Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-02-09 | CVE-2004-0939 | Denial-Of-Service vulnerability in Instant Virtual Extranet changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack. | 5.0 |
| 2005-02-09 | CVE-2004-0937 | Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. network low complexity archive-zip broadcom ca eset-software kaspersky-lab mcafee rav-antivirus sophos gentoo mandrakesoft suse | 7.5 |
| 2005-02-08 | CVE-2005-0249 | Unspecified vulnerability in Symantec products Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | 7.5 |
| 2005-02-08 | CVE-2005-0233 | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 7.5 |
| 2005-02-08 | CVE-2004-0848 | Unspecified vulnerability in Microsoft products Buffer overflow in Microsoft Office XP allows remote attackers to execute arbitrary code via a link with a URL file location containing long inputs after (1) "%00 (null byte) in .doc filenames or (2) "%0a" (carriage return) in .rtf filenames. | 7.5 |
| 2005-02-07 | CVE-2005-0231 | Unspecified vulnerability in Mozilla Firefox 1.0 Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing." | 2.6 |
| 2005-02-07 | CVE-2005-0175 | Unspecified vulnerability in Squid Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. | 5.0 |
| 2005-02-07 | CVE-2005-0174 | Remote vulnerability in Squid Proxy Oversize HTTP Headers Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters. | 5.0 |
| 2005-02-07 | CVE-2005-0100 | Remote Format String vulnerability in GNU Emacs and Xemacs Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets. | 7.5 |
| 2005-02-07 | CVE-2004-1131 | Local Buffer Overflow vulnerability in SCO OpenServer Enable And Disable Multiple buffer overflows in the enable command for SCO OpenServer 5.0.6 and 5.0.7 allow local users to execute arbitrary code via long command line arguments. | 7.2 |