTP Encrypted Emails Misclassification |
Medium |
SB04-322 |
Clearswift
MIMEsweeper for Web prior to 5.0.4 |
MIMEsweeper for Web Directory Traversal Vulnerability |
Medium |
SB04-231 |
Code-Crafters
Ability Mail Server 1.x |
Ability Mail Server Cross-Site Scripting and Denial of Service Vulnerabilities |
High |
SB04-203 |
Code-Crafters
Ability (Mail and FTP) Server 2.3.4 |
Code-Crafters Ability Server Buffer Overflow |
High |
SB04-364
SB04-308
SB04-301
|
Code-Crafters
Ability Server 2.25-2.34 |
Ability Server 'APPE FTP' Command Buffer Overflow |
High |
SB04-357
SB04-350 |
| Codemasters Software Company Limited
Colin McRae Rally 04
|
Colin McRae Rally 2004 Multiplayer Remote
Denial of Service
|
Low |
SB04-161 |
| Codemasters Software Company Limited
ToCA Race Driver
|
ToCA Race Driver Multiple Remote Denial of Service
|
Medium/ Low
(Low if a DoS)
|
SB04-175 |
CoffeeCup Software
CoffeeCup Direct FTP 6.0, 6.2, CoffeeCup Free FTP 6.0, 6.2 |
CoffeeCup Direct/Free FTP ActiveX Component Remote Buffer Overflow |
High |
SB04-350
SB04-336 |
Comersus Open Technologies
Comersus Cart 5.0 991 |
Comersus Shopping Cart 'redirecturl' Input Validation |
Medium/High
(High if arbitrary code can be executed)
|
SB04-252 |
Computer Associates
Common Services 1.0, 1.1, 2.0, 2.1, 2.2, 3.0, Unicenter Network & Systems Management 3.0, Unicenter ServicePlus Service Desk 6.0 |
Computer Associates Unicenter Common Services Plaintext Password |
Medium |
SB04-280 |
Computer Associates
Control IT Advanced Edition 5.0, Enterprise Edition 5.0, 5.1, Unicenter Remote Control 5.2, Option 5.0, Option 5.1, Option German Version 5.1 |
Unicenter Remote Control & Control IT Privilege Escalation & Denial of Service
CVE Names:
CAN-2003-0996
CAN-2003-0997
CAN-2003-0998 |
Low/ Medium
(Medium if unauthorized access can be obtained) |
|
Computer Associates
eTrust EZ Antivirus 7.0, 7.0.1 .1-7.0.1.4, 7.0.1, 7.0.2 .1, 7.0.2, 7.0.3, 7.0.4 |
Computer Associates eTrust EZ Antivirus Local Insecure Default Installation
CVE Name:
CAN-2004-1149
|
Medium |
SB04-357 |
Computer Associates
eTrust EZ Antivirus prior to 7.0.2.1 |
Computer Associates eTrust EZ Antivirus Access
|
Medium |
SB04-329
|
Computer Associates
Unicenter Management Portal 2.0, 3.1 |
Unicenter Management Portal Username Disclosure |
Medium |
SB04-273 |
Computer Associates
eTrust Antivirus EE 7.0 |
eTrust Antivirus Password Protected Zip File |
High |
SB04-058 |
Computer Associates
Unicenter Remote Control English 6.0 SP1 (Build 6.0.77), GA 6.0 (6.0.56.3), QO48974 6.0 (Build 6.0.74), Unicenter Remote Control French 6.0 SP1 (Build 6.0.77), GA 6.0 (Build 6.0.74), Unicenter Remote Control German 6.0 SP1 (Build 6.0.77), GA 6.0 (Build 6.0.74) |
Computer Associates Unicenter Remote Control Remote Authentication Bypass |
High |
SB04-343 |
Crob Software Studio
Crob FTP Server 3.5.2 |
Crob FTP Server Remote Denial of Service |
Low |
SB04-058 |
Crob Software Studio
Server 3.5.1 |
Crob FTP Server Remote Directory Traversal & Remote Denial of Service
|
Low/ Medium
(Medium if sensitive information can be obtained)
|
CyberNotes-2004-03 |
Crystal Art Software
Crystal FTP Pro 2.8 |
Crystal FTP Pro Buffer Overflow |
High |
SB04-357 |
CyberStrong
eShop 4.6 |
CyberStrong eShop ASP Shopping Card Unspecified Cross-Site Scripting |
High |
SB04-294 |
Dame Ware Development LLC
Mini Remote Control Server 3.70.0.0, 3.71.0.0, 3.72.0.0 |
Mini Remote Control Buffer Overflow |
High |
|
Dame Ware Development LLC
Mini Remote Control Server 4.1.0.0 |
Mini Remote Control Server Weak Random Key Generation |
Medium |
SB04-105
SB04-091 |
Dame Ware Development LLC
Mini Remote Control Server 4.1.0.0 LLC
|
DameWare Mini Remote Control Server Clear Text Encryption Key Disclosure |
Medium |
SB04-105
SB04-091 |
Dame Ware Development LLC
Mini Remote Control Server 3.70 .0.0- 3.73.0.0, 4.0 |
Mini Remote Control Server Weak Encryption Implementation& Weak Random Key Generation |
Medium |
SB04-091 |
Danware
NetOp Host prior to 7.65 build 2004278 |
Danware NetOp Host Remote Information Disclosure
CVE Name:
CAN-2004-0950
|
Medium |
SB04-329 |
Darkwet Network
Webcam XP 1.06.945 |
WebcamXP Cross-Site Scripting |
High |
|
David Harris
Mercury (win32 version) 4.0 1a |
Mercury Mail Multiple Remote IMAP Stack Buffer Overflows |
High |
SB04-350
SB04-343 |
DAWKCo Software
POP3 Server Hosting Version w/t Web MAIL Extension. 6.1
|
POP3 with WebMAIL Extension Session Timeout Unauthorized Access |
Medium |
SB04-077 |
Dell
True Mobile 1300 WLAN Mini-PCI Card Utility 3.10.39.0 |
TrueMobile 1300 WLAN Help Application |
High |
SB04-077 |
DeSofto
MyProxy 6.58 |
DeSofto MyProxy Arbitrary Ports & Hosts Connection |
Medium |
SB04-336 |
Diebold
GEMS Central Tabulator 1.17.7, 1.18 |
GEMS Central Tabulator Vote Database Vote Modification |
Medium |
SB04-252 |
Digicraft Software
Yak! 2.1.2 |
Digicraft Yak! Directory Traversal |
Medium |
SB04-294 |
Digital Illusions
Codename Eagle 1.42 & prior |
Codename Eagle UDP Packet Processing Remote Denial of Service |
Low |
SB04-357
SB04-350 |
Digital Mapping Systems
DMS POP3 Server 1.5.3.27 |
Digital Mapping DMS POP3 Server Authentication Buffer Overflow |
High |
SB04-329 |
Digital Reality
Haegemonia 1.0, 1.0.4, 1.0.5, 1.0.7 |
Haegemonia Remote Denial of Service
|
Low |
SB04-077 |
Distinct Web Creations
Dwc_Articles 1.6 and prior versions |
Dwc_Articles Input Validation |
Medium |
SB04-301 |
DmxReady
Dmxready Site Chassis Manager |
Dmxready Site Chassis Manager Cross-Site Scripting & SQL Injection Vulnerabilities |
High |
SB04-294 |
Dogpatch Software
CF Webstore 5.0 |
CFWebstore Input Validation & Cross-Site Scripting |
High |
SB04-077 |
EA Games
Medal of Honor
Allied Assault 1.11v9 and prior;
Breakthrough 2.40b and prior;
Spearhead 2.15 and prior
|
EA Games Medal of Honor Has Buffer Overflow in 'connect' Packet |
High |
SB04-203
|
Early Impact
Product Cart 1.5, 1.6 br, br001, br003, 1.6 b, b001- b003, 1.5002, 1.5003, 1.5003 r, 1.5004, 1.6002, 1.6003, 2.0, 2.0 br000, 2.5 |
ProductCart Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-058 |
EFS Software Inc.
Easy File Sharing Web Server 1.2, 1.25 |
Easy File Sharing Web Server Information Disclosure & Remote Denial of Service |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-245 |
| EFS Software, Inc.
Easy Chat Server 1.0, 1.1, 1.2
|
Easy Chat Server Denial of Service |
Low |
SB04-189 |
Eight-fifteen Studios
efFingerD 0.2.12 |
EFFingerD Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-133 |
Electronic Arts
Need For Speed Hot Pursuit 2 version 2.42 &
prior
|
Black Box Remote Buffer Overflow
|
High |
CyberNotes-2004-03 |
ElektroPost Stockholm AB
EPiServer |
ElektroPost EPiServer Input Validation Errors |
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-301
|
Emule-Project. net
Emule 0.42 d |
eMule Remote Buffer Overflow |
High |
SB04-119
SB04-105 |
Emulive Imaging Corporation
EmuLive Server4 |
EmuLive Server4 Vulnerabilities |
LowHigh
(High if administrative access can be obtained)
|
SB04-273 |
EMUMail Inc.
EMU Webmail 5.2.7 |
EMU Webmail Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Enstar
Mailtraq 2.6.1.1677 |
Enstar Mailtraq Windows Tray Icon Access Control |
Medium |
SB04-329
|
eSignal
eSignal 7.5, 7.6 |
ESignal Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed) |
SB04-119
SB04-091 |
Ethereal Group
Ethereal 0.9 0.9.16 |
Ethereal SMB Protocol & Q.931 Dissector Remote Denial of Service
CVE Names:
CAN-2003-1012
CAN-2003-1013 |
Low |
|
Expinion.net
Member Management System 2.1 |
Member Management System Multiple Cross-Site Scripting |
High |
SB04-105
SB04-091 |
Expinion.net
News Manager Lite 2.5 |
Expinion.net News Manager Lite Multiple Vulnerabilities |
High |
SB04-105
SB04-091 |
Expinion.net
Member Management System 2.1 |
Member Management System ID Parameter SQL Injection |
High |
SB04-105
SB04-091 |
Explore Anywhere Software
NET Observe 2.0 & prior |
NETObserve Authentication Bypass |
High |
|
EZ network
eZ 3.5 .0 |
EZMeeting ‘EZNet.EXE’ Remote Buffer Overflow |
High |
|
Faronics
FreezeX 1.00.100.0666 |
Faronics FreezeX File Permissions Denial of Service Vulnerability |
Low |
SB04-364
|
Fastream Technologies
Fastream NETFile Server 7.1.2 |
Fastream NETFile Server Denial of Service |
Low |
SB04-329 |
Fastream
NetFILE FTP/Web Server 6.5.1 .980 |
NetFile FTP/Web Server Remote Denial of Service
|
Low |
SB04-119 |
FIL Security Laboratory
Twister Anti-TrojanVirus 5.5 |
Twister Anti-Trojan Virus MS DOS Device Names Scan File Failure |
High |
SB04-301 |
Finjan Software
Surfin Gate 6.x, 7.x |
SurfinGate FHTTP Restart Command |
Low |
CyberNotes-2004-03 |
Floosietek
FTGate Office 1.2, FTGate Pro 1.2 (1331), 1.2 |
FTGate Mail Server Multiple Input Validation |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-105 |
Fluid Games
The Rage 1.0 1 |
The Rage Game Server Remote Denial of Service
|
Low |
SB04-091 |
Foxmail
Foxmail Email Client - Chinese Version 4.2, 5.0, English Version 4.1 |
Foxmail Remote Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-091 |
freechat.source forge.net
FreeChat 0.1.1 a, 1.1.1 a |
FreeChat Remote Denial of Service
|
Low |
SB04-077 |
Freeform Interactive
Purge 1.4.7 & prior, Jihad 2.0.1 & prior |
Interactive Purge/Purge Jihad Game Client Remote Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
F-Secure
Anti-Virus for MS Exchange 6.0 1, 6.2, 6.21, Content Scanner Server 6.31, Internet Gatekeeper 6.3-6.32 |
F-Secure Content Scanner Server Remote Denial of Service
CVE Name:
CAN-2004-0830
|
Low |
SB04-259 |
F-Secure
BackWeb 6.31 |
BackWeb Local Privilege Escalation |
High |
SB04-105 |
Full Revolution
aspWebAlbum 3.2, aspWebCalendar 4.5, aspWebHeadlines 1.1, aspWebMail 1.0 |
Full Revolution aspWebCalendar & aspWebAlbum Multiple SQL Injection |
Medium |
SB04-273 |
gadu-gadu.pl
Gadu-Gadu 6.0 build 149 |
Gadu-Gadu Remote Buffer Overflow |
High |
SB04-259 |
gadu-gadu.pl
Gadu-Gadu Instant Messenger 6.0 |
Gadu-Gadu Spoofed File Extension |
Medium |
SB04-245 |
Gadu-Gadu
Instant Messenger 6.0 build 149-build 155, 6.0 |
Gadu-Gadu Multiple Remote Input Validation Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
GameSpy
Roger Wilco Dedicated Server (Linux, BSD) 0.26, 0.27, Dedicated Server (Win32) 0.26-
0.30 a, Graphical Server 1.4.1 .6
GameSpy Roger Wilco Graphical Server 1.4.1 .5
GameSpy Roger Wilco Graphical Server 1.4.1 .1- 1.4.1 .4
|
Roger Wilco Server Multiple Vulnerabilities |
Low/ Medium
(Medium if sensitive informa-tion can be obtained)
|
SB04-105 |
GeeOS Team
Gattaca Server 2003 1.x
|
Gattaca Server 2003 Multiple Vulnerabilities |
Medium |
SB04-203 |
getSolutions
getIntranet 2.2 |
GetIntranet Multiple Remote Input Validation |
Medium/High
(High if arbitrary code can be executed)
|
SB04-259 |
GetWare
PhotoHost 4.0 & prior; WebCam Live 2.01 & prior
|
Web Server Component Content-Length Value Remote Denial of Service |
Low |
|
Global SCAPE, Inc.
Global SCAPE Secure FTP Server 2.0 Build 03.11.2004.2 |
GlobalSCAPE Secure FTP Server SITE Command Remote Buffer Overflow |
High |
SB04-091 |
Global Spy Software
Cyber Web Filter 2.00 |
Global Spy Software Cyber Web Filter IP Address Restriction Security Bypass |
Medium |
SB04-308 |
GlobalSCAPE, Inc.
CuteFTP 6.0 |
GlobalScape CuteFTP Multiple Command Response Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-343 |
GoAhead Software
GoAhead Web Server 2.0, 2.1- 2.1.7 |
GoAhead Webserver Information Disclosure |
Medium |
|
GoodTech Systems
GoodTech Telnet Server 4.0.103 |
GoodTech Telnet Server Remote Denial of Service |
Low |
|
Google
Toolbar 1.1.41-1.1.49, 1.1.53-1.1.60, 2.0.114.1 |
Google Toolbar Input Validation
|
High |
|
Google
Gmail |
Google Gmail 'zx' Variable Input Validation |
High |
SB04-329
|
Google
Google Desktop Search |
Google Desktop Search 'meta' Tag Input Validation |
High |
SB04-308
|
Google
Google Desktop Search |
Google Desktop Search Input Validation |
High |
SB04-322
|
Google
Google Desktop Search prior to 121004 |
Google Desktop Search |
Medium |
SB04-357 |
Green Eggs, Inc.
