LanGuard reports



Supported OVAL Bulletins


More information on 2017 updates



ID:
CVE-2004-2377
Title:
Alcatel OmniSwitch 7000 Series Unspecified DoS
Type:
Hardware
Bulletins:
CVE-2004-2377
SFBID9745
Severity:
Medium
Description:
Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a denial of service (reboot) via certain network scans, as demonstrated using a Nessus port scan of ports 1 through 1024 with safe-checks disabled.
Applies to:
OmniSwitch 7800
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-0467
Title:
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at...
Type:
Hardware
Bulletins:
CVE-2004-0467
SFBID12379
Severity:
Medium
Description:
Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a denial of service (routing disabled) via a large number of MPLS packets, which are not filtered or verified before being sent to the Routing Engine, which reduces the speed at which other packets are processed.
Applies to:
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-2556
Title:
NETGEAR WG602 Wireless Access Point Hardcoded Default Account
Type:
Hardware
Bulletins:
CVE-2004-2556
SFBID10459
Severity:
Medium
Description:
NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and 1.5.67 has a hardcoded account of username "super" and password "5777364", which allows remote attackers to modify the configuration.
Applies to:
Netgear Wireless AP WG602
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-2557
Title:
NETGEAR WG602 Wireless Access Point Hardcoded Default Account
Type:
Hardware
Bulletins:
CVE-2004-2557
SFBID10459
Severity:
Medium
Description:
NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcoded account of username "superman" and password "21241036", which allows remote attackers to modify the configuration.
Applies to:
Netgear Wireless AP WG602
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-2691
Title:
3Com SuperStack 3 Switch Crafted HTTP Request DoS
Type:
Hardware
Bulletins:
CVE-2004-2691
Severity:
High
Description:
Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firmware version before 3.31 allows remote attackers to cause a denial of service (device reset) via a crafted request to the web management interface. NOTE: the provenance of this information is unknown; details are obtained from third party reports.
Applies to:
3Com SS3-4400-24PWR
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-2507
Title:
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Type:
Hardware
Bulletins:
CVE-2004-2507
SFBID10476
Severity:
Medium
Description:
Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to read arbitrary files via an absolute pathname in the next_file parameter.
Applies to:
wvc11b
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-2508
Title:
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
Type:
Hardware
Bulletins:
CVE-2004-2508
SFBID10533
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B Wireless-B Internet Video Camera allows remote attackers to inject arbitrary web script or HTML via the next_file parameter.
Applies to:
wvc11b
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-2606
Title:
Linksys Routers Administrative Web Interface Access
Type:
Hardware
Bulletins:
CVE-2004-2606
SFBID10441
Severity:
High
Description:
The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with the firewall disabled, allows remote attackers to attempt to login to an administration web page, even when the configuration specifies that remote administration is disabled.
Applies to:
befsr41 v3
wrt54g
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1446
Title:
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Type:
Hardware
Bulletins:
CVE-2004-1446
SFBID10854
Severity:
Medium
Description:
Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewall 3.x through 5.x allows remote attackers to cause a denial of service (device reboot or hang) via a crafted SSH v1 packet.
Applies to:
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1432
Title:
Cisco ONS 15000 Series Malformed IP DoS
Type:
Hardware
Bulletins:
CVE-2004-1432
SFBID10768
Severity:
Medium
Description:
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed (1) IP or (2) ICMP packets.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1433
Title:
Cisco ONS 15000 Series Malformed TCP DoS
Type:
Hardware
Bulletins:
CVE-2004-1433
SFBID10768
Severity:
Medium
Description:
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, and ONS 15600 1.x(x), allows remote attackers to cause a denial of service (control card reset) via malformed (1) TCP and (2) UDP packets.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1434
Title:
Cisco ONS 15000 Series Malformed SNMP DoS
Type:
Hardware
Bulletins:
CVE-2004-1434
SFBID10768
Severity:
Medium
Description:
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.1(0) to 4.1(2), 4.5(x), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via malformed SNMP packets.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1435
Title:
Cisco ONS 15000 Series Last-ACK DoS
Type:
Hardware
Bulletins:
CVE-2004-1435
SFBID10768
Severity:
Medium
Description:
Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, including 4.6(0) and 4.6(1), 4.5(x), 4.1(0) to 4.1(3), 4.0(0) to 4.0(2), and earlier versions, allows remote attackers to cause a denial of service (control card reset) via a large number of TCP connections with an invalid response instead of the final ACK (TCP-ACK).
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1436
Title:
Cisco ONS 15000 Series Malformed Password Authentication
Type:
Hardware
Bulletins:
CVE-2004-1436
SFBID10768
Severity:
High
Description:
The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4.6(0) and 4.6(1) and 15454 and 15454 SDH 4.6(0) and 4.6(1), when a user account is configured with a blank password, allows remote attackers to gain unauthorized access by logging in with a password larger than 10 characters.
Applies to:
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1454
Title:
Cisco IOS OSPF Packet Handling DoS
Type:
Hardware
Bulletins:
CVE-2004-1454
SFBID10971
Severity:
Medium
Description:
Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) enabled, allows remote attackers to cause a denial of service (device reload) via a malformed OSPF packet.
Applies to:
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1464
Title:
Cisco IOS Telnet Service DoS
Type:
Hardware
Bulletins:
CVE-2004-1464
SFBID11060
Severity:
Medium
Description:
Cisco IOS 12.2(15) and earlier allows remote attackers to cause a denial of service (refused VTY (virtual terminal) connections), via a crafted TCP connection to the Telnet or reverse Telnet port.
Applies to:
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-1775
Title:
Cisco CatOS View-based Access Control MIB (VACM) read-write Community String Device Configuration Manipulation
Type:
Hardware
Bulletins:
CVE-2004-1775
SFBID5030
Severity:
Medium
Description:
Cisco VACM (View-based Access Control MIB) for Catalyst Operating Software (CatOS) 5.5 and 6.1 and IOS 12.0 and 12.1 allows remote attackers to read and modify device configuration via the read-write community string.
Applies to:
Created:
2004-12-31
Updated:
2017-02-28

