Search
Total
25555 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-1157 | 2 Mozilla, Netscape | 3 Firefox, Mozilla, Navigator | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2." | |||||
| CVE-2005-1158 | 1 Mozilla | 1 Firefox | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar. | |||||
| CVE-2005-1159 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | |||||
| CVE-2005-1160 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 5.1 MEDIUM | N/A |
| The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object. | |||||
| CVE-2005-3565 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.5 HIGH | N/A |
| Unknown vulnerability in remshd daemon in HP-UX B.11.00, B.11.11, and B.11.23 while running in "Trusted Mode" allows remote attackers to gain unauthorized system access via unknown attack vectors. | |||||
| CVE-2005-2968 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | |||||
| CVE-2005-0815 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 6.4 MEDIUM | N/A |
| Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | |||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
| CVE-2005-2704 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. | |||||
| CVE-2005-3564 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.2 HIGH | N/A |
| envd daemon in HP-UX B.11.00 through B.11.11 allows local users to obtain privileges via unknown attack vectors. | |||||
| CVE-2005-3428 | 1 Rockliffe | 1 Mailsite Express | 2017-10-11 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body. | |||||
| CVE-2005-1456 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort). | |||||
| CVE-2005-2705 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-2706 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 6.4 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | |||||
| CVE-2005-1460 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length. | |||||
| CVE-2005-1192 | 1 Hp | 1 Hp-ux | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. | |||||
| CVE-2005-1459 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error). | |||||
| CVE-2005-1194 | 1 Redhat | 3 Enterprise Linux, Enterprise Linux Desktop, Linux Advanced Workstation | 2017-10-11 | 4.6 MEDIUM | N/A |
| Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | |||||
| CVE-2005-2707 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | |||||
| CVE-2005-2917 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | |||||
| CVE-2005-2710 | 1 Realnetworks | 2 Helix Player, Realplayer | 2017-10-11 | 5.1 MEDIUM | N/A |
| Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file. | |||||
| CVE-2005-1457 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash). | |||||
| CVE-2005-1228 | 1 Gnu | 1 Gzip | 2017-10-11 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||||
| CVE-2005-2369 | 1 Ekg | 1 Ekg | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2005-3396 | 1 Ibm | 1 Aix | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument. | |||||
| CVE-2005-0853 | 1 Betaparticle | 1 Betaparticle Blog | 2017-10-11 | 5.0 MEDIUM | N/A |
| betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later. NOTE: it was later reported that vector 2 also affects versions 6.0 through 9.0. | |||||
| CVE-2005-1248 | 1 Apple | 1 Itunes | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. | |||||
| CVE-2005-2874 | 1 Easy Software Products | 1 Cups | 2017-10-11 | 5.0 MEDIUM | N/A |
| The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. | |||||
| CVE-2005-1458 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors. | |||||
| CVE-2005-2873 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872. | |||||
| CVE-2005-1275 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2017-10-11 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | |||||
| CVE-2005-2794 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | |||||
| CVE-2005-2841 | 1 Cisco | 1 Ios | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. | |||||
| CVE-2005-2365 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors. | |||||
| CVE-2005-1431 | 1 Gnu | 1 Gnutls | 2017-10-11 | 5.0 MEDIUM | N/A |
| The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c. | |||||
| CVE-2005-2364 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference. | |||||
| CVE-2005-2363 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2005-2337 | 1 Yukihiro Matsumoto | 1 Ruby | 2017-10-11 | 7.5 HIGH | N/A |
| Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | |||||
| CVE-2005-2362 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets. | |||||
| CVE-2005-2361 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors. | |||||
| CVE-2005-3351 | 1 Apache | 1 Spamassassin | 2017-10-11 | 5.0 MEDIUM | N/A |
| SpamAssassin 3.0.4 allows attackers to bypass spam detection via an e-mail with a large number of recipients ("To" addresses), which triggers a bus error in Perl. | |||||
| CVE-2005-2366 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors. | |||||
| CVE-2005-2360 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors. | |||||
| CVE-2005-4153 | 1 Gnu | 1 Mailman | 2017-10-11 | 7.8 HIGH | N/A |
| Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. | |||||
| CVE-2006-1389 | 1 Hp | 1 Hp-ux | 2017-10-11 | 7.8 HIGH | N/A |
| Unspecified vulnerability in swagentd in HP-UX B.11.00, B.11.04, and B.11.11 allows remote attackers to cause a denial of service (application crash) via unspecified vectors. | |||||
| CVE-2006-1168 | 1 Ncompress | 1 Ncompress | 2017-10-11 | 7.5 HIGH | N/A |
| The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow. | |||||
| CVE-2006-1936 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector. | |||||
| CVE-2006-1248 | 1 Hp | 1 Hp-ux | 2017-10-11 | 4.6 MEDIUM | N/A |
| Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under the new directory, which might result in less secure permissions than intended. | |||||
| CVE-2005-4552 | 1 Sun | 1 Solaris Pc Netlink | 2017-10-11 | 7.2 HIGH | N/A |
| The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges. | |||||
| CVE-2006-1939 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in Ethereal 0.9.x up to 0.10.14 allow remote attackers to cause a denial of service (crash from null dereference) via (1) an invalid display filter, or the (2) GSM SMS, (3) ASN.1-based, (4) DCERPC NT, (5) PER, (6) RPC, (7) DCERPC, and (8) ASN.1 dissectors. | |||||