News TraXor Website Management Script 2.9 beta |
NewsTraXor Remote Database Disclosure |
Medium |
SB04-119 |
H+BEDV
AntiVir DOS 6.28 .00.03, AntiVir Windows Server NT/2000/2003 6.28.01.03, AntiVir Windows Workstation 6.28 .00.01 |
H+BEDV AntiVir Fails to Scan Files Named With MS DOS Device Names |
High |
SB04-301 |
HD Soft
Windows FTD Server 1.6 & prior |
Windows FTP Server Username Format String |
Low/High
(High if arbitrary code can be executed) |
|
Headlight Software, Inc.
GetRight 5.2a & prior |
GetRight 'DUNZIP32.DLL' Buffer Overflow |
High |
SB04-350
SB04-343 |
Hewlett Packard Company
StorageWorks Command View XP 1.7 B, 1.7 A, 1.8 B, 1.8 A, 1.11.02, 1.11, 1.11.1, 1.30 .00, 1.40 .04, 1.40 .01, 1.51 .00, 1.52 .00, 1.53 .05a, 1.53.01a, 1.53 .00, 1.60 .00 |
HP StorageWorks Command View XP Restriction Bypass |
Medium |
SB04-273 |
Hewlett Packard Company
Web Jetadmin 7.5.2456 |
Jetadmin Printer Firmware Update Script Arbitrary File Upload Weakness |
Low/ Medium/ High
(Low if a DoS; Medium is sensitive informa-tion can be obtained; and High if arbitrary code can be executed)
|
SB04-105
SB04-091 |
HostingController
Hosting Controller v.6.1 Hotfix 1.4 |
Hosting Controller 'Statsbrowse.asp' & 'Generalbrowse.asp' Information Disclosure |
Medium |
SB04-343 |
Hummingbird
Hummingbird Connectivity 7.1 and 9.0 |
Hummingbird Connectivity Vulnerabilities |
Medium |
SB04-301 |
HyperionX Software
DCAM WebCam server, 8.2.5 |
DCAM WebCam Server Directory Traversal |
Medium |
|
Iatek
ASPapp Intranet App 2.3, ASPapp Portal App, ASPapp Project App |
Multiple Remote ASPapp Portal Vulnerabilities |
Medium/High
(High if administrative access can be obtained or arbitrary code can be executed) |
|
IBEX Software
Remote Execute 2.x |
IBEX Software Remote Execute Denial of Service |
Low |
SB04-350
SB04-343 |
| IBM
acpRunner 1.2.5 .0
|
IBM ACPRunner ActiveX Control Unsafe Methods
|
High |
SB04-175 |
| IBM
eGatherer 2.0 .16
|
IBM EGatherer ActiveX Control Dangerous Method |
High |
SB04-175 |
| IBM
Lotus Domino 6.5.1
|
IBM Lotus Domino Malicious Email Remote Denial of Service
|
Low |
SB04-189 |
| IBM
Lotus Notes 5.0.12, 6.0, 6.0.1, 6.5
|
IBM Lotus Notes URI Handler Cross-Site Scripting
CVE Name:
CAN-2004-0480
|
High |
SB04-189 |
IBM
3.1 Agent for Windows |
IBM Director Agent Remote Denial of Service
|
Low |
SB04-105 |
IBM
DB2 Universal Database for Windows 8.1 |
DB2 Remote Command Server Administrative Access |
High |
SB04-077 |
IBM
Microsoft Windows XP SP1 OEM Version,
Microsoft Windows XP OEM Version |
IBM OEM Microsoft Windows Default Administrative Account |
High |
|
IceWarp
IceWarp Web Mail prior to 5.3.0 |
IceWarp Web Mail Cross-Site Scripting Vulnerabilities |
High |
SB04-287 |
IceWarp
IceWarp Web Mail prior to 5.2.8 |
IceWarp Web Mail Multiple Unspecified Vulnerabilities |
High |
SB04-231 |
IceWarp
Merak Mail Server 7.5.2 and 7.6.0 with Icewarp Web Mail |
IceWarp Merak Mail Server Multiple Remote Vulnerabilities |
Medium |
SB04-322
SB04-315 |
Ideal Science
IdealBB Multiple 0.1.5.3 |
Ideal Science IdealBB Multiple Input Validation Errors |
High |
SB04-294 |
Illustrate
dBpowerAMP Audio Player 2.0 |
dBpowerAMP Audio Player Buffer Overflows |
High |
SB04-273 |
Illustrate
dBpowerAMP Music Converter 10.0
|
dBpowerAMP Music Converter Buffer Overflows |
Low/High
(High if arbitrary code can be executed)
|
SB04-273 |
Imspire
GSuite |
Imspire GSuite Passwords Disclosure |
Medium |
SB04-308 |
Inari, Inc.
Avirt SOHO 4.3 |
Avirt Soho Server HTTP GET Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Inari, Inc.
Avirt Voice 4.0 |
Avirt Voice HTTP GET Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Infopulse Electronic Commerce B.V.
Proxy-Pro Professional Gate Keeper 4.7 |
Proxy-Pro Professional GateKeeper Web Proxy Remote Buffer Overflow
|
High |
SB04-077 |
Infuseum
Infuseum's ASP Message Board (AMB) 2.2.1c |
Infuseum Input Validation Vulnerabilities |
High |
SB04-322 |
Innermedia
DynaZip prior to version 5.00.04 |
InnerMedia DynaZip library Buffer Overflow |
High |
SB04-336 |
Innovative Technology Consulting
FTP GLIDE 2.43 |
FTP GLIDE Discloses Passwords to Local Users |
Medium |
SB04-217 |
Interactive Studio
GamePort 3.0, 3.1, 4.0 |
Interactive Studio GamePort Multiple Vulnerabilities
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
Internet Now!
Proxy Now! 2.75 & prior |
ProxyNow Multiple Buffer Overflows |
High |
CyberNotes-2004-03 |
Internet Security Systems
BlackICE 3.6.cbz |
BlackICE PC Protection ‘blackd.exe’ Code Execution |
High |
CyberNotes-2004-03 |
Internet Security Systems
BlackICE PC Protection 3.6, ccg, ccf, cce, ccd, ccc, ccb, cca, cbz, cbr, cbd, cbz, BlackIce Server Protection 3.5 cdf, 3.6, ccg,
Internet Security Systems BlackIce Server Protection 3.6 ccf, cce, ccd, ccc, ccb, cca, cbz, cbr
|
BlackICE PC/Server Protection Weak Default Configuration |
Medium |
SB04-091 |
Internet Security Systems
Real Secure Network 7.0, XPU 22.11& prior, Server Sensor 7.0 XPU 22.11 & prior, 6.5 for Windows SR 3.10 & prior, Proventia A & G Series XPU 22.11 & prior, M Series XPU 1.9 & prior, Real Secure Desktop 7.0 ebl & prior, 3.6 ecf & prior, Real Secure Guard 3.6 ecf & prior, Real Secure Sentry 3.6 ecf & prior, BlackICE Agent for Server 3.6 ecf & prior, BlackICE PC Protection 3.6 ccf & prior, BlackICE Server Protection 3.6 ccf & prior |
Internet Security Systems Protocol Analysis Module
Remote Buffer Overflow
|
High |
SB04-105
SB04-091 |
iNvicta
wMCam Server 2.1.348 |
WMCam Server Remote Denial of Service
|
Low |
SB04-077 |
| INweb Mail Server 2.x |
INweb Mail Server Multiple Connection Denial of Service Vulnerability |
Low |
SB04-203 |
IPSwitch
IMail 5.0, 5.0.5-5.0.8, 6.0-6.0.6, 6.1-6.4, 7.0.1-7.0.7, 7.1, 7.12, 8.0.3, 8.0.5, 8.1 |
Ipswitch IMail Server Multiple Buffer Overflow Remote Denial of Service |
Low/High
(High if arbitrary code can be executed)
|
SB04-252 |
Ipswitch
IMail 8.13 |
Ipswitch IMail Server Remote Buffer Overflow |
High |
SB04-329
SB04-322 |
Ipswitch
WhatsUp Gold 7.0 4, 7.0 3, 7.0, 8.0 3, 8.0 1, 8.0 |
|
High |
SB04-287
SB04-245 |
IPSwitch
WhatsUp Gold 7.0 4, 7.0 3, 7.0, 8.03 hotfix 1, 8.03, 8.0 1, 8.0 |
WhatsUpGold Web Interface Vulnerabilities |
Low/High
(High if arbitrary code can be executed)
|
SB04-252 |
IPSwitch
WS FTP Server 1.0.1- 1.0.5, 2.0-2.0.4, 3.0, 3.0.1, 3.1-3.1.3, 3.4, 4.0-4.0.2 |
WS_FTP Server Remote Denial of Service |
Low |
|
IpSwitch
IMail 8.0.3, 8.0.5 |
IMail Server Remote LDAP Daemon Buffer Overflow
|
High |
SB04-077
SB04-058 |
IpSwitch
IMail Express 8.0 3 |
IMail Express Web Messaging Buffer Overflow |
High |
SB04-119 |
IpSwitch
WS FTP Server 1.0.1- 1.0.5, 2.0- 2.0.4, 3.0, 3.01, 3.1- 3.1.3, 3.4, 4.0-4.02, WS_FTP Pro 6.0, 7.5, 8.0 2, 8.0 3 |
WS_FTP Multiple Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-091 |
IPSwitch
WS FTP Server 5.0.2 |
IPSwitch WS_FTP Remote Denial of Service |
Low |
SB04-252 |
IpSwitch
WS_FTP Pro 8.0 3 |
WS_FTP Pro Client Remote Buffer Overflow
|
High |
SB04-091 |
IpSwitch
WS_FTP Pro 8.0 3,
WS_FTP Pro 8.0 2
|
WS_FTP Pro Client Remote Buffer Overflow |
High |
SB04-091 |
IpSwitch
WS_FTP Server 5.03, 2004.10.14 |
IpSwitch WS_FTP Buffer Overflow |
High
|
SB04-350
SB04-343
SB04-336 |
itez Multimedia Solutions
Picophone Internet Telephone 1.63 |
PicoPhone Internet Phone Remote Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-091 |
Jera Technology
Flash Messaging 5.2.0g (rev 1.1.2) and prior |
Jera Technology Flash Messaging Denial of Service |
Low |
SB04-287 |
Jerod Moemeka
Xedus 1.0 |
Xedus Web Server Input Validation Vulnerabilities |
Low/Medium/High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
SB04-252 |
Jigunet Corporation
Twin FTP Server 1.x |
TwinFTP Server Directory Traversal |
Medium |
SB04-259 |
Jordan Stojanovski
Jordan’s Windows Telnet Server 1.0, 1.2 |
Jordan Windows Telnet Server Remote Buffer Overflow |
High |
|
KarjaSoft
Sami FTP Server 1.1.3 |
Sami FTP Server Multiple Remote Denial of Service
|
Low |
SB04-058 |
KarjaSoft
Sami HTTP Server 1.0.4 |
Sami HTTP Server GET Request Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
Kaspersky Lab
KAV 5.0.149, 5.0.153
|
Kaspersky Anti-Virus Authentication Bypass |
Medium |
SB04-280 |
Keene Software Corporation
Keene Digital Media Server 1.0.2 |
Keene Digital Media (KDM) Server Multiple Vulnerabilities |
Medium |
SB04-231 |
Keene Software Corporation
Keene Digital Media Server 1.0.2 |
Keene Digital Media Server Cross-Site Scripting |
High |
SB04-252 |
Keene Software Corporation
Keene Digital Media Server 1.0.2 |
Keene Digital Media Server Directory Traversal |
Medium |
SB04-245 |
Kerio Technologies Inc.
Kerio Personal Firewall 4.0.6-4.0.10, 4.0.16 |
Kerio Personal Firewall Security Bypass |
Medium |
SB04-252 |
Kerio Technologies Inc.
Kerio Personal Firewall 4.1.2 and prior |
Kerio Personal Firewall Remote Denial of Service |
Low |
SB04-322
SB04-315 |
Kerio Technologies Inc.
Personal Firewall 4.0.6-4.0.10, 4.0.16, 4.1-4.1.2, Personal Firewall 2 2.1-2.1.5 |
Kerio Personal Firewall Local Denial of Service |
Low |
SB04-350 |
Kerio Technologies
Kerio Personal Firewall 4.0.6- 4.0.9 |
Kerio Personal Firewall TCP Stealth Scans |
Medium |
|
Kerio Technologies
Mail server 5.7.0- 5.7.6 |
Kerio MailServer Spam Filter Buffer Overflow |
High |
SB04-091 |
Kerio Technologies
Mailserver 5.0, 5.1, 5.1.1, 5.6.3-5.6.5, 5.7.0-5.7.10, 6.0-6.0.4, ServerFirewall 1.0, WinRoute Firewall 5.0.1-5.0.9, 5.1-5.1.10, 5.10, 6.0-6.0.8 |
Multiple Kerio Products Universal Secret Key Storage
CVE Name:
CAN-2004-1022
|
Medium |
SB04-357 |
Kerio Technologies
Personal Firewall 4.0.6- 4.0.10
|
Kerio Personal Firewall Web Filtering Remote Denial of Service |
Low |
SB04-105 |
Kerio Technologies
WinRoute Firewall 5.0.1- 5.0.9, 5.1-5.1.9 |
WinRoute Firewall Malformed HTTP Header Denial of Service |
Low |
SB04-091 |
Kerio
WinRoute Firewall 6.0-6.0.8 |
Kerio WinRoute Firewall Multiple Unspecified Remote
|
Low/Medium
(Medium if sensitive information can be obtained)
|
SB04-350 |
Kinesphere Corporation
eXchange POP3 4.0, 5.0 |
Exchange POP3 Remote Buffer Overflow |
High |
SB04-133
SB04-119 |
Kingsoft
XDICT 2002, 2003, 2004, 2005 |
Kingsoft XDICT Word Translation Buffer Overflow |
High |
SB04-308
|
Kroum Grigorov
KpyM Telnet Server 1.05 & prior |
KpyM Telnet Server Remote Denial of Service |
Low |
|
LANDesk Software
LANDesk 8 |
LANDesk Error Permits Remote Users to Cause a Denial of Service |
Low |
SB04-301 |
LANDesk Software
LANDesk Management Suite 6.x, 7.x, 8.x |
LANDesk Management Suite Remote Buffer Overflow |
High |
|
Layton Technology
HelpBox 3.0.1 |
Layton HelpBox Multiple SQL Injection Vulnerabilities |
High |
SB04-217 |
LeadMind Development
PopMessenger 1.60 |
LeadMind Pop Messenger Remote Denial of Service |
Low |
SB04-273 |
Leigh Business Enterprises Ltd.