ID:
CVE-2004-0615
Title:
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a...
Type:
Hardware
Bulletins:
CVE-2004-0615
SFBID10587
Severity:
Medium
Description:
Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router running firmware 2.30, and DI-704 SOHO router running firmware 2.60B2, and DI-624, allows remote attackers to inject arbitrary script or HTML via the DHCP HOSTNAME option in a DHCP request.
Applies to:
DI-624
DI-704P
DI-614+B
Created:
2004-12-06
Updated:
2017-02-28

ID:
CVE-2004-0611
Title:
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Type:
Hardware
Bulletins:
CVE-2004-0611
SFBID10585
Severity:
Medium
Description:
Web-Based Administration in Netgear FVS318 VPN Router allows remote attackers to cause a denial of service (no new connections) via a large number of open HTTP connections.
Applies to:
FVS318v3 Firewall
Created:
2004-12-06
Updated:
2017-02-28

ID:
CVE-2004-0468
Title:
Juniper Junos IPv6 Packet Forwarding Engine Remote DoS
Type:
Hardware
Bulletins:
CVE-2004-0468
Severity:
Medium
Description:
Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows remote attackers to cause a denial of service (memory exhaustion and device reboot) via certain IPv6 packets.
Applies to:
Created:
2004-12-06
Updated:
2017-02-28

ID:
CVE-2004-0308
Title:
Cisco ONS 15000 Superuser Account Lock Bypass
Type:
Hardware
Bulletins:
CVE-2004-0308
SFBID9699
Severity:
High
Description:
Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS15600 before 1.3(0) allows a superuser whose account is locked out, disabled, or suspended to gain unauthorized access via a Telnet connection to the VxWorks shell.
Applies to:
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-11-24
Updated:
2017-02-28

ID:
CVE-2004-0312
Title:
Linksys WAP55AG SNMP Community Strings Disclosure
Type:
Hardware
Bulletins:
CVE-2004-0312
SFBID9688
Severity:
Medium
Description:
Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP read only community string to gain access to read/write communtiy strings via a query for OID 1.3.6.1.4.1.3955.2.1.13.1.2.
Applies to:
wap55ag
Created:
2004-11-23
Updated:
2017-02-28

