CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-0983 DoS 2005-03-01 2018-10-03
5.0
None Remote Low Not required None None Partial
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
2 CVE-2004-0986 2005-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Iptables before 1.2.11, under certain conditions, does not properly load the required modules at system startup, which causes the firewall rules to fail to load and protect the system from remote attackers.
3 CVE-2004-0988 DoS Overflow 2005-03-01 2008-09-10
5.0
None Remote Low Not required None None Partial
Integer overflow on Apple QuickTime before 6.5.2, when running on Windows systems, allows remote attackers to cause a denial of service (memory consumption) via certain inputs that cause a large memory operation.
4 CVE-2004-0989 Exec Code Overflow 2005-03-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
5 CVE-2004-0990 DoS Exec Code Overflow 2005-03-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
6 CVE-2004-0992 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer.
7 CVE-2004-1001 2005-03-01 2020-08-11
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, and possibly other versions before 4.0.5, allows local users to conduct unauthorized activities when an error from a pam_chauthtok function call is not properly handled.
8 CVE-2004-1002 DoS 2005-03-01 2020-02-24
5.0
None Remote Low Not required None None Partial
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
9 CVE-2004-1003 +Info 2005-03-01 2017-07-11
5.0
None Remote Low Not required Partial None None
Trend ScanMail allows remote attackers to obtain potentially sensitive information or disable the anti-virus capability via the smency.nsf file.
10 CVE-2004-1006 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702.
11 CVE-2004-1007 DoS 2005-03-01 2017-07-11
5.0
None Remote Low Not required None None Partial
The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.
12 CVE-2004-1010 Exec Code Overflow 2005-03-01 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
13 CVE-2004-1021 2005-03-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms.
14 CVE-2004-1027 Dir. Trav. 2005-03-01 2017-07-11
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
15 CVE-2004-1029 264 Exec Code 2005-03-01 2017-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages.
16 CVE-2004-1030 2005-03-01 2017-07-11
2.1
None Local Low Not required Partial None None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be parsed in an error message.
17 CVE-2004-1031 Bypass 2005-03-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to a /proc entry that is owned by root but modifiable by the user, such as /proc/self/cmdline or /proc/self/environ.
18 CVE-2004-1032 2005-03-01 2017-07-11
2.1
None Local Low Not required None Partial None
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters such that fcronsighup does not properly append the intended fcrontab.sig to the resulting string.
19 CVE-2004-1033 Bypass 2005-03-01 2017-07-11
2.1
None Local Low Not required Partial None None
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable.
20 CVE-2004-1034 DoS Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
21 CVE-2004-1035 DoS +Info 2005-03-01 2017-07-11
6.4
None Remote Low Not required Partial None Partial
Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3) request.c, and (4) select.c for up-imapproxy IMAP proxy 1.2.2 allow remote attackers to cause a denial of service (server crash) and possibly leak sensitive information via certain literal values that are not properly handled when using the IMAP_Line_Read function.
22 CVE-2004-1036 Exec Code XSS 2005-03-01 2017-10-11
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in the decoding of encoded text in certain headers in mime.php for SquirrelMail 1.4.3a and earlier, and 1.5.1-cvs before 23rd October 2004, allows remote attackers to execute arbitrary web script or HTML.
23 CVE-2004-1037 Exec Code 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.
24 CVE-2004-1038 Bypass 2005-03-01 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.
25 CVE-2004-1051 Exec Code 2005-03-01 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
26 CVE-2004-1052 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
27 CVE-2004-1053 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
28 CVE-2004-1055 XSS 2005-03-01 2017-07-11
6.8
None Remote Medium Not required Partial Partial Partial
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm form, or (4) an error message generated by the internal phpMyAdmin parser.
29 CVE-2005-0098 Exec Code Overflow 2005-03-08 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line.
30 CVE-2005-0099 2005-03-08 2008-09-05
2.1
None Local Low Not required None Partial None
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.
31 CVE-2005-0109 +Info 2005-03-05 2018-10-16
4.7
None Local Medium Not required Complete None None
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.
32 CVE-2005-0143 2005-03-23 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
33 CVE-2005-0177 119 DoS Overflow 2005-03-07 2017-10-11
7.8
None Remote Low Not required None None Complete
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.
34 CVE-2005-0178 DoS 2005-03-07 2017-10-11
6.2
None Local High Not required Complete Complete Complete
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.
35 CVE-2005-0179 DoS Bypass 2005-03-07 2017-10-11
2.1
None Local Low Not required None None Partial
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.
36 CVE-2005-0180 Bypass 2005-03-07 2017-10-11
3.6
None Local Low Not required Partial Partial None
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.
37 CVE-2005-0258 Dir. Trav. 2005-03-14 2008-09-10
5.0
None Remote Low Not required None Partial None
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.
38 CVE-2005-0259 2005-03-14 2008-09-10
6.4
None Remote Low Not required Partial Partial None
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.
39 CVE-2005-0352 +Priv 2005-03-16 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges.
40 CVE-2005-0384 DoS 2005-03-15 2018-10-03
5.0
None Remote Low Not required None None Partial
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
41 CVE-2005-0398 DoS 2005-03-14 2017-10-11
5.0
None Remote Low Not required None None Partial
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
42 CVE-2005-0470 DoS Overflow 2005-03-14 2017-07-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data.
43 CVE-2005-0471 2005-03-14 2017-07-11
5.0
None Remote Low Not required None Partial None
Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.
44 CVE-2005-0472 DoS 2005-03-14 2018-10-19
5.0
None Remote Low Not required None None Partial
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
45 CVE-2005-0473 DoS 2005-03-14 2018-10-19
5.0
None Remote Low Not required None None Partial
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
46 CVE-2005-0474 Exec Code Sql 2005-03-30 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in the user_valid_crypt function in user.php in WebCalendar 0.9.45 allows remote attackers to execute arbitrary SQL commands via an encoded webcalendar_session cookie.
47 CVE-2005-0475 Exec Code Sql 2005-03-30 2017-07-11
6.4
None Remote Low Not required Partial Partial None
SQL injection vulnerability in paFAQ Beta4, and possibly other versions, allows remote attackers to execute arbitrary SQL code via the (1) offset, (2) limit, (3) order, or (4) orderby parameter to question.php, (5) offset parameter to answer.php, (6) search_item parameter to search.php, (7) cat_id, (8) cid, or (9) id parameter to comment.php.
48 CVE-2005-0476 XSS 2005-03-30 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows remote attackers to inject arbitrary web script or HTML by posting a message.
49 CVE-2005-0477 79 XSS 2005-03-30 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the SML code for Invision Power Board 1.3.1 FINAL allows remote attackers to inject arbitrary web script via (1) a signature file or (2) a message post containing an IMG tag within a COLOR tag whose style is set to background:url.
50 CVE-2005-0478 DoS Exec Code Overflow 2005-03-30 2017-07-11
5.0
None Remote Low Not required None None Partial
Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script.
Total number of vulnerabilities : 164   Page : 1 (This Page)2 3 4
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.