Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-05-11 | CVE-2005-1262 | Remote MSN Empty SLP Message Denial Of Service vulnerability in Gaim Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. | 5.0 |
2005-05-11 | CVE-2005-1261 | Remote URI Handling Buffer Overflow vulnerability in Gaim Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. | 7.5 |
2005-05-10 | CVE-2005-1555 | Cross-Site Scripting vulnerability in Macromedia Coldfusion 7.0 Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page. network macromedia | 4.3 |
2005-05-10 | CVE-2005-0039 | Unspecified vulnerability in Nissc Ipsec 1.0 Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address. | 6.4 |
2005-05-09 | CVE-2005-1477 | Remote Arbitrary Code Execution vulnerability in Mozilla Firefox 1.0.3 The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site. | 5.1 |
2005-05-09 | CVE-2005-1476 | Remote Arbitrary Code Execution vulnerability in Mozilla Firefox Install Method Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477. | 5.1 |
2005-05-06 | CVE-2005-1471 | Unspecified vulnerability in RSA Securid web Agent 5/5.2/5.3 Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data. | 7.5 |
2005-05-06 | CVE-2005-1406 | Local Kernel Memory Disclosure vulnerability in FreeBSD The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory. | 4.6 |
2005-05-06 | CVE-2005-1400 | Unspecified vulnerability in Freebsd The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values. | 4.6 |
2005-05-06 | CVE-2005-1399 | Unspecified vulnerability in Freebsd FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver. | 4.6 |