Full List

Search

Recent Vulnerabilities

• CVE-2005-0143 • published on January 29, 2005 Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
• CVE-2005-0144 • published on January 29, 2005 Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
• CVE-2005-0147 • published on January 29, 2005 Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
• CVE-2005-0148 • published on January 29, 2005 Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
• CVE-2005-0006 • published on January 29, 2005 The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).
• CVE-2005-0015 • published on January 29, 2005 diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
• CVE-2005-0102 • published on January 29, 2005 Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.
• CVE-2005-0115 • published on January 29, 2005 Stack-based buffer overflow in DataRescue Interactive Disassembler (IDA) Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.
• CVE-2005-0145 • published on January 29, 2005 Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
• CVE-2005-0146 • published on January 29, 2005 Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
• CVE-2005-0150 • published on January 29, 2005 Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
• CVE-2005-0162 • published on January 29, 2005 Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.
• CVE-2004-1004 • published on January 22, 2005 Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
• CVE-2004-1005 • published on January 22, 2005 Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.
• CVE-2004-1009 • published on January 22, 2005 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
• CVE-2004-1090 • published on January 22, 2005 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."
• CVE-2004-1091 • published on January 22, 2005 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.
• CVE-2004-1093 • published on January 22, 2005 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."
• CVE-2004-1092 • published on January 22, 2005 Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.
• CVE-2004-1175 • published on January 22, 2005 fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.