Max CVSS 8.5 Min CVSS 2.1 Total Count32
IDCVSSSummaryLast (major) updatePublished
CVE-2005-2798 5.0
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
07-12-2016 - 22:00 06-09-2005 - 13:03
CVE-2005-2871 7.5
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with al
17-10-2016 - 23:31 09-09-2005 - 14:03
CVE-2005-1636 4.6
mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 creates the mysql_install_db.X file with a predictable filename and insecure permissions, which allows local users to execute arbitrary SQL commands by modifying the file's contents.
17-10-2016 - 23:21 17-05-2005 - 00:00
CVE-2010-4819 3.6
The ProcRenderAddGlyphs function in the Render extension (render/render.c) in X.Org xserver 1.7.7 and earlier allows local users to read arbitrary memory and possibly cause a denial of service (server crash) via unspecified vectors related to an "inp
13-09-2012 - 00:00 05-09-2012 - 19:55
CVE-2010-4818 8.5
The GLX extension in X.Org xserver 1.7.7 allows remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via (1) a crafted request that triggers a client swap in glx/glxcmdsswap.c; or (2) a crafted le
06-09-2012 - 09:40 05-09-2012 - 19:55
CVE-2006-1174 3.7
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and poss
10-03-2011 - 00:00 28-05-2006 - 19:02
CVE-2006-3145 5.0
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
07-03-2011 - 21:37 22-06-2006 - 18:06
CVE-2005-2968 7.5
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
07-03-2011 - 21:25 20-09-2005 - 18:03
CVE-2005-2707 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2706 6.4
Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla.
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2705 7.5
Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code.
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2704 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface.
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2703 5.0
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smugglin
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2702 7.5
Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters.
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2701 7.5
Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag.
07-03-2011 - 21:24 23-09-2005 - 15:03
CVE-2005-2496 4.6
The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
07-03-2011 - 21:24 02-09-2005 - 13:03
CVE-2005-2270 7.5
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2269 7.5
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2268 2.6
Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "D
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2267 7.5
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may le
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2266 5.0
Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to call top.focus and other methods in a parent frame, even when the parent is in a different domain, which violates the same origin policy and allows remote attackers to steal sensit
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2265 5.0
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2264 7.5
Firefox before 1.0.5 allows remote attackers to steal sensitive information by opening a malicious link in the Firefox sidebar using the _search target, then injecting script into other pages via a data: URL.
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2263 5.0
The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which ca
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2262 5.1
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a java
07-03-2011 - 21:24 13-07-2005 - 00:00
CVE-2005-2261 7.5
Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, Netscape 8.0.2, and K-Meleon 0.9 runs XBL scripts even when Javascript has been disabled, which makes it easier for remote attackers to bypass such protection.
07-03-2011 - 21:23 13-07-2005 - 00:00
CVE-2005-2260 7.5
The browser user interface in Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 does not properly distinguish between user-generated events and untrusted synthetic events, which makes it easier for remote attackers to perform dan
07-03-2011 - 21:23 13-07-2005 - 00:00
CVE-2005-2097 2.1
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when
07-03-2011 - 21:23 16-08-2005 - 00:00
CVE-2005-1937 2.6
A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote attackers to inject arbitrary Javascript from one page into the frameset of another site, aka the frame injection spoofing vulnerability, a re-introduction of a vulnerability that wa
07-03-2011 - 21:23 14-06-2005 - 00:00
CVE-2006-1721 2.6
digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in
07-03-2011 - 00:00 11-04-2006 - 19:02
CVE-2006-0052 5.0
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part tha
21-08-2010 - 00:37 31-03-2006 - 06:06
CVE-2005-1349 7.5
Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.
02-04-2010 - 01:04 02-05-2005 - 00:00
Back to Top Mark selected
Back to Top