LBE Web HelpDesk 4.0.80 |
LBE Web HelpDesk SQL Injection |
Medium |
SB04-217 |
LionMax Software
WWW File Share Pro 2.46 |
WWW File Share Pro Remote Denial of Service |
Low |
|
LionMax Software
WWW File Share Pro 2.46 & prior |
WWW File Share Pro Multiple Remote Vulnerabilities |
Low/ Medium
(Medium if files can be overwritten or access controls bypassed) |
|
LionMax Software
Chat Anywhere 2.72 |
Chat Anywhere Input Validation |
Medium |
SB04-077 |
Loom Software
SurfNow 2.2 |
SurfNow Remote HTTP GET Request Denial of Service |
Low |
CyberNotes-2004-03 |
L-Soft
LIST SERV 1.x |
Listserv Multiple Cross-Site Scripting Vulnerabilities |
High |
|
LucasArts
Star Wars Battlefront 1.11 |
LucasArts Star Wars Battlefront Game Server Remote Denials of Service |
Low |
SB04-336 |
Mabry Software
FTP Server/X 1.00.050 |
FTPServer/X Controls Vulnerabilities |
Low/High
(High if arbitrary code can be executed) |
|
Macallan Mail Solution
Macallan Mail Solution 2.8.4.6 (Build 260) |
Macallan Mail Solution Authentication Bypass |
Medium |
SB04-058 |
MailEnable Pty. Ltd.
MailEnable 1.8, 1.71, 1.72, Professional 1.2 a, 1.2, 1.18, 1.19 |
MailEnable DNS Remote Denial of Service |
Low |
SB04-259 |
MailEnable Pty. Ltd.
MailEnable Professional 1.x |
MailEnable Professional Denial of Service Vulnerabilities |
Low |
SB04-294 |
MailEnable Pty. Ltd.
MailEnable Professional Edition v1.52, MailEnable Enterprise Edition v1.01 |
MailEnable Stack Overflow & Pointer Overwrite |
High |
SB04-350
SB04-336 |
MailEnable Pty. Ltd.
MailEnable Professional prior to version 1.51 |
MailEnable Professional Unspecified Webmail |
Low |
SB04-308
|
Martin Prikryl
WinSCP 3.5.6 |
WinSCP Remote Denial of Service
|
Low |
SB04-119 |
| Masato Kataoka
Orenosv HTTP/FTP Server 0.5.9 f, 0.5.9e, 0.5.9 c
|
Orenosv HTTP/FTP Server Remote Denial of Service
|
Low |
SB04-161 |
Massive Entertainment
Ground Control II 1.0 .0.7 |
Ground Control II Remote Denial of Service |
Low |
SB04-245 |
Mavel d.o.o. Software Company
ShixxNote 6.net |
Mavel ShixxNote 6.net Buffer Overflow in Font Field |
High |
SB04-301
SB04-294 |
Mbedthis Software
AppWeb 1.x |
AppWeb HTTP Server Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
McAfee
ePolicy Orchestrator 2.5, SP1, 2.5.1, 3.0, SP2a |
ePolicy Orchestrator Undisclosed Command Execution
CVE Name:
CAN-2004-0038
|
High |
SB04-119 |
McAfee
ePolicy Orchestrator 3 |
|
Low/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
McAfee
FreeScan |
FreeScan CoMcFreeScan Browser Information Disclosure |
Medium |
SB04-105 |
McAfee
FreeScan |
McFreeScan Module System Information Disclosure |
Medium |
SB04-105 |
McAfee
Security Installer Control System 4.0 .0.81 |
Security Installer Control System ActiveX Information Disclosure |
Medium |
SB04-133 |
McAfee
VirusScan 4.5, 4.5.1 |
McAfee VirusScan Arbitrary Code Execution |
High |
|
| McMurtrey/ Whitaker & Associates
Cart32 2.5 a, 2.6, 3.0, 3.1, 3.5 a Build 710, 3.5 a, 3.5 Build 619, 3.5, 4.4, 5.0
|
McMurtrey/ Whitaker & Associates Cart32
Cross-Site Scripting
|
High |
SB04-189 |
Merak Mail Server, Inc.
Merak Mail Server 7.4.5 |
Merak Mail Server Webmail Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-245 |
Microsoft
|
Internet Explorer Bitmap Processing Integer Overflow |
High |
SB04-058 |
Microsoft
Internet Explorer 6 |
HijackClick 3 |
High |
SB04-203 |
Microsoft
MS Windows 2000 SP 2, 3, and 4; XP and XP SP1; XP 64-Bit Edition SP 1 |
Microsoft Windows Task Scheduler Vulnerability
CVE Name:
CAN-2004-0212 |
High |
SB04-231 |
Microsoft
Exchange Server 2003 |
Exchange Server 2003 Outlook Web Access
CVE Name:
CAN-2003-0904 |
Medium |
|
Microsoft
Exchange Server 5.5, SP1-SP4, Exchange Server 2000, SP1&SP2 |
Outlook Web Access Cross Site Scripting |
High |
|
Microsoft
INTERIX 2.2 |
POSIX Vulnerability Could Allow Code Execution
CVE Name:
CAN-2004-0210 |
|
SB04-231 |
Microsoft
Internet Explorer |
Microsoft Internet Explorer IFRAME Elements Interpretation |
Medium |
SB04-315 |
Microsoft
Internet Explorer (IE) 6 on Windows XP SP2 and Windows 2000 |
Microsoft IE Custom 404 Error Message & execCommand SaveAs File Download |
High |
SB04-357
SB04-329 |
Microsoft
Internet Explorer 5.0, 5.0.1, SP1-SP3, 5.5, SP1&SP2 6.0, SP1 |
Internet Explorer Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed) |
|
Microsoft
Internet Explorer 5.0, 5.0.1, SP1-SP3, 5.5, SP1&SP2, 6.0, SP1 |
Internet Explorer File Download Warning Bypass |
High |
|
Microsoft
Internet Explorer 5.0, 5.0.1, SP1-SP3, 5.5, SP1&SP2, 6.0, SP1, Outlook Express 4.0 1 SP2, 4.0, 4.27.3110, 4.72.2106, 4.72.3120, 4.72.3612. 5.0 1, 5.0, 5.5, 6.0, Outlook XP, Mozilla Browser 1.2.1 |
Multiple Browser URI Display Obfuscation |
Medium |
|
Microsoft
Internet Explorer 5.01, 5.5., 6.0
|
Internet Explorer ‘showHelp’ Directory Traversal |
High |
|
Microsoft
Internet Explorer 6.0 & prior |
Internet Explorer ‘.lnk’ Processing |
High |
|
Microsoft
Internet Explorer 6.0 SP1 on
Microsoft Windows XP SP1 |
Microsoft Internet Explorer Cookie Path Attribute |
Low |
SB04-329 |
Microsoft
Internet Explorer 6.0 with Windows XP SP2 |
Microsoft Internet Explorer 'Save Picture As' Image Download Spoofing
|
Medium |
SB04-336 |
Microsoft
Internet Explorer 6.0, SP1 |
Microsoft Internet Explorer Sysimage Protocol Handler Information Disclosure |
|
SB04-350 |
Microsoft
Internet Explorer 6.0, SP1&2, Windows XP 64-bit Edition SP1,
Windows XP 64-bit Edition, 64-bit Edition Version 2003, SP1, XP Embedded, SP1, XP Home, SP1&2, XP Media Center Edition, SP1&2, XP Professional, SP1&2, XP Tablet PC Edition |
Microsoft Internet Explorer Drag & Drop |
|
SB04-343 |
Microsoft
Internet Explorer 6.0, SP1&SP2 |
Microsoft Internet Explorer Infinite Array Sort Denial of Service
|
Low |
SB04-336 |
Microsoft
Internet Explorer 6.0, SP1&SP2 |
Microsoft Internet Explorer DHTML Edit Control Script Injection
|
High |
SB04-357 |
Microsoft
Internet Information Services (IIS) 5.0 |
IIS ‘HTTP 'TRACK' Requests |
Medium |
|
Microsoft
Internet Security & Acceleration Server 2000, Small Business Server 2000, Small Business Server 2003 |
ISA Server 2000 H.323 Filter Remote Buffer Overflow
CVE Name:
CAN-2003-0819 |
High |
|
Microsoft
ISA Server 2000, Proxy Server 2.0 |
|
Medium |
SB04-343
SB04-329
SB04-322
SB04-315
|
Microsoft Java Virtual Machine
version 5.0.0.3810 |
Microsoft Java Virtual Machine Cross-Site Communication Vulnerability |
Low |
SB04-203 |
Microsoft
Microsoft Data Access Component (MDAC0 2.5-2.8 |
MDAC Function Buffer Overflow
CVE Name:
CAN-2003-0903 |
Low/High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03
CyberNotes-2004-02
|
Microsoft
Office 97, 2002, XP, 2003 Student & Teacher Edition, 2003 Standard Edition, 2003 Small Business Edition, 2003 Professional Edition, Word , 97, 2000, 2002, XP, 2003 |
Microsoft Office Security Feature Bypass |
Medium |
|
Microsoft
SharePoint Portal Server SP3, 2003, 2001 SP3
Microsoft SharePoint Portal Server 2001, SP1-SP2A |
Microsoft Office SharePoint Portal Server Information Disclosure |
Medium |
SB04-350 |
Microsoft
Small Business Server 2000, 2003, Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, 2000 Server Japanese Edition, 2003 Datacenter Edition, 64-bit,
2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition, XP 64-bit Edition, SP1, XP 64-bit Edition Version 2003, SP1, XP Embedded. SP1, XP Embedded,
XP Professional, SP1&SP2l |
Microsoft NTP Time Synchronization Spoof |
Low |
SB04-245 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, Data center Server, SP1-SP4, Professional, SP1-SP4, 2000 Server, SP1-SP4, Windows ME, NT Enterprise Server 4.0, SP1- SP6a, NT Terminal Server 4.0, SP1- SP6a, NT Work-station 4.0, SP1-SP6a, 2003 Data center Edition, 64-bit, 2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition, XP 64-bit Edition, SP1, XP Home, SP1, XP Professional, SP1
|
Messenger Service Buffer Overflow
CVE Name:
CAN-2003-0717 |
High |
|
Microsoft
Windows CE 2.0, 3.0, 4.2 |
Microsoft Windows CE KDatastruct Information Disclosure |
Medium |
|
Microsoft
Windows Media Player 9.0 |
Windows Media Player ActiveX Control Media File Attribute Corruption |
Medium/High |
SB04-357 |
Microsoft
Windows XP Home SP1;
Microsoft Windows XP Home;
Microsoft Windows XP Professional SP1;
Microsoft Windows XP Professional |
Microsoft Windows XP Explorer.EXE TIFF Image Denial of Service |
Low |
|
Microsoft
Hotmail HTML |
Hotmail HTML Comment Condition Lets Remote Users Conduct Cross-Site Scripting Attacks |
High |
SB04-203 |
Microsoft
Internet Explorer 6 |
Microsoft Internet Explorer Same Name Javascript Bug |
High |
SB04-203 |
Microsoft
Microsoft Systems Management Server (SMS) 2.50.2726.0 |
Microsoft Systems Management Server Remote Control Service Vulnerability |
Medium |
SB04-217 |
Microsoft
MS Internet Explorer 5.01, 5.5, 6
|
Microsoft Internet Explorer Multiple Vulnerabilities |
High |
SB04-203 |
Microsoft
MS Windows 2000 SP 2, 3, and 4 |
|
High |
SB04-203 |
Microsoft
MS Windows 2000 SP 2, 3, and 4; XP and XP SP1; XP 64-Bit Edition SP 1 |
|
High |
SB04-203 |
Microsoft
MS Windows NT® Workstation 4.0 SP; MS Windows NT Server |
|
High |
SB04-203 |
Microsoft
MSN Messenger 6.x
Microsoft Word 2002 |
Microsoft Products Fail to Restrict "shell:" Access |
Medium |
SB04-203 |
| Microsoft
Internet Explorer 5.0- 6.0
|
Microsoft Internet Explorer http-equiv Meta Tag Denial of Service Vulnerability |
Low |
SB04-147 |
| Microsoft
Internet Explorer 5.0, 5.0 for Windows NT 4.0, 98, 95, 2000, 5.0.1, SP1-SP4, 5.0.1 for Windows NT 4.0, 98, 95, 2000, 5.5, SP1&SP2, preview, 6.0, SP1
|
Internet Explorer Wildcard DNS Cross-Site Scripting |
High |
SB04-175 |
| Microsoft
Internet Explorer 5.0, 5.0.1, SP1-SP4, 5.5, SP1&SP2, 6.0, SP1
|
Microsoft Internet Explorer Non-FQDN URI |
High |
SB04-189 |
| Microsoft
Internet Explorer 5.0.1, SP1-SP4, 5.5, SP1&SP2, 6.0, SP1
|
Microsoft Internet Explorer Cross-Domain Frame Loading |
Medium |
SB04-189 |
| Microsoft
Internet Explorer 5.0-6.0
|
Microsoft Internet Explorer CSS Style Sheet Memory Corruption Vulnerability |
Low |
SB04-147 |
| Microsoft
Internet Explorer 5.5 SP1&SP2, 6.0, SP1
|
Microsoft Internet Explorer ADODB.Stream Object File Installation |
High |
SB04-189 |
| Microsoft
Internet Explorer 5.5 SP2, SP1, 5.5, 6.0 SP1, 6.0
|
Microsoft Internet Explorer Interface Spoofing Vulnerability |
Low |
SB04-147 |
| Microsoft
Internet Explorer 5.5, SP1&SP2, 6.0, SP1
|
Microsoft Internet Explorer Shell.Application Object Script Execution |
High |
SB04-189 |
| Microsoft
Internet Explorer 6.0 SP1
|
Internet Explorer URL Local Resource Access |
Medium |
SB04-161 |
| Microsoft
Internet Explorer 6.0 SP1
|
Microsoft Internet Explorer Double Backslash CHM File Execution Weakness |
Low/High
(High if arbitrary code can be executed)
|
SB04-147 |
| Microsoft
Internet Explorer 6.0, SP1
|
Internet Explorer Modal Dialog Zone Bypass
CVE Name:
CAN-2004-0549
|
High |
SB04-175
SB04-161 |
| Microsoft
Internet Explorer 6.0, SP1
|
Internet Explorer HREF ‘Save As’ Remote
Denial of Service
|
Low |
SB04-175 |
| Microsoft
Microsoft Windows XP Home SP1
Microsoft Windows XP Home
Microsoft Windows XP Professional SP1
Microsoft Windows XP Professional
|
Microsoft Windows XP Self-Executing Folder Vulnerability |
High |
SB04-147 |
| Microsoft
Outlook 2003
|
Microsoft Outlook 2003 Media File Script Execution Vulnerability |
High |
SB04-161
SB04-147 |
| Microsoft
Outlook Express 6.0
|
Microsoft Outlook Express URI Obfuscation Vulnerability |
Low |
SB04-147 |
| Microsoft
Visual Studio .Net
Microsoft Outlook 2003, Office 2003 Small Business Edition, 2003 Professional Edition,
Microsoft Business Solutions CRM 1.x
|
Crystal Reports Web Viewer Directory Traversal
CVE Name:
CAN-2004-0204
|
Medium/
Low
(Medium if sensitive information can be obtained)
|
SB04-161 |
| Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4
|
Windows 2000 Domain Expired Account Security Policy Violation |
Medium |
SB04-161 |
| Microsoft
