Sgi: Security Vulnerabilities
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files.
CVSS Score
2.1
EPSS Score
0.002
Published
2004-08-18
Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam Firewall, allow remote attackers or local users to execute arbitrary code via long directory or file names in an LHA archive, which triggers the overflow when testing or extracting the archive.
CVSS Score
10.0
EPSS Score
0.085
Published
2004-08-18
Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
CVSS Score
6.4
EPSS Score
0.07
Published
2004-08-18
Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
CVSS Score
5.0
EPSS Score
0.038
Published
2004-08-18
The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
CVSS Score
5.0
EPSS Score
0.031
Published
2004-08-18
The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
CVSS Score
5.0
EPSS Score
0.037
Published
2004-08-18
Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
CVSS Score
10.0
EPSS Score
0.03
Published
2004-08-18
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
CVSS Score
6.8
EPSS Score
0.001
Published
2004-08-18
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php.
CVSS Score
6.8
EPSS Score
0.187
Published
2004-08-18
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php.
CVSS Score
10.0
EPSS Score
0.061
Published
2004-08-18