ID:
CVE-2004-0244
Title:
Cisco IOS 6000/6500/7600 Series Layer 2 Frame DoS
Type:
Hardware
Bulletins:
CVE-2004-0244
SFBID9562
Severity:
Medium
Description:
Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Feature Card 2 (MSFC2) and a FlexWAN or OSM module allow local users to cause a denial of service (hang or reset) by sending a layer 2 frame packet that encapsulates a layer 3 packet, but has inconsistent length values with that packet.
Applies to:
Created:
2004-11-23
Updated:
2017-02-28

ID:
CVE-2004-0306
Title:
Cisco ONS 15000 Unauthorized TFTP PUT and GET
Type:
Hardware
Bulletins:
CVE-2004-0306
SFBID9699
Severity:
Medium
Description:
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.
Applies to:
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-11-23
Updated:
2017-02-28

ID:
CVE-2004-0307
Title:
Cisco ONS 15000 Control Card DoS
Type:
Hardware
Bulletins:
CVE-2004-0307
SFBID9699
Severity:
Medium
Description:
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead.
Applies to:
Cisco ONS 15454 Multiservice Transport Platform
Cisco ONS 15327 SONET Multiservice Platform
Cisco ONS 15454 Multiservice Transport Platform (MSTP)
Created:
2004-11-23
Updated:
2017-02-28

ID:
CVE-2004-0352
Title:
Cisco Content Services Switch 11000 Series WebNS DoS
Type:
Hardware
Bulletins:
CVE-2004-0352
SFBID9806
Severity:
Medium
Description:
Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x) before 05.0(04.07)S, and 6.10(x) before 06.10(02.05)S allow remote attackers to cause a denial of service (device reset) via a malformed packet to UDP port 5002.
Applies to:
Cisco CSS 11800 Content Services Switch
Cisco CSS 11150 Content Services Switch
Cisco CSS 11100 Content Services Switch Series
Cisco CSS 11050 Content Services Switch
Created:
2004-11-23
Updated:
2017-02-28

ID:
OVAL4392
Title:
Windows Server 2003 NNTP Component Buffer Overflow
Type:
Services
Bulletins:
OVAL4392
CVE-2004-0574
Severity:
Low
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-10-14
Updated:
2016-02-19

ID:
OVAL5926
Title:
Windows 2000 NNTP Component Buffer Overflow
Type:
Services
Bulletins:
OVAL5926
CVE-2004-0574
Severity:
Low
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-10-14
Updated:
2016-02-19

ID:
OVAL5070
Title:
Windows NT NNTP Component Buffer Overflow
Type:
Services
Bulletins:
OVAL5070
CVE-2004-0574
Severity:
Low
Description:
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
Applies to:
Network News Transport Protocol (NNTP)
Created:
2004-10-14
Updated:
2016-02-19

ID:
CVE-2004-1650
Title:
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Type:
Hardware
Bulletins:
CVE-2004-1650
SFBID11072
Severity:
High
Description:
D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP address, which allows remote attackers to change the IP address of the camera via a UDP broadcast packet.
Applies to:
DCS-900
Created:
2004-08-31
Updated:
2017-02-28

ID:
CVE-2004-0661
Title:
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid...
Type:
Hardware
Bulletins:
CVE-2004-0661
SFBID10621
Severity:
Medium
Description:
Integer signedness error in D-Link AirPlus DI-614+ running firmware 2.30 and earlier allows remote attackers to cause a denial of service (IP lease depletion) via a DHCP request with the LEASETIME option set to -1, which makes the DHCP lease valid for thirteen or more years.
Applies to:
DI-624
DI-604
DI-614+B
Created:
2004-08-06
Updated:
2017-02-28