Windows 2000 Datacenter Server, Advanced Server, Professional, 2000 Server, Windows 98/SE/ME, Windows Server 2003 Datacenter Edition, Enterprise Edition, Standard Edition, Web Edition, XP Home Edition, XP Professional
|
Microsoft DirectX DirectPlay Input Validation Remote Denial of Service
CVE Name:
CAN-2004-0202
|
Low |
SB04-161 |
| Microsoft
Windows NT Work-station 4.0 SP6a, NT Server 4.0 SP6a, 4.0, Terminal Server Edition SP6, Windows 2000, SP2-SP4, XP, SP1, XP 64-Bit Edition, SP1, 64-Bit Edition Version 2003, Windows Server™ 2003, 2003 64-Bit Edition, Net-Meeting, Windows 98, SE, ME;
Avaya Definity One Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers
Avaya Definity One Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers
|
|
High/ Medium/ Low/
(Low if a DoS; Medium if elevated privileges obtained; and High if arbitrary code can be executed)
|
SB04-175
SB04-133
SB04-119
SB04-105 |
| Microsoft
Windows XP and Windows XP Service Pack 1, Windows XP 64-Bit Edition Service Pack 1, Windows XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition
|
Vulnerability in Help and Support Center Could Allow Remote Code Execution |
High |
SB04-147 |
Microsoft
2000 Advanced Server, SP1-SP3, Data-center Server, SP1-SP3, Professional, SP1-SP3, Server, SP1-SP3, Windows 98, 98SE, NT Enterprise Server 4.0, SP1-SP6a, Server 4.0, SP1-SP6a, Terminal Server 4.0, SP1-SP6, Work-station 4.0, SP1-SP6a, Server 2003 Data center Edition, 64-bit, 2003 Enterprise Edition, 64-bit, Standard Edition, Web Edition, XP 64-bit Edition, SP1, 64-bit Edition Version 2003, SP1, Home, SP1, Media Center Edition, Professional SP1 |
Microsoft ASN.1 Library Multiple Stack-Based
Buffer Overflows
|
High |
SB04-077 |
Microsoft
ASP 3.0, ASP.NET 1.0, 1.1 |
ASP.NET Malformed HTTP Request Information Disclosure |
Medium |
SB04-133 |
Microsoft
ASP.NET 1.x |
|
Medium |
SB04-287 |
Microsoft
asycpict.dll in Windows (Me), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (2003), Windows (XP) |
Microsoft Operating System 'asycpict.dll' Denial of Service |
Low |
SB04-294 |
Microsoft
Cabarc |
Microsoft Cabarc Directory Traversal Flaw Allows Remote File Creation |
Medium |
SB04-294 |
Microsoft
Exchange Server 5.5, 2000;
SQL Server 7.0, 2000;
Windows NT 4.0, 2000
|
Windows Malformed RPC Request Denial of Service
CVE Name:
CAN-2001-0509
|
Low |
SB04-119 |
Microsoft
Exchange Server 5.5, 5.5SP1-4, 2000 Advanced Server 0.0, 0.0SP1& 2, Data-center Server 0.0, 0.0SP1& 2, Professional 0.0, 0.0SP1& 2, 2000 Server 0.0, 0.0SP1&2 |
Microsoft Windows SMTP Service Authentication
CVE Name:
CAN-2002-0054
|
Medium |
SB04-119 |
Microsoft
Exchange Server 5.5, SP1-SP4 Exchange 2000 Server, SP1-SP3 |
|
High |
SB04-119 |
Microsoft
Internet Explorer |
Microsoft Internet Explorer Incorrect URL Display |
Medium |
SB04-294 |
Microsoft
Internet Explorer |
Microsoft Internet Explorer FRAME, IFRAME, and EMBED Elements Buffer Overflow |
High |
SB04-315 |
Microsoft
Internet Explorer 5.0, 5.0.1, SP1-SP4, 5.5, SP1&SP2, 6.0, SP1 |
Internet Explorer Remote Denial of Service
|
Low |
SB04-133 |
Microsoft
Internet Explorer 5.0, 6.0, SP1 |
Internet Explorer Resource Detection |
Medium |
SB04-245 |
Microsoft
Internet Explorer 5.0.1, SP1-SP4, 5.0.1 for Windows NT 4.0/98/95/2000, 5.5, SP1&SP2, preview, 6.0, SP1&SP2, Internet Explorer Macintosh Edition 5.2.3 |
Microsoft Internet Explorer Remote Window Hijacking
CVE Name:
CAN-2004-1155
|
Medium |
SB04-350 |
Microsoft
Internet Explorer 5.0.1, SP1-SP4, 5.5, preview, SP1&SP2, 6.0, SP1 |
Internet Explorer CHM File Processing Remote
Arbitrary Code Execution
CVE Name:
CAN-2004-0380
|
High |
SB04-105
SB04-058 |
Microsoft
Internet Explorer 5.0.1, SP1-SP4, 5.5, SP1&SP2, 6.0, SP1 |
Internet Explorer LoadPicture File Enumeration |
Medium |
SB04-058 |
Microsoft
Internet Explorer 5.01, Internet Explorer 6, Internet Explorer 6.0 for Windows Server 2003, Internet Explorer 6.0 for Windows XP Service Pack 2, Windows 98, Windows 98 SE, Windows ME, Internet Explorer 5.5; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0, S3400 Message Application Server, S8100 Media Servers |
Microsoft Internet Explorer Security Update
CVE Names:
CAN-2004-0842
CAN-2004-0727
CAN-2004-0216
CAN-2004-0839
CAN-2004-0844
CAN-2004-0843
CAN-2004-0841
CAN-2004-0845 |
High |
SB04-343
SB04-322
SB04-294
SB04-287 |
Microsoft
Internet Explorer 5.01, SP1-SP4, 5.5, SP3, 6.0, 6.0 for Windows Server 2003, 64-Bit Edition, 6.0, SP1, SP1 64-Bit Edition |
|
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
Microsoft
Internet Explorer 5.5, preview, SP1&SP2, 6.0 SP1 |
Internet Explorer Bitmap File Processing Denial of Service |
Low |
SB04-119 |
Microsoft
Internet Explorer 5.5, SP1&SP2, 6.0, SP1 |
Internet Explorer Cross-Domain Event Leakage |
Medium |
SB04-077 |
Microsoft
Internet Explorer 5.5, SP1&SP2. 6.0, SP1 |
Internet Explorer Drag & Drop File Installation
CVE Name:
CAN-2004-0839
|
High |
SB04-280
SB04-259
SB04-245 |
Microsoft
Internet Explorer 6 |
Microsoft Internet Explorer FTP URL Processing Input Validation |
High |
SB04-343 |
Microsoft
Internet Explorer 6 |
|
High |
SB04-315
SB04-301 |
Microsoft
Internet Explorer 6, Microsoft Outlook Express 6 |
Internet Explorer Flash Content Status Bar Spoofing |
Medium |
SB04-322 |
Microsoft
Internet Explorer 6, Microsoft Outlook Express 6 |
Microsoft Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing |
Low |
SB04-308 |
Microsoft
Internet Explorer 6.0 |
Microsoft Internet Explorer 'res:' URI Handler File Identification |
Medium |
SB04-322 |
Microsoft
Internet Explorer 6.0 |
Internet Explorer ‘CLSID’ File Extension |
High |
CyberNotes-2004-03 |
Microsoft
Internet Explorer 6.0 |
Microsoft Internet Explorer Font Tag Denial of Service |
Low |
SB04-308 |
Microsoft
Internet Explorer 6.0 SP1 |
Internet Explorer MHTML Content-Location Cross Security Domain Scripting |
High |
SB04-245 |
Microsoft
Internet Explorer 6.0 SP1, Microsoft Internet Explorer 6.0; Avaya DefinityOne Media Servers R6-12, IP600, Media Servers R6-R12, IP600 Media Servers, Avaya Modular Messaging S3400, S3400 Message Application Server,
S8100 Media Servers R6-R12 |
Microsoft Internet Explorer Malformed IFRAME Remote Buffer Overflow
CVE Name:
CAN-2004-1050
|
Low/High
(High if arbitrary code can be executed)
|
SB04-350
SB04-343
SB04-315
SB04-308 |
Microsoft
Internet Explorer 6.0 SP2 |
Microsoft Internet Explorer User Security Confirmation Bypass |
Medium |
|
Microsoft
Internet Explorer 6.0 SP2 |
Microsoft Internet Explorer HHCtrl ActiveX Control Cross-Domain Scripting |
High |
SB04-364
SB04-308 |
Microsoft
Internet Explorer 6.0, SP1 |
Internet Explorer Object Element Data
Denial of Service
|
Low |
SB04-119 |
Microsoft
Internet Explorer 6.0, SP1 |
Internet Explorer Remote IFRAME Remote
Denial of Service
|
Low |
SB04-105 |
Microsoft
Internet Explorer 6.0, SP1 |
Internet Explorer MSWebDVD Object Remote
Denial of Service |
Low |
SB04-105 |
Microsoft
Internet Explorer 6.0, SP1 |
Internet Explorer SSL Icon Error
|
Medium |
SB04-133 |
Microsoft
Internet Explorer 6.0, SP1&SP2 |
Microsoft Internet Explorer XML Documents Remote Access |
Medium |
SB04-287 |
Microsoft
Internet Explorer 6.0, SP1&SP2
|
Microsoft Internet Explorer Search Pane URI Obfuscation |
Medium |
SB04-350 |
Microsoft
Internet Explorer 6.0, SP-1, Outlook 2002 SP1&SP2, 2003 |
Internet Explorer Double-Null Character
Remote Denial of Service
|
Low |
SB04-058 |
Microsoft
Internet Explorer 6.0, SP1, Outlook 2003,Outlook Express |
Internet Explorer HTML Form Status Bar Misrepresentation |
Medium |
SB04-105 |
Microsoft
Internet Explorer with SP2 |
Microsoft Internet Explorer File Download Restriction Bypass |
High |
SB04-329
|
Microsoft
Microsoft .NET Framework 1.x, Digital Image Pro 7.x, 9.x, Digital Image Suite 9.x, Frontpage 2002, Greetings 2002, Internet Explorer 6, Office 2003 Professional Edition, 2003 Small Business Edition, 2003 Standard Edition, 2003 Student and Teacher Edition, Office XP, Outlook 2002, 2003, Picture It! 2002, 7.x, 9.x, PowerPoint 2002, Producer for Microsoft Office PowerPoint 2003, Project 2002, 2003, Publisher 2002, Visio 2002, 2003, Visual Studio .NET 2002, 2003, Word 2002;
Avaya DefinityOne Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers; Avaya DefinityOne Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers |
Microsoft JPEG Processing Buffer Overflow
CVE Name:
CAN-2004-0200
|
High |
SB04-350
SB04-287
SB04-273
SB04-266
|
Microsoft
Microsoft Exchange Server 5.5 |
Malformed MIME Header |
Low |
SB04-119 |
Microsoft
Microsoft Exchange Server 5.5 SP4 |
Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting and Spoofing Attacks
CVE Name:
CAN-2004-0203 |
High |
SB04-231 |
Microsoft
Microsoft Internet Explorer 5.01, 5.5, 6 |
Internet Explorer Address Bar Spoofing Vulnerability |
Medium |
SB04-231 |
Microsoft
Microsoft Office 2000 SP3, Word 2000, FrontPage 2000, Publisher 2000, Office XP SP3,Word 2002, FrontPage 2002, Publisher 2002, Office 2003, Word 2003, FrontPage 2003, Publisher 2003, Microsoft Works Suites, Works Suite 2001, 2002, 2003, 2004, |
Microsoft Office WordPerfect Converter Buffer Overflow
CVE Name:
CAN-2004-0573
|
High |
SB04-259 |
Microsoft
Microsoft Office Visio 2002 Viewer
Microsoft Office PowerPoint 2003 Viewer, Microsoft Office Visio 2003 Viewer |
Microsoft PowerPoint / Visio Viewer JPEG Processing Buffer Overflow |
High |
SB04-294 |
Microsoft
Microsoft Remote Desktop on Windows XP prior to SP2 |
Microsoft Remote Desktop on Windows XP Denial of Service |
Low |
SB04-308 |
Microsoft
MS Outlook Express 5.5 SP 2, 6, 6 SP1, 6 SP1 (64 bit Edition), 6 on Windows Server 2003, 6 on Windows Server 2003 (64 bit edition) |
Malformed E-mail Header Vulnerability
CVE Name:
CAN-2004-0215 |
Low |
SB04-203 |
Microsoft
MS Windows 2000 Service Pack 2, 3 and 4;
MS Windows XP and XP SP 1;
MS Windows XP 64-Bit Edition SP 1;
MS Windows XP 64-Bit Edition Version 2003;
MS Windows Server™ 2003;
MS Windows Server 2003 64-Bit Edition;
MS Windows 98, MS Windows 98 Second Edition (SE), and MS Windows Millennium Edition (Me) |
|
High |
SB04-203 |
Microsoft
MS Windows NT Workstation 4.0 SP 6a; MS Windows NT Server 4.0 SP 6a; MS Windows NT Server 4.0 Terminal Server Edition SP 6; MS Windows 2000 SP2, SP3, SP4; MS Windows XP / XP SP1; MS Windows XP 64-Bit Edition SP1; MS Windows XP 64-Bit Edition Version 2003; MS Windows Server 2003 / 2003 64-Bit Edition; MS Windows 98, 98 SE, and Me: Internet Explorer 5.01 SP2, 3, 4: Internet Explorer 5.5 SP2: Internet Explorer 6, SP1, SP1 (64-Bit Edition), Windows Server 2003, Windows Server 2003 (64-Bit Edition) |
Cumulative Security Update for Internet Explorer
CVE Name:
CAN-2004-0549
CAN-2004-0566
CAN-2003-1048 |
High |
SB04-217 |
Microsoft
MS Windows NT® Workstation 4.0 SP 6a;
MS Windows NT Server 4.0 SP 6a; MS Windows NT Server 4.0 Terminal Server Edition SP 6;
MS Windows NT® Workstation 4.0 SP 6a and NT Server 4.0 SP 6a with Active Desktop;
MS Windows 2000 SP 2, 3, and 4;
MS Windows XP and MS Windows XP Service Pack 1;
MS Windows XP 64-Bit Edition SP 1; MS Windows XP 64-Bit Edition Version 2003; MS Windows Server™ 2003; MS Windows Server 2003 64-Bit Edition; MS Windows 98, MS Windows 98 Second Edition (SE), and MS Windows Millennium Edition (Me) |
|
High |
SB04-203 |
Microsoft
MS Windows NT® Workstation 4.0 SP 6a;
MS Windows NT Server 4.0 SP 6a;
MS Windows NT Server 4.0 Terminal Server Edition SP 6; Microsoft Windows 2000 Service Pack 2, 3, and 4 |
|
High |
SB04-203 |
Microsoft
MS Works Suite 2003;
MS Word 2000;
MS Outlook 2003;
MS Outlook 2000;
MS Office 2003 Student and Teacher Edition;
MS Office 2003 Standard Edition;
MS Office 2003 Small Business Edition;
MS Office 2003 Professional Edition;
MS Office 2000 |
Microsoft Outlook / Word Object Tag Vulnerability |
High |
SB04-203 |
Microsoft
MSN Messenger Service 6.0, 6.1 |
|
Medium |
SB04-077 |
Microsoft
Office 2000, Excel 2000, Office XP, Excel 2002, Office 2001 for Macintosh, Office v. X for Macintosh |
