JVNDB RSS Feed - 2004 Years Entry
https://jvndb.jvn.jp/en/
JVN iPedia Yearly Entry2024-03-17T09:10:23+09:002024-03-17T09:10:23+09:00LHa Vuffer Overflow Vulnerability in Testing and Extracting Process
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000169.html
LHa for UNIX does not handle the header length information properly when testing or extracting an archive, which could lead to buffer overflow.JVNDB-2004-000169http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0234http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0234http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:977http://www.securityfocus.com/bid/10243http://marc.info/?l=bugtraq&m=108422737918885&w=2http://xforce.iss.net/xforce/xfdb/16012http://securitytracker.com/id?1015866http://www.frsirt.com/english/advisories/2006/1220http://osvdb.org/5753http://osvdb.org/5754cpe:/a:lha_for_unix_project:lha_for_unixcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linuxcpe:/o:redhat:linux_advanced_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Lha Directory Traversal Vulnerability in Testing and Extracting Process
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000170.html
LHa for UNIX is vulnerable to directory traversal due to improper path validation when testing or extracting an archive.JVNDB-2004-000170http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0235http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0235http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:978http://www.securityfocus.com/bid/10243http://marc.info/?l=bugtraq&m=108422737918885&w=2http://xforce.iss.net/xforce/xfdb/16013cpe:/a:lha_for_unix_project:lha_for_unixcpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linuxcpe:/o:redhat:linux_advanced_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00DeleGate SSLway Filter Buffer Overflow Vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000179.html
Delegate SSLway Filter contains a buffer overflow vulnerability which stems from lack of memory space to handle SSL certificates.JVNDB-2004-000179http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2003http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-2003http://secunia.com/advisories/11569http://www.securityfocus.com/bid/10295http://xforce.iss.net/xforce/xfdb/16078http://www.securiteam.com/securitynews/5UP041PCUC.htmlhttp://www.osvdb.org/5945cpe:/a:delegate:delegate2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00LHA Arbitrary Command Execution Vulnerability with Shell Metacharacter in Directory Name
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000195.html
LHA is vulnerable to arbitrary command execution due to improper handling of directory names cantaining shell metacharacters.JVNDB-2004-000195http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0745http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0745http://www.securityfocus.com/bid/11093http://xforce.iss.net/xforce/xfdb/17198cpe:/a:lha_for_unix_project:lha_for_unixcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00LHA Buffer Overflow Vulnerability with lack of Path Length Validation
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000196.html
LHA is vulnerable to buffer overflow due to improper handling of a pathname in the LHarc Format 2 header for an .LHZ archive.JVNDB-2004-000196http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0769http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0769http://www.securityfocus.com/bid/11093http://xforce.iss.net/xforce/xfdb/16917cpe:/a:lha_for_unix_project:lha_for_unixcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00LHA extrace_one Vuffer Overflow Vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000197.html
LHA lhext.c contains a buffer overflow vulnerability with the extract_one funcation, which stems from improper handling of a 'w' option argument.JVNDB-2004-000197http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0771http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0771http://www.securityfocus.com/bid/11093http://www.securityfocus.com/bid/10354http://xforce.iss.net/xforce/xfdb/16196cpe:/a:lha_for_unix_project:lha_for_unixcpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:redhat:linux_advanced_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00KAME Racoon eay_check_x509cert Improper Certificate Verification Vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000231.html
eay_check_x509cert() in Racoon successfully verifies certificates even when OpenSSL validation fails, which could allow remote attackers to bypass authentication.JVNDB-2004-000231http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0607http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0607http://secunia.com/advisories/12185/http://www.securityfocus.com/bid/10546http://xforce.iss.net/xforce/xfdb/16414http://securitytracker.com/id?1010495cpe:/a:kame:racooncpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktop2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby CGI Session Management Insecure File Permission Vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000323.html
Ruby uses CGI::Session's FileStore. FileStore creates a session file with improper permission and this could lead to session information leak.JVNDB-2004-000323http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0755http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0755http://www.securityfocus.com/bid/10946http://xforce.iss.net/xforce/xfdb/16996cpe:/a:ruby-lang:rubycpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Ruby cgi.rb Denial of Service Vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000473.html
Ruby cgi.rb enters an infinite loop which leads it into Ddenial of Service (DoS) due to improper input validation.JVNDB-2004-000473http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0983http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0983http://secunia.com/advisories/13123/http://www.securityfocus.com/bid/11618http://xforce.iss.net/xforce/xfdb/17985http://securitytracker.com/id?1012120cpe:/a:ruby-lang:rubycpe:/o:misc:miraclelinux_asianux_servercpe:/o:redhat:enterprise_linuxcpe:/o:redhat:enterprise_linux_desktopcpe:/o:turbolinux:turbolinuxcpe:/o:turbolinux:turbolinux_desktopcpe:/o:turbolinux:turbolinux_homecpe:/o:turbolinux:turbolinux_servercpe:/o:turbolinux:turbolinux_workstation2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00DeleGate Multiple Buffer Overflow Vulnerabilities
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000511.html
DeleGate suffers buffer overflow when scanf(), strncpy() and other string handling process are set to fail with a long string sent by proxy.JVNDB-2004-000511http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0861http://nvd.nist.gov/nvd.cfm?cvename=CVE-2005-0861http://secunia.com/advisories/14649http://www.securityfocus.com/bid/12867http://xforce.iss.net/xforce/xfdb/19775cpe:/a:delegate:delegate2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Namazu cross-site scripting vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000554.html
Namazu is vulnerable to cross-site scripting due to a problem in namazu.cgi. If an illegal character is specified in a string search of namazu.cgi, the subsequent characters are not processed properly.JVNDB-2004-000554http://jvn.jp/en/jp/JVN904429FE/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1318http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1318http://secunia.com/advisories/13600/http://www.securityfocus.com/bid/12053cpe:/a:namazu:namazucpe:/o:misc:miraclelinux_asianux_server2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Virus Buster Corporate Edition vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000586.html
Virus Buster Corporate Edition contains a vulnerability which may allow an attacker to view the OPP.ini file (Outbreak Prevent Policy configuration file), when a specific URL is entered to the management console.JVNDB-2004-000586http://jvn.jp/en/jp/JVNFF73142E/index.htmlcpe:/a:trendmicro:virus_baster_corporate_edition2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00desknet's buffer overflow vulnerability
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000587.html
destnet's contains multiple vulnerability. A malicious script may be executed when an user views a crafted HTML email or information.