ID:
CVE-2004-0580
Title:
Linksys BEFSR41 DHCP Network Data Information Disclosure
Type:
Hardware
Bulletins:
CVE-2004-0580
SFBID10329
Severity:
Medium
Description:
DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Routers, firmware version 1.45.7, does not properly clear previously used buffer contents in a BOOTP reply packet, which allows remote attackers to obtain sensitive information.
Applies to:
BEFSR41
BEFVP41
befsr11
befsru31
befsr41w
BEFSX41
wap55ag
wrt54g
BEFSR81
Created:
2004-08-06
Updated:
2017-02-28

ID:
CVE-2004-0551
Title:
Cisco CatOS TCP-ACK Remote DoS
Type:
Hardware
Bulletins:
CVE-2004-0551
Severity:
Medium
Description:
Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX, as used in Catalyst switches, allows remote attackers to cause a denial of service (system crash and reload) by sending invalid packets instead of the final ACK portion of the three-way handshake to the (1) Telnet, (2) HTTP, or (3) SSH services, aka "TCP-ACK DoS attack."
Applies to:
Cisco Catalyst 4000 Series Switches
Cisco Catalyst 4912G-L2 Switch
Cisco Catalyst 4510R Switch
Cisco Catalyst 2980G-A Switch
Cisco Catalyst 2948G-GE-TX Switch
Cisco Catalyst C2948G-L3 Ethernet Switch
Cisco Catalyst 2926 Switch
Cisco Catalyst...
Created:
2004-08-06
Updated:
2017-02-28

ID:
CVE-2004-0589
Title:
Cisco IOS Malformed BGP Message DoS
Type:
Hardware
Bulletins:
CVE-2004-0589
Severity:
Medium
Description:
Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when configured for BGP routing, allows remote attackers to cause a denial of service (device reload) via malformed BGP (1) OPEN or (2) UPDATE messages.
Applies to:
Created:
2004-08-06
Updated:
2017-02-28

ID:
CVE-2004-0710
Title:
Cisco IPSec VPNSM IKE Packet DoS
Type:
Hardware
Bulletins:
CVE-2004-0710
SFBID10083
Severity:
Medium
Description:
IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series Switch and the Cisco 7600 Series Internet Routers running IOS before 12.2(17b)SXA, before 12.2(17d)SXB, or before 12.2(14)SY03 could allow remote attackers to cause a denial of service (device crash and reload) via a malformed Internet Key Exchange (IKE) packet.
Applies to:
Created:
2004-07-27
Updated:
2017-02-28

ID:
CVE-2004-0714
Title:
Cisco IOS Flawed SNMP Processing DoS
Type:
Hardware
Bulletins:
CVE-2004-0714
SFBID10186
Severity:
Medium
Description:
Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts to process SNMP solicited operations on improper ports (UDP 162 and a randomly chosen UDP port), which allows remote attackers to cause a denial of service (device reload and memory corruption).
Applies to:
Cisco ONS 15454 Multiservice Transport Platform
Created:
2004-07-27
Updated:
2017-02-28

ID:
CVE-2002-0082
Title:
mod_ssl is old
Type:
Services
Bulletins:
CVE-2002-0082
SFBID10736
Severity:
High
Description:
mod ssl older than 2.8.7 have a buffer over which could allow users to gain a shell remotely.
Applies to:
Apache
Created:
2004-07-16
Updated:
2010-08-21

ID:
CVE-2004-0595
Title:
PHP older than 4.3.8
Type:
Services
Bulletins:
CVE-2004-0595
SFBID10724
Severity:
High
Description:
PHP older than 4.3.8 is vulnerable to a remote code execution vulnerability.
Applies to:
PHP
Created:
2004-07-14
Updated:
2010-08-21

ID:
OVAL2516
Title:
Windows Server 2003 (32-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
OVAL2516
CVE-2004-0202
Severity:
Low
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-06-15
Updated:
2016-02-19

ID:
OVAL2413
Title:
Windows XP (64-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
OVAL2413
CVE-2004-0202
Severity:
Low
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-06-15
Updated:
2016-02-19

ID:
OVAL2705
Title:
Windows XP/Server 2003 DirectPlay Denial of Service
Type:
Software
Bulletins:
OVAL2705
CVE-2004-0202
Severity:
Low
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-06-15
Updated:
2016-02-19

