Max CVSS 10.0 Min CVSS 2.1 Total Count46
IDCVSSSummaryLast (major) updatePublished
CVE-2005-1769 4.3
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.
17-10-2016 - 23:22 16-06-2005 - 00:00
CVE-2005-1689 7.5
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions.
17-10-2016 - 23:21 18-07-2005 - 00:00
CVE-2005-1175 7.5
Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain valid TCP or UDP req
17-10-2016 - 23:17 18-07-2005 - 00:00
CVE-2005-1174 5.0
MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) allows remote attackers to cause a denial of service (application crash) via a certain valid TCP connection that causes a free of unallocated memory.
17-10-2016 - 23:17 18-07-2005 - 00:00
CVE-2005-0710 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is pr
17-10-2016 - 23:13 02-05-2005 - 00:00
CVE-2005-0709 4.6
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
17-10-2016 - 23:13 02-05-2005 - 00:00
CVE-2004-1189 7.2
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an arr
17-10-2016 - 22:52 31-12-2004 - 00:00
CVE-2004-0942 5.0
Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
17-10-2016 - 22:50 09-02-2005 - 00:00
CVE-2004-0885 7.5
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host config
17-10-2016 - 22:49 03-11-2004 - 00:00
CVE-2004-0112 5.0
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
17-10-2016 - 22:40 23-11-2004 - 00:00
CVE-2004-0079 5.0
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
17-10-2016 - 22:40 23-11-2004 - 00:00
CVE-2005-2096 7.5
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
30-10-2012 - 21:48 06-07-2005 - 00:00
CVE-2005-1849 5.0
inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced.
07-03-2011 - 21:22 26-07-2005 - 00:00
CVE-2005-0711 2.1
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
21-08-2010 - 00:26 02-05-2005 - 00:00
CVE-2005-0605 7.5
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
21-08-2010 - 00:26 02-03-2005 - 00:00
CVE-2005-2095 4.3
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write ar
21-08-2010 - 00:00 13-07-2005 - 00:00
CVE-2005-2503 4.6
AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical access to create local accounts by forcing a particular error to occur at the login window.
10-09-2008 - 15:42 19-08-2005 - 00:00
CVE-2005-2502 5.1
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in applications such as TextEdit, allows external user-assisted attackers to execute arbitrary code via a crafted Microsoft Word file.
10-09-2008 - 15:42 19-08-2005 - 00:00
CVE-2005-1344 7.5
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to
10-09-2008 - 15:38 02-05-2005 - 00:00
CVE-2004-1084 5.0
Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to read files and resource fork content via HTTP requests to certain special file names related to multiple data streams in HFS+, which bypass Apache file handles.
10-09-2008 - 15:28 02-12-2004 - 00:00
CVE-2004-1083 5.0
Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files in a case sensitive manner, but the Apple HFS+ filesystem accesses files in a case insensitive manner, which allows remote attackers to read .DS_Store files and files beginning wit
10-09-2008 - 15:28 03-12-2004 - 00:00
CVE-2005-2745 5.0
Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.
05-09-2008 - 16:52 25-10-2005 - 20:02
CVE-2005-2526 5.0
CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2525 5.0
CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2524 5.0
Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.
05-09-2008 - 16:51 25-10-2005 - 20:02
CVE-2005-2523 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server in Mac OS X 10.4 to 10.4.2 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2522 5.1
Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs within PDF files without the normal security checks, which allows remote attackers to execute arbitrary code via links in a PDF file.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2521 4.6
Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to execute arbitrary code via unknown vectors.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2520 2.1
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2519 7.2
slpd in Directory Services in Mac OS X 10.3.9 creates insecure temporary files as root, which allows local users to gain privileges.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2518 7.5
Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2517 2.6
Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL formatted page to the next page that is browsed by the user, which causes form data to be sent to the wrong site.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2516 7.5
Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format (RTF) files, can directly access URLs without performing the normal security checks, which allows remote attackers to execute arbitrary commands.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2515 4.6
Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to access links from the RSS Visualizer even when a password is required.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2514 7.5
Buffer overflow in ping in Mac OS X 10.3.9 allows local users to execute arbitrary code.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2513 5.0
Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows VoiceOver services to read secure input fields.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2512 2.1
Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an HTML message, loads remote images even when the user's preferences state otherwise, which could result in a privacy leak.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2511 10.0
Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using Kerberos authentication with LDAP, allows attackers to gain access to a root Terminal window.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2510 4.6
The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall p
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2509 2.1
Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, when Fast User Switching is enabled, allows attackers to log into other accounts if they know the passwords to at least two accounts.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2508 4.6
dsidentity in Directory Services in Mac OS X 10.4.2 allows local users to add or remove user accounts.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2507 7.5
Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to execute arbitrary code during authentication.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2506 5.0
Algorithmic complexity vulnerability in CoreFoundation in Mac OS X 10.3.9 and 10.4.2 allows attackers to cause a denial of service (CPU consumption) via crafted Gregorian dates.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2505 7.5
Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers to execute arbitrary code via command line arguments to an application that uses CoreFoundation.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2504 7.2
The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with "Requires Authentication: No" even when the user has selected the "Require pairing for security" option, which could confuse users about which setting is valid.
05-09-2008 - 16:51 19-08-2005 - 00:00
CVE-2005-2501 7.6
Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows external user-assisted attackers to execute arbitrary code via a crafted Rich Text Format (RTF) file.
05-09-2008 - 16:51 19-08-2005 - 00:00
Back to Top Mark selected
Back to Top