destnet's contains multiple vulnerability.
- A malicious script may be executed when the user views an crafted HTML email or information.
- A script written in the src attribute of the img tag may be executed.JVNDB-2004-000587http://jvn.jp/en/jp/JVNF88C2C13/index.htmlcpe:/a:neo_japan:desknets2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00SSL-VPN products vulnerable to cookie theft
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000588.html
When using an SSL-VPN product, if a user selects a mode in which the user can log in with the username and password without using the SSL client authentication, a session hijacking could be conducted.JVNDB-2004-000588http://jvn.jp/en/jp/JVN67B82FA3/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0462http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0462http://www.kb.cert.org/vuls/id/546483http://xforce.iss.net/xforce/xfdb/17702cpe:/a:yokogawa:yokogawa_secureticket2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Toshiba HDD & DVD video recorders can be accessed without authentication
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000589.html
Toshiba HDD & DVD video recorders can be accessed without authentication.JVNDB-2004-000589http://jvn.jp/en/jp/JVNE7DDE712/index.htmlcpe:/o:toshiba:hdd_dvd_video_recorder2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Becky! Internet Mail vulnerability in S/MIME signature verification
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000590.html
Becky! Internet Mail contains the following vulnerabilities in the S/MIME signature verification:
- S/MIME signature verification does not verify the certification path.
- S/MIME signature verification does not verify the certification expiration date.JVNDB-2004-000590http://jvn.jp/en/jp/JVN7C9208F1/index.htmlcpe:/a:rimarts_inc.:becky_internet_mail2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Shuriken Pro3 S/MIME signature verification does not verify the From address
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000591.html
Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the From address is not verified properly.JVNDB-2004-000591http://jvn.jp/en/jp/JVNB410A83F/index.htmlcpe:/a:justsystems:shuriken2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00Shuriken Pro3 S/MIME signature verification does not verify the certificate authenticity
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000592.html
Shuriken Pro3 contains a vulnerability in the S/MIME signature verification where the authenticity of the certificate is not verified when verifying the S/MIME digital signature of an email message.JVNDB-2004-000592http://jvn.jp/en/jp/JVNB4BE09A4/index.htmlcpe:/a:justsystems:shuriken2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00LDAP server update function vulnerable to buffer overflow
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000593.html
Some LDAP servers contain a buffer overflow vulnerability in the update processing.JVNDB-2004-000593http://jvn.jp/en/jp/JVN1BF8D7AA/index.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1236http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-1236http://www.kb.cert.org/vuls/id/258905http://www.ciac.org/ciac/bulletins/p-083.shtmlhttp://secunia.com/advisories/14960http://www.securityfocus.com/bid/12099http://xforce.iss.net/xforce/xfdb/18676cpe:/a:hitachi:hitachi_directory_servercpe:/a:netscape:netscape_directory_servercpe:/a:sun:java_system_directory_servercpe:/a:sun:one_directory_servercpe:/o:hp:hp-ux2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00DNS cache servers resource consumption by TCP SYN_SENT states
https://jvndb.jvn.jp/en/contents/2004/JVNDB-2004-000594.html
DNS cache servers consume huge resources for communication with DNS authoritative servers in the following situation.
(1) a user sends a query to the DNS cache server
(2) the DNS cache server sends a UDP query to an authoritative server
(3) when the authoritative server finds that the reply content is too large, it sends back the reply packet to the DNS cache server with the TC bit on
(4) the DNS cache server re-sends a query by TCP
(5) when the authoritative server does not reply to the TCP query, or 53/tcp destined packets are dropped, the DNS cache server holds the socket in the SYN_SENT state for a certain period of time
(6) a huge number of transactions in steps (1)-(5) take place in a short period of time
Affected products are DNS servers with the network configuration described as above.JVNDB-2004-000594http://jvn.jp/en/jp/JVN61857DA9/index.htmlhttp://www.nanog.org/mtg-0410/toyama.htmlhttp://www.nanog.org/mtg-0410/pdf/toyama.pdfcpe:/a:misc:multiple_vendors2008-05-21T00:00+09:002008-05-21T00:00+09:002008-05-21T00:00+09:00