|
High |
SB04-294
SB04-287 |
Microsoft
Office 2000, XP, Word 2000, 2002
|
Microsoft Word Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-287 |
Microsoft
Office XP, SP1& SP2, Outlook 2002, SP1 & SP2 |
Outlook ‘Mailto’ Parameter Arbitrary Code Execution
CVE Name:
CAN-2004-0121
|
High |
SB04-077 |
Microsoft
Office XP, SP1-SP3, Developer Edition, Visual Studio .NET Enterprise Architect Edition, Developer Edition, Professional Edition, Trial Edition |
Visual Studio .NET Debugger Privilege Enforcement Weakness |
High |
SB04-119 |
Microsoft
Outlook |
Microsoft Outlook May Display Images in Plaintext Only Mode |
Low |
SB04-301 |
Microsoft
Outlook 2000, SP1-SP3, 2002, SP1&SP2, 2003, Outlook Express 4.0, 4.0 1 SP2, 4.27.3110, 4.72.2106, 4.72.3120, 4.72.3612, 5.0 1, 5.0, 5.5, 6.0 |
Multiple Outlook/Outlook Express Predictable File Location Vulnerabilities
|
High |
SB04-077 |
Microsoft
Outlook 2002, SP1, 2003, Outlook Express 6.0 |
Outlook/ Outlook Express Remote Denial of Service
|
Low |
SB04-119 |
Microsoft
Outlook Express 6.0 |
Outlook Express Malformed EML File Denial of Service |
Low |
SB04-119 |
Microsoft
Outlook Express 6.0, SP1 |
Outlook Express BCC Field Information Disclosure |
Medium |
SB04-245 |
Microsoft
Share Point Portal Server 2001, SP1- SP2A |
SharePoint Portal Server Cross-Site Scripting
CVE Name:
CAN-2004-0379
|
High |
SB04-105 |
Microsoft
Small Business Server 2000, 2003, Windows 2000 Advanced Server , SP1-SP4, Windows 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, NT Enterprise Server 4.0, SP1-SP6a, NT Server 4.0, SP1-SP6a, NT Terminal Server 4.0, SP1-SP6a, Windows Server 2003 Datacenter Edition, 64-bit, Server 2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition |
Microsoft Windows WINS Buffer Overflow |
High |
SB04-343 |
Microsoft
SQL Server 7.0 SP3 & prior |
Microsoft SQL Server Remote Denial of Service |
Low |
SB04-280
SB04-273 |
Microsoft
Visual C++ 6.0, SP1-SP5, Visual Studio 6.0, SP1-SP5 |
Visual C++ Constructed ISAPI Extensions Denial of Service |
Low |
SB04-091 |
Microsoft
Windows (ME), Windows (NT), Windows (95), Windows (98), Windows (2000), Windows (2003), Windows (XP) |
|
High |
SB04-350
SB04-336 |
Microsoft
Windows (XP SP2 is not affected) |
Microsoft Windows ANI File Parsing Errors
CVE Name:
CAN-2004-1305
|
Low |
SB04-364 |
Microsoft
Windows (XP SP2 is not affected) |
Microsoft Windows LoadImage API Buffer Overflow |
High |
SB04-364 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional Server, SP-SP4, 2000 Server, SP1-SP4, Windows XP Home, SP1&SP2, XP Professional, SP1&SP2 |
Microsoft GDI+ Library Malformed JPEG Handling Remote Denial of Service |
Low |
SB04-280 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, XP Home, SP1&SP2, XP Professional, SP1&SP2
|
Microsoft Windows DDEShare Buffer Overflow |
High |
SB04-322 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Datacenter Server, SP1-SP4, 2000 Professional, SP1-SP4, 2000 Server, SP1-SP4, XP Home, SP1, XP Media Center Edition, XP Professional, SP1
Avaya Definity One Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers
|
Windows RPCSS Multi-thread Race Condition
CVE Name:
CAN-2003-0813
|
Low |
SB04-119 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, 2000 Server, SP1-SP4, NT Enterprise Server 4.0, SP1-SP6a, NT Server 4.0, SP1-SP6a, NT Terminal Server 4.0, SP1-SP6, Server 2003 Data-center Edition, 64-bit, 2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition |
Windows Internet Naming Service (WINS) Buffer Overflow
CVE Name:
CAN-2003-0825
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-058 |
Microsoft
Windows 2000 Advanced Server, SP1-SP4, Data-center Server, SP1-SP4, Professional, SP1-SP4, 2000 Server, SP1-SP4, Windows 98, SE, ME, NT Enterprise Server 4.0, SP1-SP6a, NT Server 4.0, SP1-SP6a, NT Terminal Server 4.0, SP1-SP6a, NT Work-station 4.0, SP1-SP6a, XP 64-bit Edition, SP1, XP 64-bit Edition Version 2003, SP1, XP Home, SP1, XP Media Center Edition, XP Professional, SP1, XP Tablet PC Edition |
Windows Long Share Name Buffer Overflow |
High |
SB04-119 |
Microsoft
Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Internet Information Services 5.0, Internet Information Services 5.1, Internet Information Services 6.0; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0,
S3400 Message Application Server,
S8100 Media Servers |
Microsoft WebDav XML Message Handler Denial of Service
CVE Name:
CAN-2004-0718
|
Low |
|
Microsoft
Windows 2000 Advanced Server. SP1-SP3, 2000 Professional, SP1-SP3, 2000 Server, SP1-SP3, Windows NT Server 4.0, SP1-SP6a, NT Terminal Server 4.0, SP1-SP6a, NT Work-station 4.0, SP1-SP6a, Windows Server 2003 Data-center Edition, 64-bit, 2003 Enterprise Edition, 64-bit, 2003 Standard Edition, 2003 Web Edition, Windows XP 64-bit Edition, SP1, XP 64-bit Edition Version 2003, SP1, XP Home, SP1, XP Professional, SP1 |
|
High |
SB04-058 |
Microsoft
Windows 2000/XP Resource Kit
|
|
High |
SB04-343 |
Microsoft
Windows 2003 |
Microsoft Windows 2003 Services Default SACL Configuration |
Medium |
SB04-294 |
Microsoft
Windows 2003 |
Microsoft Windows 2003 Default ACL Permissions Firewall Services |
Low |
SB04-294 |
Microsoft
Windows Help System |
Microsoft Windows Help System Buffer Overflows
CVE Name:
CAN-2004-1306
|
High |
SB04-364 |
Microsoft
Windows Media Services 4.1 |
Windows Media Services Remote Denial of Service
CVE Name:
CAN-2003-0905
|
Low |
SB04-077 |
Microsoft
Windows Media Services, 4.0, 4.1 |
Media Services MX_STATS_\LogLine NSIISlog.DLL Remote Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-091 |
Microsoft
Windows NT Server 4.0 SP 6a, NT Server 4.0 Terminal Server Edition SP 6, Windows 2000 Server SP 3 & SP4, Windows Server 2003, 2003 64-Bit Edition |
|
High |
SB04-357
SB04-350 |
Microsoft
Windows NT Server 4.0 SP6a , NT Server 4.0 Terminal Server Edition SP6 |
|
Low/High
(High if arbitrary code can be executed)
|
SB04-350 |
Microsoft
Windows NT Server 4.0 SP6a, NT Server 4.0 Terminal Server Edition SP6, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME |
Microsoft HyperTerminal Remote Code Execution
CVE Name:
CAN-2004-0568
|
High |
SB04-350 |
Microsoft
Windows NT Server 4.0 SP6a, NT Server 4.0 Terminal Server Edition SP6, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME
|
|
Medium/High
(High if arbitrary code can be executed)
|
SB04-350 |
Microsoft
Windows NT Server 4.0 SP6a, Windows 2000 SP3&SP4, Windows XP SP1 &SP2, XP 64-Bit Edition, SP1, XP 64-Bit Edition Version 2003, Windows Server 2003, Windows Server 2003 64-Bit Edition, Windows 98, 98SE, ME |
|
High |
SB04-350 |
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange 2000 Server, Exchange Server 2003; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0, S3400 Message Application Server, S8100 Media Servers |
|
High |
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows 98, Windows 98 SE, Windows ME; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0, S3400 Message Application Server, S8100 Media Servers |
|
High |
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Professional, Windows 2000 Server, Windows XP Home Edition, Windows XP Professional, Windows Server 2003, Datacenter Edition, Windows Server 2003, Enterprise Edition, Windows Server 2003, Standard Edition, Windows Server 2003, Web Edition, Windows 98, Windows 98 SE, Windows ME; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server
Avaya S8100 Media Servers |
|
High |
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition, Windows 2000 Advanced Server, Windows 2000 Datacenter Server, Windows 2000 Server, Windows 2000 Professional, Windows XP Home Edition, Windows XP Professional, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Windows Server 2003 Datacenter Edition, Windows 98, Windows 98 SE, Windows ME; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, 2.0, Avaya S3400 Message Application Server, Avaya S8100 Media Servers |
|
High |
|
Microsoft
Windows NT Server 4.0, Windows NT Server 4.0 Enterprise Edition, Windows NT Server 4.0 Terminal Server Edition; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0, S3400 Message Application Server,
S8100 Media Servers |
Microsoft RPC Runtime Library Information Disclosure & Denial of Service
CVE Name:
CAN-2004-0569 |
Low |
SB04-294
SB04-287 |
Microsoft
Windows NT Work-station 4.0 SP6a, NT Server 4.0 SP6a, 4.0, Terminal Server Edition SP6, Windows 2000, SP2-SP4, XP, SP1, XP 64-Bit Edition, SP1, 64-Bit Edition Version 2003, Windows Server™ 2003, 2003 64-Bit Edition, Windows 98, SE, ME
Avaya Definity One Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers
|
|
Low/High
(High if arbitrary code can be executed) |
SB04-119
SB04-105 |
Microsoft
Windows NT Work-station 4.0 SP6a, NT Server 4.0 SP6a, 4.0, Terminal Server Edition SP6, Windows 2000, SP2-SP4, XP, SP1, XP 64-Bit Edition, SP1, 64-Bit Edition Version 2003, Windows Server™ 2003, 2003 64-Bit Edition, Windows 98, SE, ME
Avaya Definity One Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers
|
|
High |
SB04-119
SB04-105 |
Microsoft
Windows NT Work-station 4.0 SP6a, NT Server 4.0 SP6a, 4.0, Terminal Server Edition SP6, Windows 2000, SP2-SP4, XP, SP1, XP 64-Bit Edition, SP1, 64-Bit Edition Version 2003, Windows Server™ 2003, 2003 64-Bit Edition, Windows 98, SE, ME
Avaya Definity One Media Servers, IP600 Media Servers, S3400 Modular Messaging, S8100 Media Servers
|
Outlook Express MHTML URL Processing Vulnerability
CVE Name:
CAN-2004-0380
|
High |
SB04-119
SB04-105 |
Microsoft
Windows NT, 2000 and XP |
Microsoft Windows Logon Screensaver Elevated Privileges |
Medium |
SB04-329 |
Microsoft
Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition, Exchange Server 2003; Avaya DefinityOne Media Servers, IP600 Media Servers, Modular Messaging (MSS) 1.1, (MSS) 2.0, S3400 Message Application Server, S8100 Media Servers |
|
High |
SB04-322
SB04-301
SB04-294
SB04-287 |
Microsoft
Windows XP Explorer SP1 |
Microsoft Windows XP Error in Explorer in Processing WAV Files |
Low |
SB04-301 |
Microsoft
Windows XP Home Edition, XP Professional, Windows Server 2003 Datacenter Edition, Windows Server 2003 Enterprise Edition, Windows Server 2003 Standard Edition, Windows Server 2003 Web Edition; Avaya DefinityOne Media Servers; IP600 Media Servers; Modular Messaging (MSS) 1.1, 2.0; S3400 Message Application Server; S8100 Media Servers; Real Networks RealOne Player 1.0, 2.0, RealPlayer 10.0, 10.5 v6.0.12.1053, 10.5 v6.0.12.1040, 10.5 Beta v6.0.12.1016 |
Microsoft Compressed (zipped) Folders Remote Code Execution
CVE Name:
CAN-2004-0575
|
High |
|
Microsoft
Windows XP Home SP2
Windows XP Media Center Edition SP2
Windows XP Professional SP2 |
Microsoft Windows XP Weak Default Configuration
|
Medium |
SB04-294 |
Microsoft
Windows XP Home, SP1 |
Windows XP HCP URI Handler |
High |
SB04-058 |
Microsoft
Windows XP Home, SP1, XP Media Center Edition, Professional, SP1 |
Windows XP explorer.exe Remote Denial of Service |
Low |
SB04-091 |
Microsoft
Windows XP Home, SP1, XP Media Center Edition, XP Professional, SP1 |
Windows XP explorer.exe Multiple Memory Corruption Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Microsoft
Windows XP Home, SP1, XP Media Center Edition, XP Professional, SP1 |
Windows ‘NtSystem DebugControl()’ Kernel API Function Vulnerabilities |
High |
SB04-058 |
Microsoft
Windows XP Professional, XP Home Edition |
Windows XP Explorer Self-Executing Folder |
High |
CyberNotes-2004-03 |
Mini HTTP Server
Web Forums 1.6 & prior |
WebForums Forum HTML Injection |
High |
CyberNotes-2004-03 |
minihttpserver
Forum Web Server 2.0
|
minihttpserver Forum Web Server Directory Traversal & Clear Text Disclosure |
Medium |
SB04-315 |
| MiniShare
Minimal HTTP Server 1.3.2
|
MiniShare Server Remote Denial of Service
|
Low |
SB04-161 |
| Mollensoft Software
Lightweight FTP Server 3.6
|
