CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2005(Overflow) (CVSS score >= 5)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-4873 119 Exec Code Overflow 2005-12-31 2017-08-08
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c.
2 CVE-2005-4867 119 Exec Code Overflow 2005-12-31 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.
3 CVE-2005-4866 119 Overflow 2005-12-31 2017-07-29
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.
4 CVE-2005-4865 119 Exec Code Overflow 2005-12-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.
5 CVE-2005-4864 119 Exec Code Overflow 2005-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
6 CVE-2005-4863 119 Exec Code Overflow 2005-12-31 2017-07-29
7.2
None Local Low Not required Complete Complete Complete
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
7 CVE-2005-4848 119 Exec Code Overflow 2005-12-31 2017-07-29
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets.
8 CVE-2005-4823 Exec Code Overflow 2005-12-31 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.
9 CVE-2005-4816 DoS Exec Code Overflow 2005-12-31 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.
10 CVE-2005-4808 Overflow 2005-12-31 2020-04-01
7.6
None Remote High Not required Complete Complete Complete
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
11 CVE-2005-4807 119 Exec Code Overflow 2005-12-31 2020-04-01
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
12 CVE-2005-4798 DoS Overflow 2005-12-31 2017-10-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in NFS readlink handling in the Linux Kernel 2.4 up to 2.4.31 allows remote NFS servers to cause a denial of service (crash) via a long symlink, which is not properly handled in (1) nfs2xdr.c or (2) nfs3xdr.c and causes a crash in the NFS client.
13 CVE-2005-4784 DoS Exec Code Overflow 2005-12-31 2008-09-05
5.6
None Local High Not required Complete None Complete
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.
14 CVE-2005-4776 DoS Overflow +Priv 2005-12-31 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.
15 CVE-2005-4746 DoS Overflow 2005-12-31 2010-04-02
7.8
None Remote Low Not required None None Complete
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
16 CVE-2005-4734 1 Exec Code Overflow 2005-12-31 2008-09-05
6.4
None Remote Low Not required None Partial Partial
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
17 CVE-2005-4676 DoS Overflow 2005-12-31 2017-07-20
5.0
None Remote Low Not required None None Partial
Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.
18 CVE-2005-4648 DoS Exec Code Overflow 2005-12-31 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue.
19 CVE-2005-4604 Exec Code Overflow 2005-12-31 2009-11-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.
20 CVE-2005-4594 Exec Code Overflow 2005-12-31 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.
21 CVE-2005-4592 DoS Exec Code Overflow 2005-12-31 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.
22 CVE-2005-4591 DoS Exec Code Overflow 2005-12-31 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.
23 CVE-2005-4569 Exec Code Overflow 2005-12-29 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value.
24 CVE-2005-4566 Overflow 2005-12-29 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.
25 CVE-2005-4553 Exec Code Overflow 2005-12-28 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
26 CVE-2005-4474 DoS Exec Code Overflow File Inclusion 2005-12-22 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in the "Add to archive" command in WinRAR 3.51 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code by tricking the user into adding a file whose filename contains a non-default code page and non-ANSI characters, as demonstrated using a Chinese filename, possibly due to buffer expansion when using the WideCharToMultiByte API. NOTE: it is not clear whether this problem can be exploited for code execution. If not, then perhaps the user-assisted nature of the attack should exclude the issue from inclusion in CVE.
27 CVE-2005-4472 DoS Exec Code Overflow 2005-12-22 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in the Macromedia JRun 4 web server (JWS) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request that is not properly handled during conversion to wide characters.
28 CVE-2005-4470 DoS Exec Code Overflow 2005-12-22 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the get_bhead function in readfile.c in Blender BlenLoader 2.0 through 2.40pre allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .blend file with a negative bhead.len value, which causes less memory to be allocated than expected, possibly due to an integer overflow.
29 CVE-2005-4466 DoS Exec Code Overflow 2005-12-22 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters.
30 CVE-2005-4459 119 Exec Code Overflow 2005-12-21 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the NAT networking components vmnat.exe and vmnet-natd in VMWare Workstation 5.5, GSX Server 3.2, ACE 1.0.1, and Player 1.0 allows remote authenticated attackers, including guests, to execute arbitrary code via crafted (1) EPRT and (2) PORT FTP commands.
