MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files.
Publication date: Fri, 31 Dec 2004 11:00:00 +0000
Cyber News related to CVE-2004-2303
CVE-2004-2303 - MTools Mformat before 3.9.9, when installed setuid root, creates files with world-readable and world-writable permissions, which allows local users to read and overwrite files. ...
7 years ago
CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
54 years ago Tenable.com
CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
54 years ago Tenable.com
CVE-2005-2303 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1218. Reason: This candidate is a duplicate of CVE-2005-1218. Notes: All CVE users should reference CVE-2005-1218 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2010-2303 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-1772. Reason: This candidate is a duplicate of CVE-2010-1772. Notes: All CVE users should reference CVE-2010-1772 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2015-2303 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-6406. Reason: This candidate is a reservation duplicate of CVE-2014-6406. Notes: All CVE users should reference CVE-2014-6406 instead of this candidate. All references and ...
54 years ago Tenable.com
CVE-2008-2303 - Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an ...
2 years ago
CVE-2012-2303 - The Spaces module 6.x-3.x before 6.x-3.4 for Drupal does not enforce permissions on non-object pages, which allows remote attackers to obtain sensitive information and possibly have other impacts via unspecified vectors to the (1) Spaces or (2) ...
12 years ago
CVE-2013-2303 - Sleipnir 4.0.0.4000 and earlier on Windows allows remote attackers to spoof the SSL lock icon and address-bar colors via unspecified vectors. ...
11 years ago
CVE-2016-2303 - CRLF injection vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL. <a ...
8 years ago
CVE-2002-2303 - 3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for sensitive price data, which allows remote attackers to modify shopping cart prices by using the Javascript to decrypt the cookie that contains the data. ...
7 years ago
CVE-2011-2303 - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.2, and 12.1.3 allows remote authenticated users to affect integrity via unknown vectors related to Attachments / File ...
7 years ago
CVE-2007-2303 - Directory traversal vulnerability in includes/footer.php in News Manager Deluxe (NMDeluxe) 1.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the template parameter. ...
7 years ago
CVE-2014-2303 - Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS before 6.2.7-s1.2 and 6.3.x through 6.3.8 before -s1 allow remote attackers to execute arbitrary SQL commands via the (1) table or (2) order parameter. ...
6 years ago
CVE-2009-2303 - index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message. ...
1 year ago
CVE-2006-2303 - Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the ...
6 years ago
CVE-2017-2303 - On Juniper Networks products or platforms running Junos OS 12.1X46 prior to 12.1X46-D50, 12.1X47 prior to 12.1X47-D40, 12.3 prior to 12.3R13, 12.3X48 prior to 12.3X48-D30, 13.2X51 prior to 13.2X51-D40, 13.3 prior to 13.3R10, 14.1 prior to 14.1R8, ...
5 years ago
CVE-2019-2303 - SNDCP module may access array out side its boundary when it receives malformed XID message. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, ...
5 years ago
CVE-2018-10178 - The FromDocToPDF extension before 13.611.13.2303 for Chrome allows remote attackers to discover visited web sites via vectors involving a mostVisitedSites command. ...
4 years ago
CVE-2021-2303 - Vulnerability in the OSS Support Tools product of Oracle Support Tools (component: Diagnostic Assistant). The supported version that is affected is Prior to 2.12.41. Easily exploitable vulnerability allows high privileged attacker with network access ...
3 years ago
CVE-2023-1900 - A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap and lead to a denial-of-service situation. ...
1 year ago
CVE-2023-32708 - In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can trigger an HTTP response splitting vulnerability with the ‘rest’ SPL command that lets them ...
1 year ago
CVE-2023-32709 - In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk ...
1 year ago
CVE-2023-32710 - In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know ...
1 year ago
CVE-2023-32716 - In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, an attacker can exploit a vulnerability in the {{dump}} SPL command to cause a denial of service by crashing the Splunk daemon. ...
1 year ago