Lightweight FTP Server Remote Buffer Overflow
|
High |
SB04-161 |
Mollensoft
Mollensoft FTP Server 3.6.0 |
Mollensoft FTP Server STOR Command Buffer Overflow |
High |
SB04-105 |
Mollensoft
Mondo Search prior to 5.1b |
MondoSearch Multiple Vulnerabilities |
Low/Medium
(Medium is sensitive informa-tion can be obtained)
|
SB04-105 |
Monolith
Alien versus Predator 2 v1.0.9.6;
Blood 2 v2.1;
No one lives forever, v1.004;
Shogo, v2.2 |
Monolith Games Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-287 |
| Mozilla
Mozilla Browser 1.6, 1.7 rc3, Firefox 0.8, 0.9 rc
|
Mozilla Browser URI Obfuscation |
Medium |
SB04-175 |
Mozilla.org
Mozilla (Suite) 1.7.0 and prior;
Mozilla Firefox 0.9.1 and prior;
Mozilla Thunderbird 0.7.1 and prior; |
Mozilla shell: Scheme Allows Code Execution |
High |
SB04-203 |
Mozilla.org
Firefox Preview Release, 0.8, 0.9 rc, 0.9-0.9.3, 0.10, 0.10.1 |
Mozilla Firefox Infinite Array Sort Denial of Service |
Low |
SB04-336 |
Mozilla.org
Mozilla Firefox |
Mozilla Firefox Browser Denial of Service |
Low |
SB04-301 |
Multiple Browser Vendors
Maxthon (MyIE2) 1.1.039; Avant Browser 9.02 build 101 and 10.0 build 029; stilesoft Netcaptor 7.5.2; Flashpeak Slim Browser 4.x |
Multiple Vendors Tabbed Browsing Vulnerabilities |
Medium |
SB04-301
|
Multiple Vendors
Gaim version 0.75 & prior |
|
High |
SB04-133 |
Multiple Vendors
IBM Web-sphere Application Server 5.0; Microsoft .NET Frame-work 1.0, SP1, 1.1
|
Multiple Vendor SOAP Server Remote Denial of Service |
Low |
|
Multiple Vendors
UUDe-view 0.5.19; WinZip WinZip 7.0, 8.0, 8.1 SR-1, 8.1
|
UUDeview MIME Archive Buffer Overrun |
High |
SB04-105
SB04-077 |
| Multiple Vendors
Active state ActivePerl 5.6.1 .630, 5.6.1- 5.6.3, 5.7.1- 5.7.3, 5.8-5.8.3, 5.9 dev; Larry Wall Perl 5.0 05_003, 5.0 05, 5.0 04_05, 5.0 04, 5.0 03, 5.6, 5.6.1, 5.8, 5.8.3
|
Perl ‘win32_stat()’ Function Remote Buffer Overflow
CVE Name:
CAN-2004-0377
|
High |
SB04-175 |
| Multiple Vendors
Microsoft Outlook Express 6.0;
Qualcomm Eudora 6.0 .22, 6.0, 6.0.1, 6.0.3, 6.1
|
Eudora Embedded Hyperlink URI Obfuscation Weakness |
Medium |
SB04-161
SB04-133 |
Multiple Vendors
Adobe Acrobat 5.0, 5.0.5, 6.0;
Altova xmlspy Enterprise Edition 2004, R4, Home Edition 2004, R4, Professional Edition 2004, R4;
AOL Instant Messenger 5.0.2938, 5.1.3036, 5.2.3292, 5.5.3415 Beta;
Intuit Quicken 2003, TurboTax 2003;
JASC Software PaintShop Pro 5.0, 5.0 1,
5.0 3, 6.0, 6.0 1,
6.0 2, 7.0, 7.0 1, 7.0 2, 7.0 4, 8.0, 8.0 1, 8.10;
Music Match Jukebox 8.0-8.2;
Van Dyke Technologies Secure CRT 4.0.1- 4.0.5;
Yahoo! Messenger 5.5- 5.6
|
Multiple Vendors ASN.1 Library Integer Handling
CVE Name:
CAN-2003-0818
|
High |
SB04-058 |
Multiple Vendors
Altnet ADM;
Grokster Grokster 1.3, 1.3.3, 2.6; KaZaA KaZaA Media Desktop 1.3-1.3.2, 1.6.1, 2.0, 2.0.2, 2.6.4 |
Altnet ADM ActiveX Control Remote Buffer Overflow |
High |
SB04-301
SB04-252 |
Multiple Vendors
Archive::Zip 1.13,
F-Secure Anti-Virus for Microsoft Exchange 6.30, 6.30 SR1, and 6.31; Computer Associates; Eset; Kaspersky; McAfee; Sophos; RAV; Archive::Zip 1.13 |
|
High |
SB04-350
SB04-308
SB04-294
|
Multiple Vendors
Macro-media Flash 7.0.19 .0;
Microsoft Internet Explorer 6.0, SP1
|
Internet Explorer Macromedia Flash Player Plug-in Remote Denial of Service
|
Low |
SB04-105 |
Multiple Vendors
Mr. S.K. LHA 1.14, 1.15, 1.17;
RARLAB WinRar 3.20;
RedHat lha-1.14i-9.i386. rpm;
WinZip 9.0
|
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
Mythic Entertainment
Dark Age of Camelot 1.60-1.68
|
Mythic Entertainment Dark Age of Camelot ncryption Key Signing |
Medium |
SB04-091 |
MyWebServer LLC
MyWebServer 1.0.3 |
MyWebServer Remote Denial of Service |
|
SB04-280 |
NakedSoft
Gaucho 1.4 build 145 |
Gaucho POP3 Email Header Buffer Overflow |
High |
SB04-245 |
NatterChat
NatterChat 1.12 |
NatterChat Input Validation Hole Lets Remote Users Inject SQL Commands |
Medium |
SB04-294 |
Nessus
Nessus WX 1.4-1.4.4 |
NessusWX Account Credentials Disclosure |
Medium |
SB04-105 |
Net2Soft
Flash FTP Server 1.0, 2.1 |
Flash FTP Server Remote Directory Traversal |
Medium |
|
NET2SOFT Inc.
Flash FTP Server 1.0 (banner version 2.1) |
Flash FTP Server Lets Remote Users Traverse the Directory With CWD Command |
Medium |
SB04-217 |
| NetChat
NetChat 7.0-7.3
|
NetChat Buffer Overflow in HTTP Service Lets Remote Users Execute Arbitrary Code |
High |
SB04-147 |
Netscape
Navigator 7.0, 7.0.2, 7.1-7.2 |
|
Medium |
SB04-350 |
NetSupport
DNA Helpdesk 1.01 |
DNA HelpDesk SQL Injection Vulnerability |
High |
SB04-217 |
Nettica Corporation
Intellipeer Email Server 1.x |
Intellipeer Email Server User Account Disclosure |
Medium |
SB04-273 |
NetWin
Surge LDAP 1.0g, 1.0f, 1.0 e, 1.0d, 1.0b, 1.0 a |
SurgeLDAP Web Administration Authentication Bypass |
High |
SB04-133 |
NetworkActiv
NetworkActiv Web Server 1.0 |
NetworkActiv Web Server Remote Denial of Service |
Low |
SB04-280 |
New Media Generation
Hired Team: Trial 2.0 / 2.200 & prior |
Hired Team: Trial Format String |
Low/High
(High if arbitrary code can be executed)
|
SB04-322 |
| NewAtlanta
ServletExec 2.2, 3.0
|
New Atlanta ServletExec Unauthorized Access |
Medium/Low |
SB04-189 |
Newintelligence
DasBlog 1.3-1.6 |
DasBlog Cross-Site Scripting |
High |
SB04-252 |
Nexgen server. com
Nexgen FTP Server 1.0 |
NexGen FTP Server Remote Directory Traversal
|
Medium |
SB04-091 |
Next Generation Security
StackDefender 1.10 and 2.0 |
NGSEC StackDefender 1.10 Invalid Pointer Dereference Vulnerability
CVE Names:
CAN-2004-0767
CAN-2004-0766 |
Low |
SB04-231 |
Nihuo Software, Inc.
Web Log Analyzer 1.6 |
Web Log Analyzer Cross-Site Scripting |
High |
SB04-245 |
Nival Interactive
Etherlords 1.0 1- 1.07, 1.0,
Nival Etherlords II 1.01- 1.0 3, 1.0
|
Etherlords Remote Denial of Service
|
Low |
SB04-091 |
Nortel
Nortel Contivity Multi-OS VPN Client 4.91 |
Nortel Contivity VPN Client Open Tunnel Certificate Verification
|
Medium |
SB04-315
SB04-301 |
Novell
eDirectory 8.7 |
eDirectory RBT Insecure Role Permissions
|
High |
SB04-133 |
Novell
NetMail 3.10, 3.10 a-3.10 g |
Novell NetMail Multiple Remote Vulnerabilities |
Low/ Medium/High
(High if arbitrary code can be executed)
|
SB04-357 |
Novell
Novell ZENworks for Desktops 4.0.1 |
Novell ZENworks for Desktops Privilege Escalation |
High |
SB04-301 |
NullSoft
Winamp 2.4, 2.5 e, 2.5 E, 2.6 4, 2.10, 2.24, 2.50, 2.60 (lite), 2.60 (full), 2.61 (full), 2.62 (standard), 2.64 (standard), 2.65, 2.70 (full), 2.70, 2.71-2.81, 2.91, 3.0, 3.1, 5.0 1- 5.04
|
Winamp Skin File Remote Code Execution |
High |
SB04-245 |
NullSoft
Winamp 5.07 |
Nullsoft Winamp Malformed MP4 Remote Denial of Service |
Low |
SB04-357 |
NullSoft
Winamp 2.4, 2.5 E, 2.5 e, 2.64, 2.10, 2.24, 2.50, 2.60 (lite), (full), 2.61 (full), 2.62 (standard) 2.64 (standard) 2.65, 2.70, (full), 2.71-2.81, 2.91, 3.0, 3.1, 5.0 1 |
Winamp Malformed File Name Denial of Service |
Low |
SB04-091 |
NullSoft
Winamp 2.91, 3.0, 3.1, 5.0 2, 5.0 1 |
Winamp ‘in_mod.dll’ Plug-in Remote Code Execution
|
High |
SB04-105 |
Nullsoft
Winamp 5.04 & prior |
Winamp ActiveX Control Remote Buffer Overflow
CVE Name:
CAN-2004-0820 |
High |
SB04-252 |
Nullsoft
Winamp 5.05 |
Nullsoft Winamp 'IN_CDDA.dll' Buffer Overflow |
High |
SB04-350
SB04-336
SB04-329 |
| OllyDbg version 1.10 |
OllyDbg Format String Bug |
High |
SB04-217 |
| Omnicron
OmniHTTPd 3.0a and prior versions
|
OmniHTTPd Buffer Overflow in HTTP GET Range Header May Let Remote Users Execute Arbitrary Code |
High |
SB04-147 |
Open Text Corporation
Centrinity FirstClass Desktop Client 7.1 |
FirstClass Desktop Client Buffer Overflow
|
High |
SB04-105 |
Open Text Corporation
FirstClass 8.0 |
OpenText FirstClass HTTP Daemon Search Function Remote Denial of Service |
Low |
SB04-357
SB04-350 |
Open wares.org
IEpatch |
Openwares.org IEPatch Remote Buffer Overflow |
High |
|
Opera Software
Opera 7.22 build 3221 (JP:build 3222), 7.21 build 3218 (JP:build 3219), 7.20 build 3144 (JP:build 3145), 7.1x, 7.0x |
Opera Directory Traversal |
Medium |
|
Opera Software
Opera Browser 7.22 & prior |
Opera Browser Arbitrary File Deletion |
Medium |
|
Opera Software
Opera 7.53 |
Opera Browser Spoofing Vulnerability |
Medium |
SB04-217 |
| Opera Software
Opera Web Browser 7.23, 7.50
|
Opera Browser Favicon Address Bar Spoofing |
Medium |
SB04-161 |
Opera Software
Opera Web Browser 7.x |
Opera Web Browser CLSID File Extension |
High |
SB04-058 |
Opera
Opera 5.x, 6.x, 7.x |
Opera Address Bar Spoofing Condition |
Low |
SB04-203 |
| Oracle Corporation
Oracle Applications 11.0, E-Business Suite 11.0, E-Business Suite 11i 11.5.1-11.5.8
|
Oracle E-Business Suite Multiple Input Validation |
High |
SB04-175 |
Oracle Corporation
Oracle HTTP Server (OHS) |
Oracle HTTP Server 'isqlplus' Cross-Site Scripting |
High |
SB04-058
CyberNotes-2004-03 |
Oracle Corporation
Oracle9i Database Enterprise Edition, Standard Edition |
Multiple Oracle Database Buffer Overflows |
High |
CyberNotes-2004-03 |
PacketCell Networks
Hotfoon 4.0 |
Hotfoon Dialer Chat Open Arbitrary URLs |
Medium |
SB04-322 |
Panda Software
Active Scan 5.0 |
Panda ActiveScan 'ascontrol.dll' Remote
Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-105 |
pbdb. Source forge.net
Punk Buster Database 1.0 alpha- 6.0 alpha |
PunkBuster Database Remote Input Validation
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-077 |
PD9 Software
MegaBBS 2.x |
MegaBBS Input Validation |
High |
SB04-273 |
Pedestal Software
Integrity Protection Driver 1.2, 1.3, 1.4 |
Integrity Protection Driver Local Denial of Service |
Low |
SB04-245 |
Pegasus Mail
Mercury Mail Transport System 4.01 |
Pegasus Mail Mercury Mail Transport System Buffer Overflow |
High |
SB04-336 |
Pensacola Web Designs
Xtreme ASP Photo Gallery 2.0 |
XtremeASP PhotoGallery Admin Access |
High |
|
People Can Fly
Painkiller 1.3.1 |
Painkiller Remote Buffer Overflow |
Low/High
(High if arbitrary code can be executed)
|
SB04-245 |
Perfect Nav
Perfect Nav |
PerfectNav Malformed URI Denial of Service
|
Low |
SB04-077 |
Perpetual Motion Interactive Systems
detonate Nuke 1.0.6- 1.0.10d |
DotNetNuke Multiple Remote Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
| PHP Group
PHP 4.3.3, 4.3.5
|
PHP escapeshellarg() & escapeshellcmd() Input validation
CVE Name:
CAN-2004-0542
|
High |
SB04-175 |
Pinnacle Systems
ShowCenter v1.51 build 121 |
Pinnacle ShowCenter Skin File Cross-Site Scripting Vulnerability |
High |
SB04-294 |
Pinnacle Systems
ShowCenter 1.51 |
ShowCenter Web Interface Skin Denial Of Service |
Low |
SB04-273 |
Playlogic International
Alpha Black Zero 1.0 4 |
Playlogic Alpha Black Zero Remote Denial of Service |
Low |
SB04-280 |
Polar
Polar HelpDesk 3.0 |
Polar HelpDesk Authentication Bypass and Inadequate Security Checks
|
Medium |
SB04-217 |
Prevx
Prevx Home 1.0 |
Prevx Home Protection Mechanisms Registry Disable |
Medium |
SB04-329 |
Productive Computer Insight
Net Support School 7.0, 7.0 1, 7.5 |
NetSupport School Weak Password Encoding
|
Medium |
SB04-119
SB04-091 |
Proland Software
Protector Plus |
Proland Protector Plus MS DOs Device Name Scan Failure
|
High |
SB04-301 |
Protection Technology
StarForce Professional 3.0 |
Protection Technology StarForce Professional Elevated Privileges |
Medium |
SB04-322 |
PsTools 2.01, 2.02, and 2.03
psexec 1.52; psgetsid 1.4;
psinfo 1.5,
pskill 1.03,
pslist 1.25,
psloglist 2.5,
pspasswd 1.21,
psservice 2.1,
psshutdown 2.31,
pssuspend 1.04 |
Sysinternals PsTools Fails to Disconnect |
Medium |
SB04-203 |
PW New Media Network
Modular Site Management System 0.2.1 |
Modular Site Management System ‘Ver.asp’ Information Disclosure |
Medium |
SB04-119 |
PY Software
Active WebCam 4.3 |
Active Webcam Webserver Directory Traversal & Cross-Site Scripting |
Medium/High
(High if arbitrary code can be executed) |
|
| Qbik IP Management Limited
WinGate Plus 5.0.5, 5.2.3 Build 901, 6.0 Beta 2 Build 942, 5.0.5, 5.2.3 Build 901, 6.0 Beta 2 Build 942
|
|
Medium |
SB04-189 |
Quad Comm, Inc.
