Full List

Search

Recent Vulnerabilities

• CVE-2005-0986 • published on April 6, 2005 NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted. NOTE: IBM has reported that it is unable to replicate this issue.
• CVE-2005-0989 • published on April 6, 2005 The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
• CVE-2005-0988 • published on April 6, 2005 Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
• CVE-2005-0967 • published on April 6, 2005 Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.
• CVE-2005-0987 • published on April 6, 2005 Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick.
• CVE-2005-0990 • published on April 6, 2005 unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.
• CVE-2005-0968 • published on April 5, 2005 Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.
• CVE-2005-0400 • published on April 5, 2005 The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.
• CVE-2005-0749 • published on April 5, 2005 The load_elf_library in the Linux kernel before 2.6.11.6 allows local users to cause a denial of service (kernel crash) via a crafted ELF library or executable, which causes a free of an invalid pointer.
• CVE-2005-0708 • published on April 5, 2005 The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
• CVE-2005-0980 • published on April 5, 2005 PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.
• CVE-2005-0984 • published on April 5, 2005 Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell.
• CVE-2005-0979 • published on April 5, 2005 Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted values in a profile file, as demonstrated using a long SysName field.
• CVE-2005-0981 • published on April 5, 2005 Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.
• CVE-2005-0983 • published on April 5, 2005 Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.
• CVE-2005-0977 • published on April 5, 2005 The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.
• CVE-2005-0978 • published on April 5, 2005 Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a .. (dot dot) in a PUSH command.
• CVE-2005-0982 • published on April 5, 2005 Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field.
• CVE-2005-0388 • published on April 4, 2005 Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising."
• CVE-2005-0387 • published on April 4, 2005 remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.