Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-02-09 | CVE-2004-0960 | Attribute Decoding Denial Of Service vulnerability in FreeRADIUS FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of service (core dump) via malformed USR vendor-specific attributes (VSA) that cause a memcpy operation with a -1 argument. | 5.0 |
| 2005-02-09 | CVE-2004-0957 | Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities. | 6.8 |
| 2005-02-09 | CVE-2004-0950 | Information Disclosure vulnerability in Danware NetOp Remote Control NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request. | 5.0 |
| 2005-02-09 | CVE-2004-0947 | Remote Buffer Overflow vulnerability in ARJ Software UNARJ Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. | 10.0 |
| 2005-02-09 | CVE-2004-0941 | Remote Buffer overflow vulnerability in GD Graphics Library Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set of vulnerabilities than CVE-2004-0990. | 10.0 |
| 2005-02-09 | CVE-2004-0940 | Incorrect Calculation of Buffer Size vulnerability in multiple products Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. | 7.8 |
| 2005-02-09 | CVE-2004-0939 | Denial-Of-Service vulnerability in Instant Virtual Extranet changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and 4.x, with LDAP authentication or NT domain authentication enabled, does not limit the number of times a bad password can be entered, which allows remote attackers to guess passwords via a brute force attack. | 5.0 |
| 2005-02-09 | CVE-2004-0937 | Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system. network low complexity archive-zip broadcom ca eset-software kaspersky-lab mcafee rav-antivirus sophos gentoo mandrakesoft suse | 7.5 |
| 2005-02-08 | CVE-2005-0249 | Unspecified vulnerability in Symantec products Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header. | 7.5 |
| 2005-02-08 | CVE-2005-0233 | The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. | 7.5 |