Q-Shop |
Q-Shop Multiple Vulnerabilities
|
High |
CyberNotes-2004-03 |
Qualcomm
Eudora 5.2.1, 6.0, 6.0.1, 6.0.3, 6.1 |
Eudora Embedded Hyperlink Buffer Overflow |
High |
SB04-133 |
RARLAB
WinRar 3.0 .0, 3.0, 3.10, beta 5, beta 3, 3.11, 3.20, 3.40, 3.41 |
RARLAB WinRAR File Name Remote Client-Side Buffer Overflow |
High |
SB04-357 |
RARlabs
WinRAR 3.40 and prior |
RARlabs WinRAR 'Repair Archive' Feature Compromise |
Medium |
SB04-315 |
RARLAB
WinRAR 3.40 and 3.41 |
RARLAB WinRAR Delete File Buffer Overflow Vulnerability |
High |
SB04-364 |
Ratbag
Dirt Track Racing 1.0 3, 2.0, Dirt Track Racing Australia, Dirt Track Racing Sprint Cars, Leadfoot, World of Outlaws Sprint Cars |
Ratbag Game Engine Remote Denial of Service
|
Low |
SB04-058 |
Real Networks
RealOne 2.0, Build 6.0.11.868 |
RealOne Player SMIL File Script Input Validation |
High |
|
| Real Networks
RealOne Enterprise Desktop 6.0.11 .774, RealOne Player, 1.0, 2.0, 6.0.11 .872, 6.0.11 .868, 6.0.11 .853, 6.0.11 .841, 6.0.11 .830, 6.0.11 .818, 2.0 for Windows, RealPlayer 10 Japanese, German, English, RealPlayer 8 , RealPlayer Enterprise
|
RealPlayer Media File Heap Overflow |
High |
SB04-175 |
| Real Networks
RealPlayer 10, Japanese, German, English
|
RealNetworks RealPlayer URI Processing Buffer Overflow |
High |
SB04-175 |
RealVNC
RealVNC 4.0 |
RealVNC Server Remote Denial of Service |
Low |
SB04-245 |
Rebellion
Judge Dredd: Dredd vs. Death 1.01 & prior |
Judge Dredd: Dredd vs. Death Format String |
Low |
SB04-280 |
RedStorm
Ghost Recon Game Engine |
Ghost Recon Game Engine Remote Denial of Service
|
Low |
SB04-077 |
ReGet Software
ReGet Deluxe 3.0 build 121 |
ReGet Directory Traversal |
Medium |
SB04-091 |
Rhino Soft
Serv-U 4.1 .0.11, 4.1 |
Serv-U FTP Server SITE CHMOD Buffer Overflow |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077
SB04-058 |
Rhino Software
Zaep AntiSpam 2.0, 2.0.0.1 |
Zaep AntiSpam Cross-Site Scripting |
High |
SB04-119 |
RhinoSoft
Serv-U 3.0, 3.1, 4.0 .0.4, 4.1 |
Serv-U FTP Insecure Permissions |
Medium |
|
RhinoSoft.com
Serv-U FTP Server 4.2 & prior |
Serv-U FTP 'site chmod' Remote Buffer Overflow |
High |
CyberNotes-2004-03 |
| RhinoSoft.com
DNS4Me 3.0 .0.4 |
DNS4Me Denial Of Service & Cross-Site Scripting Vulnerabilities |
Low/High
(High if arbitrary code can be executed)
|
|
RhinoSoft.com
Serv-U 3.0, 3.1, 4.0 .0.4, 4.1 .0.11, 4.1, 4.2, 5.0 .0.9, 5.0 .0.6, 5.0.0.4, 5.1 .0, 5.2 .0.0 |
Serv-U FTP Server Remote Denial of Service |
Low |
SB04-280
SB04-259 |
RhinoSoft.com
Serv-U FTP Server 4.x through 5.1.0.0 inclusive |
Serv-U Local Privilege Escalation Vulnerability
|
Medium |
SB04-231 |
RhinoSoft
Serv-U 3.0, 3.1, 4.0 .0.4, 4.1 .0.11, 4.1, 4.2 |
Serv-U FTP Server ‘MDTM’ Command
Buffer Overflow
|
High |
SB04-077 |
RhinoSoft
Serv-U 3.0, 3.1, 4.0 .0.4, 4.1 .0.11, 4.1, 4.2, 5.0 .0.4 |
Serv-U FTP Server LIST '-l:' Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-119 |
Rit Research Labs
The Bat! 2.01 |
The Bat! PGP Message Handling |
High |
|
| Rit Research Labs
TinyWeb 1.9.2
|
TinyWeb Server Remote CGI Script Disclosure |
Medium |
SB04-161 |
| Riverdeep Interactive Learning
SmartStuff FoolProof Security 3.9.4, 3.9.7
|
FoolProof Security Program Administrative Password Recovery |
High |
SB04-161 |
Robert K Jung
unarj 2.x |
Unarj Input Validation |
High |
SB04-322
SB04-287 |
robotftp.com
RobotFTP Server 1.0, 2.0 Beta 1 |
RobotFTP Server Remote Buffer Overflow
|
High |
SB04-077
SB04-058 |
| Sambar Technologies
Sambar Server 6.1 beta 2
|
Sambar Server Multiple Vulnerabilities |
High/Medium
(High if arbitrary code can be executed)
|
SB04-161 |
SapporoWorks
BlackJumboDog FTP Server 3.6.1 |
BlackJumboDog Has Buffer Overflow in the FTP Service |
|
SB04-259
SB04-231
|
Seattle Lab Software
SLMail Pro 2.0-2.0.9 |
SLMail Pro Remote Buffer Overflow
|
High |
SB04-077 |
Seattle Lab Software
SLWeb Mail |
SLWebMail Multiple Remote Buffer Overflow
|
High |
SB04-077 |
SecureAction Research
Secure Network Messenger 1.4.2 and prior versions |
SecureAction Research Secure Network Messenger Denial of Service
|
Low |
SB04-322
|
Sierra Entertainment, Inc.
Lords of the Realm III |
Lords of the Realm III Nickname Remote Denial of Service |
|
SB04-273 |
Skype Technologies
Skype for Windows 1.0.*.95 through 1.0.*.98 |
Skype 'callto:' URI Handler Buffer Overflow |
High |
SB04-322 |
smallftpd
smallftpd 1.0.3 |
SmallFTPD Remote Denial of Service
|
Low |
SB04-058 |
Snap Stream Media
Snap-stream Personal Video Station (PVS) 2.x |
Snap Stream PVS Lite Cross-Site Scripting |
High |
|
Snitz Forums
2000 Snitz Forums 2000 3.0, 3.1, 3.3 .03, 3.3 .02, 3.3 .01, 3.3, 3.4 .04, 3.4.03, 3.4 .02 |
Snitz Forums 'Down.ASP' Input Validation |
High |
|
Soft3304
04WebServer 1.42 |
Soft3304 04WebServer Input Validation Vulnerabilities |
Low/High
(High if arbitrary code can be executed)
|
SB04-329
SB04-322 |
Software 602
602Pro LAN SUITE 2002, 2003 |
602Pro LAN Suite Web Mail
Information Disclosure
|
Medium/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Software602
602LAN SUITE 2004.0.04.0909 and prior versions |
Software602 602LAN SUITE Remote Denial of Service |
Low |
SB04-315 |
Softwin
Bit Defender |
BitDefender Remote File Upload & Execution & Information Disclosure |
High |
SB04-119 |
Sophos
Anti-Virus 3.78 d, 3.78-3.85,
Small Business Suite 1.0 |
Sophos Anti-Virus Reserved MS-DOS Name Scan Evasion
CVE Name:
CAN-2004-0552
|
High |
SB04-273 |
Sourceforge.net
MiniShare Buffer 1.4.1 and prior |
Sourceforge.net MiniShare Buffer Overflow |
High |
SB04-329
SB04-315
|
South River Technologies
Titan FTP Server 2.2, 2.10, 3.0 1, 3.10, 3.21 |
Titan FTP Server CWD Command Remote Heap Overflow |
High |
SB04-259
SB04-252 |
South River Technologies
Titan FTP Server 3.01 |
Titan FTP Server LIST Denial of Service |
Low |
SB04-133 |
Spider Sales
Spider Sales 2.0 |
SpiderSales Shopping Cart Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-077 |
STC Corporation
Campus Pipeline 1.0, 2.0, 2.1, 2.2, 3.0, 3.1, 3.2 |
Campus Pipeline Cross-Site Scripting |
High |
SB04-119 |
SteelID
thePhoto Tool |
SteelID thePhotoTool Login.ASP SQL Injection |
High |
SB04-091 |
Sun Microsystems
Java Runtime Environment (JRE) |
Sun JRE Win32 Native Assertion Error Lets malicious Applets Deny Service |
Low |
SB04-231 |
Sun Micro-systems, Inc.
Sun J2EE/RI (Windows) 1.4, JDK (Windows Production Release) 1.4.2 _02 |
J2EE/RI Pointbase Database Remote Command Execution |
High |
|
| Sun Microsystems, Inc.
Sun JRE (Linux Production Release) 1.4.1 _01-1.4.1_03, 1.4.1, 1.4.2 _01 -1.4.2_04, 1.4.2,
JRE (Solaris Production Release) 1.4.1 _01-1.4.1_03, 1.4.1, 1.4.2 _01 -1.4.2_04, 1.4.2, JRE (Windows Production Release) 1.4.1 _01-1.4.1_03, 1.4.1_07, 1.4.1, 1.4.2 _01-1.4.2_04, 1.4.2
|
Sun Java Runtime Environment Font Object Denial of Service |
Low |
SB04-189 |
Sun
Sun Java JRE 1.4.x, 1.3.x, 1.2.x, 1.1.x
with Internet Explorer version 5.5, 6.0 |
Sun JVM Insecure Temporary File Creation Allows Remote Code Execution |
High |
SB04-203 |
SunGard
SCT Campus Pipeline |
Sungard SCT Campus Pipeline Input Validation Error |
High |
SB04-294 |
Sybase
Sybase Adaptive Server Enterprise (ASE)12.5.2 and prior |
Sybase Adaptive Server Enterprise Unspecified Vulnerabilities |
Not Specified |
SB04-364
|
| Sygate
Security Agent 3.0, 3.5 build 2576, Personal Firewall 5.5 build 2576
|
Sygate Personal Firewall Pro Local Fail-Close Bypass |
Medium |
SB04-175 |
| Sygate
Sygate Personal Firewall Pro 5.5
|
Sygate Personal Firewall Pro Denial of Service |
Low |
SB04-175 |
Sygate
Sygate Secure Enterprise prior to 3.5MR3 and Sygate Enforcer 4.0 and later |
Sygate Secure Enterprise Multiple Vulnerabilities
CVE Name:
CAN-2004-0163 |
Low |
SB04-231 |
| Symantec Corporation
Norton AntiVirus 2004
|
Symantec Norton AntiVirus 2004 ActiveX control fails to properly validate input |
Low/High
(High if arbitrary code can be executed)
|
SB04-147 |
| Symantec Corporation
Norton Internet Security and Professional 2002, 2003, 2004
Norton Personal Firewall 2002, 2003, 2004
Norton AntiSpam 2004;
Client Firewall 5.01, 5.1.1
Client Security 1.0, 1.1, 2.0(SCF 7.1)
|
Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets
CVE Name:
CAN-2004-0444
|
High |
SB04-147 |
| Symantec Corporation
Norton Internet Security and Professional 2002, 2003, 2004;
Norton Personal Firewall 2002, 2003, 2004
Norton AntiSpam 2004;
Client Firewall 5.01, 5.1.1
Client Security 1.0, 1.1, 2.0(SCF 7.1)
|
Multiple Symantec firewall products contain a buffer overflow in the processing of DNS resource records
CVE Name:
CAN-2004-0444
|
High |
SB04-147 |
| Symantec Corporation
Norton Internet Security and Professional 2002, 2003, 2004;
Norton Personal Firewall 2002, 2003, 2004
Norton AntiSpam 2004;
Client Firewall 5.01, 5.1.1
Client Security 1.0, 1.1, 2.0(SCF 7.1)
|
Multiple Symantec firewall products fail to properly process DNS response packets |
Low |
SB04-147 |
| Symantec Corporation
Norton Internet Security and Professional 2002, 2003, 2004;
Norton Personal Firewall 2002, 2003, 2004
Norton AntiSpam 2004;
Client Firewall 5.01, 5.1.1
Client Security 1.0, 1.1, 2.0(SCF 7.1)
|
Multiple Symantec firewall products fail to properly process NBNS response packets
CVE Name:
CAN 2004-0444
|
High |
SB04-147 |
Symantec
PowerQuest DeployCenter 5.5 |
PowerQuest DeployCenter Password Disclosure |
Medium |
SB04-252 |
Symantec
Symantec Live Update 1.70.x-1.90.x, AntiVirus for Handhelds v3.0, Norton System Works 2001-2004, Norton AntiVirus (and Pro) 2001-2004, Norton Internet Security (and Pro) 2001-2004 : Norton AntiVirus (and Pro) 2001-2004 : Norton Internet Security (and Pro) 2001-200 : Symantec AntiVirus for Handhelds v3.0 |
LiveUpdate SYSTEM Privileges
CVE Name:
CAN-2003-0994 |
Medium |
|
Symantec
Symantec Norton AntiVirus 2003 Professional Edition;
Symantec Norton AntiVirus 2002 |
Norton AntiVirus Denial Of Service Vulnerability |
Low |
SB04-203 |
Symantec
Client Firewall 5.0 1, 5.1.1, Client Security 1.0, 1.1, Norton Internet Security 2003, Professional Edition, 2004, Professional Edition, Norton Personal Firewall 2003, 2004 |
Symantec Client Firewall SYMNDIS. SYS TCP Remote Denial of Service
CVE Name:
CAN-2004-0375
|
Low |
SB04-119 |
Symantec
Norton AntiSpam 2004 |
Norton AntiSpam ‘SymSpam Helper’ Class Remote
Buffer Overflow
|
High |
SB04-091 |
Symantec
Norton Antivirus 2003, 2004, 2005
|
|
High |
SB04-280 |
Symantec
Norton Anti-Virus 2004, 2005 |
Symantec Norton Anti-Virus Script Blocking Bypass |
Medium |
SB04-315 |
Symantec
Norton Internet Security 2004
Norton Internet Security 2004 Professional
Symantec Norton AntiVirus 2004 |
Symantec Norton AntiVirus Unprivileged Auto-Protection Deactivation |
High |
SB04-294 |
Symantec
Norton Internet Security 2004, 2004 Professional Edition |
Norton Internet Security ‘WrapNISUM’ Class
Remote Command Execution
|
High |
SB04-091 |
Symantec
Security Check Virus Detection |
Symantec Security Check Virus Detection COM Object Remote Denial of Service
|
Low |
SB04-105 |
Symantec
Symantec Clientless VPN Gateway 4400 Series |
Symantec Clientless VPN Gateway 4400 Series Multiple Vulnerabilities |
High |
SB04-231 |
Symantec
Symantec Firewall/VPN Appliance 100, 200, 200R |
Symantec Firewall/VPN Appliance Cached Plaintext Password |
Medium |
SB04-077 |
Symantec
Symantec Gateway Security 2.0 |
Symantec Gateway Security Cross-Site Scripting
|
High |
SB04-077 |
Symantec
Symantec LiveUpdate 1.80.19.0, 2.5.56.0 |
Symantec LiveUpdate Zip Decompression Routine Denial of Service |
Low |
SB04-336
SB04-315 |
Symantec
Windows LiveUpdate prior to v2.5, Norton SystemWorks 2001-2004, Norton AntiVirus and Pro 2001-2004, Norton Internet Security and Pro 2001-2004,
Symantec AntiVirus for Handhelds Retail and Corporate Edition v3.0
|
Symantec LiveUpdate NetDetect Scheduled Task |
High |
SB04-350 |
Sysinternals
Regmon 6.11 |
Regmon Local Denial of Service |
Low |
SB04-245 |
Tabs Laboratories
MailCarrier 2.51 |
Tabs Laboratories MailCarrier EHLO SMTP Commands Buffer Overflow |
High |
SB04-308 |
Techland
Chrome 1.2 .0 |
Techland Chrome Remote Denial of Service
|
Low |
SB04-091 |
Tech-Noel Inc.
