CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In January 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2005-0110 Bypass 2005-01-14 2016-10-18
2.6
None Remote High Not required None Partial None
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.
52 CVE-2005-0108 DoS 2005-01-11 2017-07-11
5.0
None Remote Low Not required None None Partial
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.
53 CVE-2005-0104 XSS 2005-01-29 2017-10-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.
54 CVE-2005-0103 94 Exec Code File Inclusion 2005-01-24 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
55 CVE-2005-0102 Exec Code Overflow 2005-01-24 2018-10-03
7.2
None Local Low Not required Complete Complete Complete
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
56 CVE-2005-0097 DoS 2005-01-11 2017-10-11
5.0
None Remote Low Not required None None Partial
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
57 CVE-2005-0096 DoS 2005-01-25 2017-10-11
5.0
None Remote Low Not required None None Partial
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
58 CVE-2005-0095 DoS 2005-01-15 2017-10-11
5.0
None Remote Low Not required None None Partial
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
59 CVE-2005-0094 DoS Overflow 2005-01-15 2017-10-11
5.0
None Remote Low Not required None None Partial
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
60 CVE-2005-0075 2005-01-29 2017-10-11
5.0
None Remote Low Not required None Partial None
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.
61 CVE-2005-0072 2005-01-24 2017-07-11
2.1
None Local Low Not required Partial None None
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.
62 CVE-2005-0069 2005-01-13 2017-10-11
4.6
None Local Low Not required Partial Partial Partial
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.
63 CVE-2004-1340 +Info 2005-01-26 2017-07-11
2.1
None Local Low Not required Partial None None
Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
64 CVE-2004-1318 XSS 2005-01-06 2017-07-11
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0.13 and earlier allows remote attackers to inject arbitrary HTML and web script via a query that starts with a tab ("%09") character, which prevents the rest of the query from being properly sanitized.
65 CVE-2004-1314 2005-01-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Safari 1.x allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability, a different vulnerability than CVE-2004-1122.
66 CVE-2004-1313 +Priv 2005-01-10 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly other versions, does not drop privileges before invoking help, which allows local users to gain privileges.
67 CVE-2004-1312 DoS 2005-01-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
A bug in the HTML parser in a certain Microsoft HTML library, as used in various third party products, may allow remote attackers to cause a denial of service via certain strings, as reported in GFI MailEssentials for Exchange 9 and 10, and GFI MailSecurity for Exchange 8, which causes emails to remain in IIS or Exchange mail queues.
68 CVE-2004-1311 DoS Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the real_setup_and_get_header function in real.c for Unix MPlayer 1.0pre5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a Real RTSP streaming media file with a -1 content-length field, which leads to a heap-based buffer overflow.
69 CVE-2004-1310 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the asf_mmst_streaming.c functionality for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a large MMST stream packet.
70 CVE-2004-1309 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the demux_open_bmp function in demux_bmp.c for Unix MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a bitmap (BMP) file containing a large biClrUsed field.
71 CVE-2004-1308 Exec Code Overflow 2005-01-10 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3.5.7 and 3.7.0 allows remote attackers to execute arbitrary code via a TIFF file containing a TIFF_ASCII or TIFF_UNDEFINED directory entry with a -1 entry count, which leads to a heap-based buffer overflow.
72 CVE-2004-1304 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.
73 CVE-2004-1303 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the get function in get.c for Yanf 0.4 allows remote malicious web servers to execute arbitrary code via crafted HTTP responses.
74 CVE-2004-1302 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag.
75 CVE-2004-1301 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the book_format_sql function in format.c for xlreader 0.9.0 allows remote attackers to execute arbitrary code via a crafted Excel (XLS) file.
76 CVE-2004-1300 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the open_aiff_file function in demux_aiff.c for xine-lib (libxine) 1-rc7 allows remote attackers to execute arbitrary code via a crafted AIFF file.
77 CVE-2004-1299 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the get_attr function in html.c for vilistextum 2.6.6 allows remote attackers to execute arbitrary code via a crafted web page.
