CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2004-0568 Exec Code Overflow 2005-01-10 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP, and Windows Server 2003 does not properly validate the length of a value that is saved in a session file, which allows remote attackers to execute arbitrary code via a malicious HyperTerminal session file (.ht), web site, or Telnet URL contained in an e-mail message, triggering a buffer overflow.
2 CVE-2004-0882 Exec Code Overflow 2005-01-27 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
3 CVE-2004-0888 DoS Exec Code Overflow 2005-01-27 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
4 CVE-2004-0889 DoS Exec Code Overflow 2005-01-27 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
5 CVE-2004-0891 DoS Exec Code Overflow 2005-01-27 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
6 CVE-2004-0897 Exec Code Overflow 2005-01-11 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Indexing Service for Microsoft Windows XP and Server 2003 does not properly validate the length of a message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
7 CVE-2004-0902 DoS Exec Code Overflow 2005-01-27 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via (1) the "Send page" functionality, (2) certain responses from a malicious POP3 server, or (3) a link containing a non-ASCII hostname.
8 CVE-2004-0903 Exec Code Overflow 2005-01-27 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the writeGroup function in nsVCardObj.cpp for Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to execute arbitrary code via malformed VCard attachments that are not properly handled when previewing a message.
9 CVE-2004-0914 DoS Exec Code Overflow Dir. Trav. +Info 2005-01-10 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) memory leaks, which could allow remote attackers to obtain sensitive information, cause a denial of service (application crash), or execute arbitrary code via a certain XPM image file. NOTE: it is highly likely that this candidate will be SPLIT into other candidates in the future, per CVE's content decisions.
10 CVE-2004-0926 Exec Code Overflow 2005-01-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through 10.3.5 may allow remote attackers to execute arbitrary code via a certain BMP image.
11 CVE-2004-0929 Exec Code Overflow 2005-01-27 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg.c for libtiff 3.6.1 and earlier, when compiled with the OJPEG_SUPPORT (old JPEG support) option, allows remote attackers to execute arbitrary code via a malformed TIFF image.
12 CVE-2004-0941 Exec Code Overflow 2005-02-09 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
13 CVE-2004-0946 Exec Code Overflow 2005-01-10 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit architectures does not properly perform an integer conversion, which leads to a stack-based buffer overflow and allows remote attackers to execute arbitrary code via a crafted NFS request.
14 CVE-2004-0947 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
15 CVE-2004-0953 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the C2S module in the open source Jabber 2.x server (Jabberd) allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long username.
16 CVE-2004-0963 DoS Exec Code Overflow 2005-02-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
17 CVE-2004-0964 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
18 CVE-2004-0978 787 Exec Code Overflow 2005-02-09 2020-12-09
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
19 CVE-2004-0981 Exec Code Overflow 2005-02-09 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
20 CVE-2004-0982 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
21 CVE-2004-0987 Exec Code Overflow 2005-01-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the process_menu function in yardradius 1.0.20 allows remote attackers to execute arbitrary code.
22 CVE-2004-0989 Exec Code Overflow 2005-03-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
23 CVE-2004-0990 DoS Exec Code Overflow 2005-03-01 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
24 CVE-2004-0993 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in hpsockd before 0.6 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code.
25 CVE-2004-0994 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
26 CVE-2004-1008 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in the ssh2_rdpkt function in PuTTY before 0.56 allows remote attackers to execute arbitrary code via a SSH2_MSG_DEBUG packet with a modified stringlen parameter, which leads to a buffer overflow.
27 CVE-2004-1010 Exec Code Overflow 2005-03-01 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.
28 CVE-2004-1011 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
29 CVE-2004-1015 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
30 CVE-2004-1018 DoS Exec Code Overflow Bypass 2005-01-10 2020-12-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer handling errors in PHP before 4.3.10 allow attackers to bypass safe mode restrictions, cause a denial of service, or execute arbitrary code via (1) a negative offset value to the shmop_write function, (2) an "integer overflow/underflow" in the pack function, or (3) an "integer overflow/underflow" in the unpack function. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
31 CVE-2004-1025 DoS Exec Code Overflow 2005-01-10 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
32 CVE-2004-1026 DoS Exec Code Overflow 2005-01-10 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
33 CVE-2004-1034 DoS Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the http_open function in Kaffeine before 0.5, whose code is also used in gxine before 0.3.3, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long Content-Type header for a Real Audio Media (.ram) playlist file.
34 CVE-2004-1052 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getnickuserhost function in BNC 2.8.9, and possibly other versions, allows remote IRC servers to execute arbitrary code via an IRC server response that contains many (1) ! (exclamation) or (2) @ (at sign) characters.
35 CVE-2004-1053 Exec Code Overflow 2005-03-01 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow.
36 CVE-2004-1065 Exec Code Overflow 2005-01-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
37 CVE-2004-1067 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
38 CVE-2004-1094 Exec Code Overflow 2005-01-10 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.03 and earlier allows remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename, as demonstrated using (1) a .rjs (skin) file in RealPlayer 10 through RealPlayer 10.5 (6.0.12.1053), RealOne Player 1 and 2, (2) the Restore Backup function in CheckMark Software Payroll 2004/2005 3.9.6 and earlier, (3) CheckMark MultiLedger before 7.0.2, (4) dtSearch 6.x and 7.x, (5) mcupdmgr.exe and mghtml.exe in McAfee VirusScan 10 Build 10.0.21 and earlier, (6) IBM Lotus Notes before 6.5.5, and other products. NOTE: it is unclear whether this is the same vulnerability as CVE-2004-0575, although the data manipulations are the same.
39 CVE-2004-1095 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgif.c, (4) readmrf.c, (5) readpcx.c, (6) readpng.c,(7) readpnm.c, (8) readprf.c, (9) readtiff.c, (10) readxbm.c, (11) readxpm.c in zgv 5.8 allow remote attackers to execute arbitrary code via certain image headers that cause calculations to be overflowed and small buffers to be allocated, leading to buffer overflows. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
40 CVE-2004-1118 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component before 2.3.2.97, as used by CoffeeCup Direct FTP 6.2.0.62 and CoffeeCup Free FTP 3.0.0.10, and possibly other applications, allows remote attackers to execute arbitrary code via a long filename.
41 CVE-2004-1119 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibly other versions including 5.06, allows remote attackers to execute arbitrary code via a certain .m3u playlist file.
42 CVE-2004-1120 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c and other code that handles network protocols in ProZilla 1.3.6-r2 and earlier allow remote servers to execute arbitrary code via a long Location header.
43 CVE-2004-1127 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command.
44 CVE-2004-1128 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attackers to execute arbitrary code via an attachment with a long filename.
45 CVE-2004-1134 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
46 CVE-2004-1152 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader 5.09 for Unix allows remote attackers to execute arbitrary code via an e-mail message with a crafted PDF attachment.
47 CVE-2004-1154 DoS Exec Code Overflow 2005-01-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x through 3.0.9 allows remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a Samba request with a large number of security descriptors that triggers a heap-based buffer overflow.
48 CVE-2004-1168 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to execute arbitrary code via a long Overwrite header.
49 CVE-2004-1172 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
50 CVE-2004-1187 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.
Total number of vulnerabilities : 657   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.