31 CVE-2005-4456 DoS Exec Code Overflow 2005-12-21 2008-09-05
7.8
None Remote Low Not required None None Complete
Multiple buffer overflows in MailEnable Professional 1.71 and Enterprise 1.1 before patch ME-10009 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) LIST, (2) LSUB, and (3) UID FETCH commands. NOTE: it is possible that these are alternate vectors for the issue described in CVE-2005-4402.
32 CVE-2005-4445 Exec Code Overflow 2005-12-21 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Off-by-one error in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allows remote attackers to execute arbitrary code via a long email message header, which triggers a one-byte buffer overflow.
33 CVE-2005-4444 119 Exec Code Overflow 2005-12-21 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the trace message functionality in Pegasus Mail 4.21a through 4.21c and 4.30PB1 allow remote attackers to execute arbitrary code via a long POP3 reply.
34 CVE-2005-4439 DoS Exec Code Overflow 2005-12-21 2017-07-20
7.8
None Remote Low Not required None None Complete
Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a URL with a long (1) cmd or (2) mode parameter.
35 CVE-2005-4438 Exec Code Overflow 2005-12-21 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in Dec2Rar.dll 3.2.14.3, as distributed in the Symantec Antivirus Library and used by various Symantec products, allows remote attackers to execute arbitrary code via RAR archives with sub-block headers that contain incorrect values in the length field.
36 CVE-2005-4411 Exec Code Overflow 2005-12-20 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
37 CVE-2005-4402 Exec Code Overflow 2005-12-20 2016-10-18
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in MailEnable Professional 1.71 and earlier, and Enterprise 1.1 and earlier, allows remote authenticated users to execute arbitrary code via a long IMAP EXAMINE command.
38 CVE-2005-4272 Exec Code Overflow 2005-12-15 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in IBM AIX 5.1, 5.2, and 5.3 allow remote attackers to execute arbitrary code via (1) muxatmd and (2) slocal.
39 CVE-2005-4271 Exec Code Overflow 2005-12-15 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the malloc debug system in IBM AIX 5.3 allows local users to execute arbitrary code.
40 CVE-2005-4270 Exec Code Overflow 2005-12-15 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.
41 CVE-2005-4267 119 Exec Code Overflow 2005-12-21 2011-03-07
7.5
None Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands.
42 CVE-2005-4220 119 DoS Overflow 2005-12-14 2018-10-19
7.8
None Remote Low Not required None None Complete
Netgear RP114, and possibly other versions and devices, allows remote attackers to cause a denial of service via a SYN flood attack between one system on the internal interface and another on the external interface, which temporarily stops routing between the interfaces, as demonstrated using nmap.
43 CVE-2005-4194 DoS Overflow 2005-12-13 2011-03-08
5.0
None Remote Low Not required None None Partial
Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string.
44 CVE-2005-4178 Exec Code Overflow 2005-12-12 2018-10-30
6.5
None Remote Low ??? Partial Partial Partial
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the proper order of operations.
45 CVE-2005-4153 DoS Overflow 2005-12-11 2017-10-11
7.8
None Remote Low Not required None None Complete
Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573.
46 CVE-2005-4134 DoS Overflow 2005-12-09 2018-10-19
5.0
None Remote Low Not required None None Partial
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
47 CVE-2005-4092 119 DoS Exec Code Overflow 2005-12-08 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 (3) and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via a .mov file with (1) a Movie Resource atom with a large size value, or (2) an stsd atom with a modified Sample Description Table size value, and possibly other vectors involving media files. NOTE: item 1 was originally identified by CVE-2005-4127 for a pre-patch announcement, and item 2 was originally identified by CVE-2005-4128 for a pre-patch announcement.
48 CVE-2005-4085 Exec Code Overflow 2005-12-31 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
49 CVE-2005-4050 Exec Code Overflow 2005-12-07 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in multiple Multi-Tech Systems MultiVOIP devices with firmware before x.08 allows remote attackers to execute arbitrary code via a long INVITE field in a Session Initiation Protocol (SIP) packet.
50 CVE-2005-4048 119 Exec Code Overflow 2005-12-07 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the avcodec_default_get_buffer function (utils.c) in FFmpeg libavcodec 0.4.9-pre1 and earlier, as used in products such as (1) mplayer, (2) xine-lib, (3) Xmovie, and (4) GStreamer, allows remote attackers to execute arbitrary commands via small PNG images with palettes.
Total number of vulnerabilities : 596   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.