ID:
OVAL2190
Title:
Windows XP (32-Bit) DirectPlay Denial of Service
Type:
Software
Bulletins:
OVAL2190
CVE-2004-0202
Severity:
Low
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
DirectX
Created:
2004-06-15
Updated:
2016-02-19

ID:
CVE-2004-0413
Title:
Subversion version older than 1.0.5
Type:
Services
Bulletins:
CVE-2004-0413
SFBID10519
Severity:
High
Description:
Additional Bugtraq IDs: http://www.securityfocus.com/bid/10386 http://www.securityfocus.com/bid/10428
Applies to:
Subversion
Created:
2004-06-11
Updated:
2010-08-21

ID:
OVAL1027
Title:
Windows 2000 DirectPlay Denial of Service
Type:
Miscellaneous
Bulletins:
OVAL1027
CVE-2004-0202
Severity:
Low
Description:
IDirectPlay4 Application Programming Interface (API) of Microsoft DirectPlay 7.0a thru 9.0b, as used in Windows Server 2003 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed packet.
Applies to:
Microsoft DirectPlay
Created:
2004-06-11
Updated:
2016-02-19

ID:
OVAL921
Title:
IE File Execution User-prompt Bypass Vulnerability
Type:
Web
Bulletins:
OVAL921
CVE-2001-0727
Severity:
Low
Description:
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
Applies to:
Microsoft Internet Explorer
Created:
2004-04-29
Updated:
2016-05-27

ID:
OVAL1014
Title:
IE File Download Dialog Deception Vulnerability
Type:
Web
Bulletins:
OVAL1014
CVE-2001-0875
Severity:
Low
Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
Applies to:
Microsoft Internet Explorer
Created:
2004-04-29
Updated:
2016-02-19

ID:
OVAL974
Title:
IE Frame Domain Verification Vulnerability
Type:
Web
Bulletins:
OVAL974
CVE-2002-0027
Severity:
Low
Description:
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
Applies to:
Microsoft Internet Explorer
Created:
2004-04-29
Updated:
2016-02-19

ID:
OVAL925
Title:
MS IE HTML Directive Buffer Overflow
Type:
Web
Bulletins:
OVAL925
CVE-2002-0022
Severity:
Low
Description:
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
Applies to:
Microsoft Internet Explorer
Created:
2004-04-29
Updated:
2016-02-19

ID:
OVAL900
Title:
Windows XP RPCSS DCOM Buffer Overflow
Type:
Software
Bulletins:
OVAL900
CVE-2003-0813
Severity:
Low
Description:
A multi-threaded race condition in the Windows RPC DCOM functionality with the MS03-039 patch installed allows remote attackers to cause a denial of service (crash or reboot) by causing two threads to process the same RPC request, which causes one thread to use memory after it has been freed, a different vulnerability than CVE-2003-0352 (Blaster/Nachi), CVE-2003-0715, and CVE-2003-0528, and as demonstrated by certain exploits against those vulnerabilities.
Applies to:
Created:
2004-04-20
Updated:
2015-08-10

ID:
OVAL958
Title:
Windows XP RPCSS Service DCOM Activation Denial of Service
Type:
Software
Bulletins:
OVAL958
CVE-2004-0116
Severity:
Low
Description:
An Activation function in the RPCSS Service involved with DCOM activation for Microsoft Windows 2000, XP, and 2003 allows remote attackers to cause a denial of service (memory consumption) via an activation request with a large length field.
Applies to:
Created:
2004-04-20
Updated:
2015-08-10