78 CVE-2004-1298 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows remote attackers to execute arbitrary code via a crafted FRM file.
79 CVE-2004-1297 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file.
80 CVE-2004-1295 DoS 2005-01-10 2017-07-11
2.1
None Local Low Not required None None Partial
The slip_down function in slip.c for the uml_net program in uml-utilities 20030903, when uml_net is installed setuid root, does not verify whether the calling user has sufficient permission to disable an interface, which allows local users to cause a denial of service (network service disabled).
81 CVE-2004-1294 2005-01-10 2017-07-11
5.0
None Remote Low Not required None Partial None
The mget function in cmds.c for tnftp 20030825 allows remote FTP servers to overwrite arbitrary files via FTP responses containing file names with / (slash) characters.
82 CVE-2004-1293 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2e 1.0fc2 allows remote attackers to execute arbitrary code via a crafted RTF file.
83 CVE-2004-1292 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the parse_emelody function in parse_emelody.c for ringtonetools 2.22 allows remote attackers to execute arbitrary code via a crafted eMelody file.
84 CVE-2004-1291 Overflow 2005-01-10 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in qwik-smtpd allows remote attackers to use the server as an SMTP spam relay via a long HELO command, which overwrites the adjacent localIP data buffer.
85 CVE-2004-1290 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a crafted PGN file.
86 CVE-2004-1289 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote attackers to execute arbitrary code via a crafted calendar file.
87 CVE-2004-1288 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file.
88 CVE-2004-1287 Exec Code Overflow 2005-01-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
89 CVE-2004-1286 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the auto_filter_extern function in auto.c for NapShare 1.2, with the extern filter enabled, allows remote attackers to execute arbitrary code via a crafted gnutella response.
90 CVE-2004-1285 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the get_header function in asf_mmst_streaming.c for MPlayer 1.0pre5 allows remote attackers to execute arbitrary code via a crafted ASF video stream.
91 CVE-2004-1284 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the find_next_file function in playlist.c for mpg123 0.59r allows remote attackers to execute arbitrary code via a crafted MP3 playlist.
92 CVE-2004-1283 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Mesh::type method in mesh.c for the mview program in Mesh Viewer 0.2.2 allows remote attackers to execute arbitrary code via crafted mesh files.
93 CVE-2004-1282 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the strexpand function in string.c for LinPopUp 1.2.0 allows remote attackers to execute arbitrary code via a crafted message that is not properly handled during a Reply operation.
94 CVE-2004-1281 2005-01-10 2017-07-11
5.0
None Remote Low Not required None Partial None
The ftp_retr function in junkie 0.3.1 allows remote malicious FTP servers to overwrite arbitrary files via .. (dot dot) sequences in a filename.
95 CVE-2004-1280 Exec Code 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 allows remote malicious FTP servers to execute arbitrary commands via shell metacharacters in a filename.
96 CVE-2004-1279 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 allows remote attackers to execute arbitrary code via a crafted set of JPEG files and filenames.
97 CVE-2004-1278 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attackers to execute arbitrary code via a crafted ABC file.
98 CVE-2004-1277 2005-01-10 2017-07-11
5.0
None Remote Low Not required None Partial None
The download_selection_recursive() function in ftplist.c for IglooFTP 0.6.1 allows remote malicious FTP servers to overwrite arbitrary files via filenames that contain / (slash) characters.
99 CVE-2004-1276 2005-01-10 2017-07-11
2.1
None Local Low Not required None Partial None
IglooFTP 0.6.1, when recursively uploading a directory, allows local users to overwrite the files that are being uploaded by creating temporary files with names generated by the tmpnam function, before the files are opened by IglooFTP.
100 CVE-2004-1275 Exec Code Overflow 2005-01-10 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the remove_quote function in convert.c for html2hdml 1.0.3 allows remote attackers to execute arbitrary code via a crafted HTML file.
Total number of vulnerabilities : 320   Page : 1 2 (This Page)3 4 5 6 7
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.