Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-03-04 | CVE-2005-0593 | Remote vulnerability in Mozilla Suite Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers to spoof the SSL "secure site" lock icon via (1) a web site that does not finish loading, which shows the lock of the previous site, (2) a non-HTTP server that uses SSL, which causes the lock to be displayed when the SSL handshake is completed, or (3) a URL that generates an HTTP 204 error, which updates the icon and location information but does not change the display of the original site. | 2.6 |
| 2005-03-03 | CVE-2005-0674 | HTML Injection vulnerability in PHP Arena Pabox 1.6 Cross-site scripting (XSS) vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request. network php-arena | 4.3 |
| 2005-03-03 | CVE-2005-0671 | Remote vulnerability in Ca3DE Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via format string specifiers in a command. | 7.5 |
| 2005-03-02 | CVE-2005-0641 | Unspecified vulnerability in Broadcom Unicenter Asset Management 4.0 Cross-site scripting (XSS) vulnerability in the Reporter for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to inject arbitrary HTML or web script via the (1) name or (2) description in a report template. network broadcom | 4.3 |
| 2005-03-02 | CVE-2005-0640 | Unspecified vulnerability in Broadcom Unicenter Asset Management 4.0 Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not properly initialize the "Change Credentials for Database" window, which allows local users to recover the SQL Admin password via certain methods. | 4.6 |
| 2005-03-02 | CVE-2005-0639 | Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. | 7.5 |
| 2005-03-02 | CVE-2005-0638 | xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. | 7.5 |
| 2005-03-02 | CVE-2005-0636 | Remote vulnerability in Foxmail Email Server 2.0 Format string vulnerability in Foxmail Server 2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the USER command. | 10.0 |
| 2005-03-02 | CVE-2005-0633 | Remote PNG Image File Parsing Buffer Overflow vulnerability in Cerulean Studios Trillian and Trillian PRO Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to execute arbitrary code via a crafted PNG image file. | 7.5 |
| 2005-03-02 | CVE-2005-0620 | Local Security vulnerability in Einstein Einstein 1.0 stores credit card information in plaintext in the world-readable wallets.dat file, which allows local users to steal the information. | 2.1 |