CVE Daily
← All years

All CVEs — 2005

Page 4/4.

Browse all CVEs by publication year. Use filters to refine.

CVSS ≥ 0.0
2005-02-21
Critical

CVE-2005-0496

Arkeia Network Backup Client 5.x contains hard-coded credentials that effectively serve as a back door, which allows remote attackers to access the file system and possibly execute arbitrary commands.

CVSS: 9.8 CWE: CWE-798
Read more
2005-02-14
Critical

CVE-2005-0408

CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of the user name for the id_hash cookie, which allows remote attackers to bypass authentication and gain privileges by calculating t…

CVSS: 9.8 CWE: CWE-916
Read more
Medium

CVE-2005-0406

A design flaw in image processing software that modifies JPEG images might not modify the original EXIF thumbnail, which could lead to an information leak of potentially sensitive visual information…

CVSS: 5.5 CWE: CWE-212
Read more
2005-02-09
High

CVE-2004-0940

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents…

CVSS: 7.8 CWE: CWE-131
Read more
High

CVE-2004-0967

The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to o…

CVSS: 7.2 CWE: CWE-59
Read more
Critical

CVE-2004-0978

Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote at…

CVSS: 10.0 CWE: CWE-787
Read more
2005-01-24
Critical

CVE-2005-0102

Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte…

CVSS: 9.8 CWE: CWE-190
Read more
High

CVE-2005-0103

PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote w…

CVSS: 7.5 CWE: CWE-94
Read more
2005-01-18
High

CVE-2005-0116

AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

CVSS: 7.5 CWE: CWE-20
Read more
2005-01-10
Critical

CVE-2004-1287

Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.

CVSS: 10.0 CWE: CWE-787
Read more
Medium

CVE-2004-1267

Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.

CVSS: 6.5 CWE: CWE-119
Read more
Critical

CVE-2004-1258

Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 allows remote attackers to execute arbitrary code via crafted ABC files.

CVSS: 10.0 CWE: CWE-119
Read more
Critical

CVE-2004-1211

Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via long argume…

CVSS: 10.0 CWE: CWE-119
Read more
Medium

CVE-2004-1201

Opera 7.54 allows remote attackers to cause a denial of service (application crash from memory exhaustion), as demonstrated using Javascript code that continuously creates nested arrays and then sort…

CVSS: 5.0 CWE: CWE-400
Read more
High

CVE-2004-1157

Opera 7.x up to 7.54, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window whose name is known but resides in a…

CVSS: 7.5 CWE: CWE-74
Read more
Critical

CVE-2004-1019

The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function th…

CVSS: 10.0 CWE: CWE-20
Read more
Critical

CVE-2004-1125

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers t…

CVSS: 9.3 CWE: CWE-20
Read more
Critical

CVE-2004-1114

Buffer overflow in the handling of command line arguments in Skype 1.0.x.94 through 1.0.x.98 allows remote attackers to execute arbitrary code via a callto:// URL with a long non-existent username, a…

CVSS: 9.3 CWE: CWE-119
Read more