Pigeon Server 3.2.143 |
Pigeon Server Remote Denial of Service |
Low |
|
Texas Imperial Software
WFTPD 3.0, Pro, 0R5 Pro, 0R5, 0R4 Pro, 0R4, 0R3, 3.10 R1, 3.20, Pro 3.10 R1, 3.20, 3.21 |
Multiple WFTPD Remote Vulnerabilities |
Low/ High
(High if arbitrary code can be executed)
|
SB04-077 |
Texas Imperial Software
WFTPD 3.21 R1&R2, WFTPD Pro 3.21 R1&R2 |
WFTPD Server Remote Denial of Service
|
Low |
SB04-091 |
Texas Imperial Software
WFTPD Pro 3.21, R1-R3 |
WFTPD Remote Denial of Service |
Low |
SB04-252 |
The 3DO Company
Army Men RTS 1.x |
Army Men RTS Format String |
Low/High
(High if arbitrary code can be executed)
|
SB04-322 |
| The Ignition Project
IgnitionServer 0.3.1
|
ignitionServer Server Link Service Authentication Bypass |
Medium |
SB04-175 |
the_sz
Doro PDF Writer 1.13 |
Doro PDF Writer Administrative Privileges |
High |
CyberNotes-2004-02
CyberNotes-2004-01
|
thePalace.com
The Palace Client 3.5 & prior |
The Palace Graphical Chat Client Remote
Buffer Overflow
|
High |
SB04-058 |
Thomas Hauck
JanaServer 2 2.4.0-2.4.4 |
JanaServer 2 Multiple Remote Denial of Service |
Low |
SB04-343 |
Tiny Server
Tiny Server 1.1, 1.0.5 |
TinyServer Multiple Vulnerabilities |
Low/ Medium/ High
(Low if a DoS; Medium if sensitive information can be obtained; and High if arbitrary code can be executed)
|
CyberNotes-2004-03 |
TIPPS
MailPost 5.1.1 |
TIPPS MailPost Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-315 |
Touchdown Entertainment
LithTech Engine |
Touchdown LithTech Engine Format String |
Low |
SB04-315 |
TranSoft Ltd.
Broker FTP Server 6.1 .0.0 |
Broker FTP Server Remote Denial of Service
|
Low |
SB04-058 |
Trend Micro
ScanMail |
Trend Micro ScanMail Sensitive File Disclosure
CVE Name:
CAN-2004-1003 |
Medium |
SB04-315
|
| Trend Micro
OfficeScan Corporate Edition 3.0, 3.5, 3.11, 3.13, 3.54, 5.0 2, 5.5, 5.58
|
OfficeScan 'winhlp32.exe' Arbitrary Code Execution |
High |
SB04-175 |
Trend Micro
Office Scan Corporate Edition 3.0, 3.5, 3.11, 3.13, 3.54, 5.02, 5.58 |
OfficeScan Weak Default Permissions |
Medium |
SB04-133 |
TriDComm
TriDComm FTP Server 1.3 and prior |
TriDComm FTP Server Directory Traversal |
|
SB04-287 |
TYPSoft
TYPSoft FTP Server 0.85, 0.93, 0.95-0.97, 0.97.5, 0.99.6, 1.0-1.0 9, 1.1, 1.10, 1.11 |
TYPSoft FTP Server Remote 'RETR' Denial of Service |
Low |
SB04-259 |
TYPSoft
TYPSoft FTP Server 1.10 |
TYPSoft FTP Server Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
TYPSoft
TYPSoft FTP Server 1.1 |
TYPSoft FTP Server Remote Denial of Service
|
Low |
SB04-077 |
Ultr@ VNC
Ultr@ VNC 1.0.0 RC11 |
Ultr@VNC ShellExecute() SYSTEM Privileges |
High |
|
VanDyke Software
SecureCRT 4.0, 4.1 |
VanDyke SecureCRT - Remote Command Execution |
High |
SB04-329 |
Venta Association
VentaFax 5.4
|
VentaFax Command Execution Lets Local Users Gain Elevated Privileges |
Medium |
SB04-231
|
Veritas Software
Backup Exec 8.0, 8.5, 8.6, 9.0, 9.1 |
VERITAS Backup Exec Buffer Overflow
CVE Name:
CAN-2004-1172 |
High |
SB04-357 |
Verity Inc.
Ultraseek 5.2.1 |
|
Medium |
SB04-133 |
Vicomsoft Ltd.
Rapid Cache 2.2.6 & prior |
RapidCache Server Multiple Vulnerabilities |
Low/ Medium/High
(Medium is sensitive information can be obtained; and High if arbitrary code can be executed) |
|
viksoe.dk
GMail Drive |
viksoe.dk GMail Drive Discloses Information and Permits Unauthorized Access |
Medium |
SB04-294 |
| Virtual Programming
VP-ASP 4.0, 4.50, 5.0
|
Virtual Programming VP-ASP Multiple Vulnerabilities |
High |
SB04-175 |
Virtual Programming
VP-ASP 5.0 |
VP-ASP 'shoprestoreorder.asp' Remote Denial of Service |
Low |
|
Virtual Projects
Chatman 1.5.1 RC1 & prior |
ChatMan Input Validation Remote Denial of Service |
Low |
SB04-273 |
Vizer Web Server
Vizer Web Server 1.9.1 |
Vizer Web Server Remote Denial of Service
|
Low |
SB04-058 |
VMWare Incorporated
VMWare Workstation 4.5.2 |
VMWare Workstation Format String |
Medium |
SB04-336 |
Volition, Inc.
Freespace 2 1.2 |
Freespace 2 Game Client Remote Buffer Overflow |
High |
SB04-077 |
VyPRESS
Messenger 3.5, 3.5.1 |
VyPRESS Messenger Remote Buffer Overflow |
High |
SB04-280 |
Vypress
Vypress Tonecast version 1.3 and prior |
Vypress Tonecast Denial of Service |
Low |
SB04-301 |
Web Animations
Password Protect |
Password Protect Input Validation |
High |
SB04-252 |
Web Cortex
Web Stores 2000 |
WebStores 2000 Input Validation Vulnerabilities |
High |
SB04-058 |
Web Wiz Guide
Web Wiz Forums 7.0 beta1, 7.0 1, 7.0, 7.5, 7.7 b, 7.7 a, 7.51 |
Web Wiz Forum Multiple Vulnerabilities |
Medium/ High
(High if arbitrary code can be executed)
|
SB04-133 |
| Web Wiz Guide
Web Wiz Forums 7.5, 7.7 b, 7.7 a, 7.8, 7.51
|
Web Wiz Forums ‘registration_ rules.asp’ Cross-Site Scripting |
High |
SB04-175 |
Web Wiz Guide
Web Wiz Internet Search Engine
|
Web Wiz Internet Search Engine Database Disclosure |
High |
SB04-273 |
Web Wiz Guide
Web Wiz Journal |
Web Wiz Journal Database Disclosure |
High |
SB04-273 |
Webcam Corp.
Webcam Watchdog 4.0.1a |
Webcam Watchdog Input Validation Hole in 'sresult.exe' Permits Cross-Site Scripting Attacks |
High |
SB04-217 |
Webcam Corporation
Watchdog 3.63 & prior |
Webcam Watchdog Web Server Remote Buffer Overflow |
High |
|
WebHost Automation
HELM Web Hosting Control Panel 3.1.19 and prior |
WebHost Automation HELM SQL injection & Cross-Site Scripting |
High |
SB04-315 |
Webroot Software, Inc
Window Washer 5.5 |
Webroot Window Washer Erased Files |
Medium |
SB04-245 |
Webroot Software
Spy Sweeper Enterprise 1.5.1.3698 |
Spy Sweeper Enterprise Password Disclosure |
Medium |
SB04-322 |
Webroot
My Firewall Plus 5.0 (build 1117) |
Webroot My Firewall Plus Privilege Escalation Vulnerability |
High |
SB04-364 |
Webroot
Spy Sweeper Enterprise 1.5.1 (Build 3698) |
Webroot Spy Sweeper Enterprise Windows Tray Icon Vulnerability |
High |
SB04-364 |
Website Pros
NetObjects Fusion 8.x |
Website Pros NetObjects Fusion JPEG Processing Buffer Overflow |
High |
SB04-308 |
Weld Pond
netcat for Windows 1.1 |
Weld Pond netcat for Windows Buffer Overflow in doexec |
High |
SB04-364 |
WeOnlyDo!
wodFtpDLX ActiveX component, wodFtpDLX ActiveX component 2.1.1 8 |
WeOnlyDo! wodFtpDLX ActiveX Component Remote Buffer Overflow |
High |
SB04-350
SB04-336 |
wftpserver.com
WinFTP Server 1.x |
Win FTP Server Information Disclosure |
Medium |
SB04-336 |
Whisper Technology Limited
FTP Surfer 1.0.7
|
FTP Surfer File Handling Buffer Overflow Vulnerability |
High |
SB04-217 |
WhitSoft Development
SlimFTPd 3.15 and prior |
WhitSoft Development SlimFTPd FTP Command Buffer Overflow |
High |
SB04-322 |
WIDCOMM
WIDCOMM Bluetooth Connectivity Software versions prior to 3.0 on the BTW and BT-CE/PPC platforms ;BTStackServer 1.3.2.7 and 1.4.2.10 on both Windows XP and Windows 98; HP IPAQ 5450 running WinCE 3.0 with Bluetooth software version 1.4.1.03. |
WIDCOMM Bluetooth Connectivity Software Buffer Overflow Vulnerabilities
CVE Name:
CAN-2004-0775 |
|
SB04-231 |
| WildTangent, Inc.
WebDriver 4.0
|
WebDriver Remote Filename Buffer Overflow |
High |
SB04-161 |
| WinAgents Software Group
TFTP Server 3.0
|
WinAgents TFTP Server Remote Buffer Overflow |
Low |
SB04-175 |
WinZip Computing, Inc.
WinZip 7.0, 8.0, 8.1, SR-1, 9.0 |
WinZip Multiple Buffer Overflows |
High |
SB04-252 |
Wirtualna Polska
wpkontakt 3.0.1 and prior |
wpkontakt E-mail Validation Error |
High |
SB04-364 |
Working Resources Inc.
BadBlue 2.5 |
BadBlue Webserver Denial of Service |
Low |
SB04-245 |
XLight FTP Server
XLight FTP Server 1.52 |
XLight FTP Server Remote Denial of Service
|
Low |
SB04-058 |
xlightftpd.com
XLight FTP Server 1.40 |
Xlight FTP Server Directory Traversal & Remote Denial of Service |
Low/ Medium
(Medium if sensitive information can be obtained) |
|
xlightftpd.com
Xlight FTP Server 1.x |
Xlight FTP Server Remote Buffer Overflow |
High |
|
XLight
XLight FTP Server 1.45 |
XLight FTP Server Remote Denial of Service
|
Low |
CyberNotes-2004-03 |
XLineSoft
ASPRunner 2.4 and prior |
ASPRunner Input Validation Holes Permit SQL Injection and Cross-Site Scripting Attacks |
High |
SB04-217 |
XPA Systems
pGina 1.7.6 |
XPA Systems pGina Default Configuration Remote Denial of Service |
Low |
SB04-301 |
Xue-brothers
MyWeb 3.3 |
MyWeb HTTP Server GET Request Buffer Overflow
|
Low/ High
(High if arbitrary code can be executed)
|
SB04-133 |
Y@Soft Compact Solutions
Switch Off 2.3 & prior |
Switch Off Remote Denial of Service & Buffer Overflow |
Low/High
(High if arbitrary code can be executed) |
|
Yahoo!
Messenger 5.x |
Yahoo! Messenger File Transfer Remote Buffer Overflow |
High |
|
YoungZsoft
CCProxy 6.0 |
CCProxy HTTP Request Processing Buffer Overflow |
High |
SB04-322 |
YoungZSoft
CMailServer 5.2
|
YoungZSoft CMailServer Multiple Vulnerabilities |
Medium/High
(High if arbitrary code can be executed)
|
SB04-336 |
Zinf
Zinf 2.2.1 |
Zinf Malformed Playlist File Remote Buffer Overflow
CVE Name:
CAN-2004-0964
|
Medium |
SB04-322
SB04-273 |
Zone Labs
IMsecure and IMsecure Pro prior to 1.5 |
Zone Labs IMsecure Active Link Filter Bypass |
Medium |
SB04-322 |
Zone Labs
ZoneAlarm 2.1-2.6, 3.0, 3.1, 3.7 .202, 4.0, 4.5 .538.001, ZoneAlarm for Windows 95 1.0, 2.2-2.6, ZoneAlarm for Windows 98 2.1-2.6, ZoneAlarm For Windows NT 4.0 2.1-4.0 2.6, ZoneAlarm for Windows XP 2.6, ZoneAlarm Plus 4.0, 4.5.538.001, ZoneAlarm Pro 2.4, 2.6, 3.0, 3.1, 4.0, 4.5.538.001, 4.5, 5.0.590.015 |
ZoneAlarm/ZoneAlarm Pro Weak Default Permissions |
Medium |
SB04-245 |
Zone Labs
Labs Integrity Client 4.0,
Zone Alarm 4.0, Plus 4.0, Pro 4.0, 4.5
|
ZoneAlarm SMTP Local/Remote Buffer Overflow
|
High |
SB04-077 |
Zone Labs
Zone Alarm Plus 4.0, 4.5.538. 001, Zone Alarm Pro 2.4, 2.6, 3.0, 3.1, 4.0, 4.5 .538.001, 4.5 |
ZoneAlarm Pro/Plus MailSafe Filter Bypass |
Medium |
SB04-119 |
Zone Labs
ZoneAlarm Security Suite 5.x,
ZoneAlarm Pro 5.x, 4.x, and 3.x
|
Zone Labs ZoneAlarm Advertising Blocking Denial of Service |
Low |
SB04-329 |
Mailing Lists & Feeds
Get Adobe Reader
US-CERT is part of the Department of Homeland Security