ID:
OVAL885
Title:
Windows Server 2003 SSL Library Denial of Service
Type:
Software
Bulletins:
OVAL885
CVE-2004-0120
Severity:
Low
Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
Applies to:
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL990
Title:
Microsoft Outlook Express v6.0 MHTML URL Processing Vulnerability
Type:
Mail
Bulletins:
OVAL990
CVE-2004-0380
Severity:
Low
Description:
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
Applies to:
Microsoft Outlook Express
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL919
Title:
Windows Server 2003 LSASS Buffer Overflow (Sasser Worm Vulnerability
Type:
Software
Bulletins:
OVAL919
CVE-2003-0533
Severity:
Low
Description:
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Applies to:
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL968
Title:
MS Jet Database Buffer Overflow
Type:
Services
Bulletins:
OVAL968
CVE-2004-0197
Severity:
Low
Description:
Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote attackers to execute arbitrary code via a specially-crafted database query.
Applies to:
Microsoft Jet 4.0 Database Engine
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL946
Title:
Windows Server 2003 H.323 Protocol Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL946
CVE-2004-0117
Severity:
Low
Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
Applies to:
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL886
Title:
Windows XP SSL Library Denial of Service
Type:
Software
Bulletins:
OVAL886
CVE-2004-0120
Severity:
Low
Description:
The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2000, Windows XP, and Windows Server 2003, allows remote attackers to cause a denial of service via malformed SSL messages.
Applies to:
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL898
Title:
Windows XP LSASS Buffer Overflow
Type:
Software
Bulletins:
OVAL898
CVE-2003-0533
Severity:
Low
Description:
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.
Applies to:
Created:
2004-04-13
Updated:
2015-08-10

ID:
OVAL964
Title:
Windows XP H.323 Protocol Remote Code Execution Vulnerability
Type:
Software
Bulletins:
OVAL964
CVE-2004-0117
Severity:
Low
Description:
Unknown vulnerability in the H.323 protocol implementation in Windows 98, Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code.
Applies to:
Created:
2004-04-13
Updated:
2015-08-10

ID:
CVE-2004-0054
Title:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the...
Type:
Hardware
Bulletins:
CVE-2004-0054
SFBID9406
Severity:
High
Description:
Multiple vulnerabilities in the H.323 protocol implementation for Cisco IOS 11.3T through 12.2T allow remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated by the NISCC/OUSPG PROTOS test suite for the H.225 protocol.
Applies to:
Created:
2004-02-17
Updated:
2017-02-28

ID:
CVE-2004-0129
Title:
phpMyAdmin mysql web administration tool vulnerability
Type:
Services
Bulletins:
CVE-2004-0129
SFBID9564
Severity:
High
Description:
This phpMyAdmin allows remote users to read sensitive files remotely.
Applies to:
phpMyAdmin
Created:
2004-02-03
Updated:
2010-08-21

ID:
CVE-2003-0789
Title:
Apache is older than 2.0.48
Type:
Miscellaneous
Bulletins:
CVE-2003-0789
SFBID8926
SFBID9504
Severity:
High
Description:
Apache versions older than 2.0.48 have various flaws which need patching.
Applies to:
Apache
Created:
2004-01-27
Updated:
2010-08-21

ID:
CVE-2003-1001
Title:
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Type:
Hardware
Bulletins:
CVE-2003-1001
Severity:
Medium
Description:
Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via HTTP auth requests for (1) TACACS+ or (2) RADIUS authentication.
Applies to:
Cisco Catalyst 6500 Series Switches
Created:
2004-01-05
Updated:
2017-02-28

ID:
CVE-2003-1002
Title:
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Type:
Hardware
Bulletins:
CVE-2003-1002
Severity:
Medium
Description:
Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 series devices allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Applies to:
Cisco Catalyst 6500 Series Switches
Created:
2004-01-05
Updated:
2017-02-28

ID:
CVE-2003-1003
Title:
Cisco PIX Crafted SNMPv3 Message Remote DoS
Type:
Hardware
Bulletins:
CVE-2003-1003
Severity:
High
Description:
Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attackers to cause a denial of service (crash and reload) via an SNMPv3 message when snmp-server is set.
Applies to:
Created:
2004-01-05
Updated:
2017-02-28

ID:
CVE-2003-1004
Title:
Cisco PIX VPNC External Interface IKE Phase 1 Packet Remote DoS
Type:
Hardware
Bulletins:
CVE-2003-1004
Severity:
Medium
Description:
Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Client, allows remote attackers to cause a denial of service (dropped IPSec tunnel connection) via an IKE Phase I negotiation request to the outside interface of the firewall.
Applies to:
Created:
2004-01-05
Updated:
2017-02-28