CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In February 2005

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
51 CVE-2005-0249 Exec Code Overflow 2005-02-08 2019-09-20
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.
52 CVE-2005-0245 Exec Code Overflow 2005-02-01 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.
53 CVE-2005-0243 2005-02-17 2008-09-05
5.0
None Remote Low Not required None Partial None
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.
54 CVE-2005-0242 2005-02-18 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.
55 CVE-2005-0233 2005-02-08 2017-10-11
7.5
None Remote Low Not required Partial Partial Partial
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
56 CVE-2005-0231 Bypass 2005-02-07 2017-10-11
2.6
None Remote High Not required None Partial None
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."
57 CVE-2005-0226 Exec Code 2005-02-03 2016-10-18
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.
58 CVE-2005-0176 2005-02-15 2017-10-11
5.0
None Remote Low Not required Partial None None
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.
59 CVE-2005-0175 Http R.Spl. 2005-02-07 2017-10-11
5.0
None Remote Low Not required None Partial None
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.
60 CVE-2005-0174 2005-02-07 2017-10-11
5.0
None Remote Low Not required None Partial None
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.
61 CVE-2005-0161 Dir. Trav. 2005-02-22 2008-09-05
2.1
None Local Low Not required None Partial None
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
62 CVE-2005-0160 Exec Code Overflow 2005-02-22 2008-09-05
5.1
None Remote High Not required Partial Partial Partial
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.
63 CVE-2005-0156 Exec Code Overflow 2005-02-07 2018-08-13
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
64 CVE-2005-0152 Exec Code File Inclusion 2005-02-02 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."
65 CVE-2005-0149 Bypass 2005-02-15 2017-10-11
5.0
None Remote Low Not required None Partial None
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
66 CVE-2005-0114 DoS 2005-02-11 2008-09-05
2.1
None Local Low Not required None None Partial
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.
67 CVE-2005-0107 Exec Code 2005-02-25 2008-09-05
7.5
None Remote Low Not required Partial Partial Partial
bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.
68 CVE-2005-0105 +Priv 2005-02-16 2008-09-05
4.6
None Local Low Not required Partial Partial Partial
Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.
69 CVE-2005-0101 Exec Code Overflow 2005-02-01 2017-07-11
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.
70 CVE-2005-0100 Exec Code 2005-02-07 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.
71 CVE-2005-0092 DoS 2005-02-19 2017-10-11
2.1
None Local Low Not required None None Partial
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).
72 CVE-2005-0074 Exec Code Overflow 2005-02-11 2008-09-05
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.
73 CVE-2004-1131 Exec Code Overflow 2005-02-07 2017-07-11
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments.
74 CVE-2004-0982 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.
75 CVE-2004-0981 Exec Code Overflow 2005-02-09 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1.0 allows remote attackers to execute arbitrary code via a certain image file.
76 CVE-2004-0980 Exec Code 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 through 3.0.11b8, when running in daemon mode with certain service types in use, allows remote servers to execute arbitrary code.
77 CVE-2004-0978 787 Exec Code Overflow 2005-02-09 2020-12-09
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
78 CVE-2004-0977 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
79 CVE-2004-0976 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
80 CVE-2004-0975 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
81 CVE-2004-0974 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
82 CVE-2004-0972 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The lvmcreate_initrd script in the lvm package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
83 CVE-2004-0971 2005-02-09 2021-06-18
2.1
None Local Low Not required None Partial None
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
84 CVE-2004-0970 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as used by other packages such as ncompress, allows local users to overwrite files via a symlink attack on temporary files. NOTE: the znew vulnerability may overlap CVE-2003-0367.
85 CVE-2004-0969 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
86 CVE-2004-0968 2005-02-09 2017-10-11
2.1
None Local Low Not required None Partial None
The catchsegv script in glibc 2.3.2 and earlier allows local users to overwrite files via a symlink attack on temporary files.
87 CVE-2004-0967 59 2005-02-09 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary files.
88 CVE-2004-0966 2005-02-09 2017-07-11
2.1
None Local Low Not required None Partial None
The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
89 CVE-2004-0965 Exec Code 2005-02-09 2017-10-11
7.2
None Local Low Not required Complete Complete Complete
stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs.
90 CVE-2004-0964 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for Linux, allows remote attackers or local users to execute arbitrary code via certain values in a .pls file.
91 CVE-2004-0963 DoS Exec Code Overflow 2005-02-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibly other versions, allows remote attackers to cause a denial of service (application exception) and possibly execute arbitrary code in winword.exe via certain unexpected values in a .doc file, including (1) an offset that triggers an out-of-bounds memory access, (2) a certain value that causes a large memory copy as triggered by an integer conversion error, and other values.
92 CVE-2004-0962 Exec Code 2005-02-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Apple Remote Desktop Client 1.2.4 executes a GUI application as root when it is started by an Apple Remote Desktop Administrator application, which allows remote authenticated users to execute arbitrary code when loginwindow is active via Fast User Switching.
93 CVE-2004-0961 DoS 2005-02-09 2017-10-11
5.0
None Remote Low Not required None None Partial
Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (memory exhaustion) via a series of Access-Request packets with (1) Ascend-Send-Secret, (2) Ascend-Recv-Secret, or (3) Tunnel-Password attributes.
94 CVE-2004-0960 DoS 2005-02-09 2017-10-11
5.0
None Remote Low Not required None None Partial
FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument.
95 CVE-2004-0957 2005-02-09 2019-12-17
6.8
None Remote Medium Not required Partial Partial Partial
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
96 CVE-2004-0950 +Info 2005-02-09 2017-07-11
5.0
None Remote Low Not required Partial None None
NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request.
97 CVE-2004-0947 Exec Code Overflow 2005-02-09 2017-07-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.
98 CVE-2004-0945 DoS 2005-02-28 2008-09-05
5.0
None Remote Low Not required None None Partial
The web management interface for Mitel 3300 Integrated Communications Platform (ICP) before 4.2.2.11 allows remote authenticated users to cause a denial of service (resource exhaustion) via a large number of active sessions, which exceeds ICP's maximum.
99 CVE-2004-0942 DoS 2005-02-09 2021-06-06
5.0
None Remote Low Not required None None Partial
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
100 CVE-2004-0941 Exec Code Overflow 2005-02-09 2018-05-03
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990.
Total number of vulnerabilities : 105   Page : 1 2 (This Page)3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.