Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-10-13 | CVE-2005-2943 | Local Buffer Overflow vulnerability in XMail Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option. | 7.5 |
| 2005-10-13 | CVE-2005-2933 | Buffer Overflow vulnerability in University Of Washington IMAP Mailbox Name Buffer overflow in the mail_valid_net_parse_work function in mail.c for Washington's IMAP Server (UW-IMAP) before imap-2004g allows remote attackers to execute arbitrary code via a mailbox name containing a single double-quote (") character without a closing quote, which causes bytes after the double-quote to be copied into a buffer indefinitely. | 7.5 |
| 2005-10-13 | CVE-2005-2963 | Authentication Bypass vulnerability in Apache Mod_Auth_Shadow The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with AuthShadow enabled uses shadow authentication for all locations that use the require group directive, even when other authentication mechanisms are specified, which might allow remote authenticated users to bypass security restrictions. | 7.5 |
| 2005-10-13 | CVE-2005-2120 | Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows XP Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call. | 6.5 |
| 2005-10-13 | CVE-2005-1985 | Buffer Overflow vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, XP SP1 and Sp2, and Server 2003 SP1 and earlier, allows remote attackers to execute arbitrary code due to an "unchecked buffer" when processing certain crafted network messages. | 7.5 |
| 2005-10-12 | CVE-2005-3183 | Improper Input Validation vulnerability in W3C Libwww The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read. | 4.3 |
| 2005-10-12 | CVE-2005-2715 | Remote Format String vulnerability in Symantec Veritas products Format string vulnerability in the Java user interface service (bpjava-msvc) daemon for VERITAS NetBackup Data and Business Center 4.5FP and 4.5MP, and NetBackup Enterprise/Server/Client 5.0, 5.1, and 6.0, allows remote attackers to execute arbitrary code via the COMMAND_LOGON_TO_MSERVER command. | 10.0 |
| 2005-10-12 | CVE-2005-2925 | Local Privilege Escalation vulnerability in SGI Irix 6.5.22 runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. | 7.2 |
| 2005-10-12 | CVE-2005-2128 | Buffer Overflow vulnerability in Microsoft Windows Media Player 9 QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers to write a null byte to arbitrary memory via an AVI file with a crafted strn element with a modified length value. | 5.0 |
| 2005-10-12 | CVE-2005-2119 | Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer. | 5.0 |