CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-0481 2005-02-23 2018-10-30
2.1
None Local Low Not required None Partial None
The logging feature in kcms_configure in the KCMS package on Solaris 8 and 9, and possibly other versions, allows local users to corrupt arbitrary files via a symlink attack on the KCS_ClogFile file.
2 CVE-2004-0848 Exec Code Overflow 2005-02-08 2018-10-12
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames.
3 CVE-2004-0937 Bypass 2005-02-09 2021-04-09
7.5
None Remote Low Not required Partial Partial Partial
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
4 CVE-2004-0939 2005-02-09 2017-07-11
5.0
None Remote Low Not required Partial None None
changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack.
5 CVE-2004-0940 119 Exec Code Overflow XSS 2005-02-09 2021-06-06
6.9
None Local Medium Not required Complete Complete Complete
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
6 CVE-2004-0941 Exec Code Overflow 2005-02-09 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
7 CVE-2004-0942 DoS 2005-02-09 2021-06-06
5.0
None Remote Low Not required None None Partial
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
8 CVE-2004-0945 DoS 2005-02-28 2008-09-05
5.0
None Remote Low Not required None None Partial
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.
9 CVE-2004-0947 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
10 CVE-2004-0950 +Info 2005-02-09 2017-07-11
5.0
None Remote Low Not required Partial None None
NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request.
11 CVE-2004-0957 2005-02-09 2019-12-17
6.8
None Remote Medium Not required Partial Partial Partial
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
12 CVE-2004-0960 DoS 2005-02-09 2017-10-11
5.0
None Remote Low Not required None None Partial
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
13 CVE-2004-0961 DoS 2005-02-09 2017-10-11
5.0
None Remote Low Not required None None Partial
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
14 CVE-2004-0962 Exec Code 2005-02-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
15 CVE-2004-0963 DoS Exec Code Overflow 2005-02-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
16 CVE-2004-0964 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
17 CVE-2004-0965 Exec Code 2005-02-09 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
18 CVE-2004-0966 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
19 CVE-2004-0967 59 2005-02-09 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
20 CVE-2004-0968 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
21 CVE-2004-0969 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
22 CVE-2004-0970 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
23 CVE-2004-0971 2005-02-09 2021-06-18
2.1
None Local Low Not required None Partial None
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
24 CVE-2004-0972 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
25 CVE-2004-0974 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
26 CVE-2004-0975 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
27 CVE-2004-0976 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
28 CVE-2004-0977 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
29 CVE-2004-0978 787 Exec Code Overflow 2005-02-09 2020-12-09
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
30 CVE-2004-0980 Exec Code 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
31 CVE-2004-0981 Exec Code Overflow 2005-02-09 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
32 CVE-2004-0982 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
33 CVE-2004-1131 Exec Code Overflow 2005-02-07 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.
34 CVE-2005-0074 Exec Code Overflow 2005-02-11 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.
35 CVE-2005-0092 DoS 2005-02-19 2017-10-11
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
36 CVE-2005-0100 Exec Code 2005-02-07 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
37 CVE-2005-0101 Exec Code Overflow 2005-02-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.
38 CVE-2005-0105 +Priv 2005-02-16 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.
39 CVE-2005-0107 Exec Code 2005-02-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.
40 CVE-2005-0114 DoS 2005-02-11 2008-09-05
2.1
None Local Low Not required None None Partial
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
41 CVE-2005-0149 Bypass 2005-02-15 2017-10-11
5.0
None Remote Low Not required None Partial None
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
42 CVE-2005-0152 Exec Code File Inclusion 2005-02-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
43 CVE-2005-0156 Exec Code Overflow 2005-02-07 2018-08-13
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
44 CVE-2005-0160 Exec Code Overflow 2005-02-22 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.
45 CVE-2005-0161 Dir. Trav. 2005-02-22 2008-09-05
2.1
None Local Low Not required None Partial None
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
46 CVE-2005-0174 2005-02-07 2017-10-11
5.0
None Remote Low Not required None Partial None
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
47 CVE-2005-0175 Http R.Spl. 2005-02-07 2017-10-11
5.0
None Remote Low Not required None Partial None
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
48 CVE-2005-0176 2005-02-15 2017-10-11
5.0
None Remote Low Not required Partial None None
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
49 CVE-2005-0226 Exec Code 2005-02-03 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.
50 CVE-2005-0231 Bypass 2005-02-07 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
Total number of vulnerabilities : 105   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.