Buffer overflow in a certain USB driver, as used on Microsoft Windows, allows attackers to execute arbitrary code.
Max CVSS
7.2
EPSS Score
0.16%
Published
2005-07-27
Updated
2019-04-30
Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 allow remote attackers to execute arbitrary code via (1) a RCPT TO command with a long DNS name, or (2) a large number of RCPT TO commands with a long e-mail name arugment in the last command.
Max CVSS
7.5
EPSS Score
3.70%
Published
2005-07-27
Updated
2008-09-05
Buffer overflow in a third-party compression library (UNACEV2.DLL), as used in avast! Antivirus Home/Professional Edition 4.6.665 and Server Edition 4.6.460, allows remote attackers to execute arbitrary code via an ACE archive containing a long filename.
Max CVSS
7.5
EPSS Score
5.32%
Published
2005-07-27
Updated
2008-09-05

CVE-2005-2373

Public exploit
Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated users to execute arbitrary code via a long directory name to (1) LIST, (2) DELE or (3) RNFR commands.
Max CVSS
7.2
EPSS Score
13.09%
Published
2005-07-26
Updated
2016-10-18
Oracle Forms 4.5 through 10g starts form executables from arbitrary directories and executes them as the Oracle or System user, which allows attackers to execute arbitrary code by uploading a malicious .fmx file and referencing it using an absolute pathname argument in the (1) form or (2) module parameters to f90servlet.
Max CVSS
7.2
EPSS Score
7.71%
Published
2005-07-26
Updated
2016-10-18
Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code.
Max CVSS
7.5
EPSS Score
2.62%
Published
2005-07-26
Updated
2017-10-11
Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows remote POP3 servers to cause a denial of service and possibly execute arbitrary code via long UIDL responses. NOTE: a typo in an advisory accidentally used the wrong CVE identifier for the Fetchmail issue. This is the correct identifier.
Max CVSS
5.0
EPSS Score
4.84%
Published
2005-07-27
Updated
2018-10-19
PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote attackers to execute arbitrary code via the CLPATH parameter to (1) cl_minical.php, (2) clmcpreload.php, (3) mcconfig.php, or (4) mcpi-demo.php.
Max CVSS
7.5
EPSS Score
2.03%
Published
2005-07-19
Updated
2008-09-05
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
Max CVSS
9.3
EPSS Score
93.96%
Published
2005-07-19
Updated
2011-03-08
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
Max CVSS
7.5
EPSS Score
75.73%
Published
2005-07-19
Updated
2008-09-05
DG Remote Control Server 1.6.2 allows remote attackers to cause a denial of service (crash or CPU consumption) and possibly execute arbitrary code via a long message to TCP port 1071 or 1073, possibly due to a buffer overflow.
Max CVSS
7.5
EPSS Score
2.28%
Published
2005-07-19
Updated
2008-09-05

CVE-2005-2297

Public exploit
Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 through 5.2 allows remote authenticated users to execute arbitrary code via a large javascript parameter.
Max CVSS
4.6
EPSS Score
96.62%
Published
2005-07-19
Updated
2016-10-18

CVE-2005-2278

Public exploit
Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable Professional 1.54 allows remote authenticated users to execute arbitrary code via the status command with a long mailbox name.
Max CVSS
7.2
EPSS Score
93.98%
Published
2005-07-18
Updated
2016-10-18
Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone base objects, which allows remote attackers to execute arbitrary code by navigating the prototype chain to reach a privileged object.
Max CVSS
7.5
EPSS Score
16.16%
Published
2005-07-13
Updated
2017-10-11
Firefox before 1.0.5 allows remote attackers to steal information and possibly execute arbitrary code by using standalone applications such as Flash and QuickTime to open a javascript: URL, which is run in the context of the previous page, and may lead to code execution if the standalone application loads a privileged chrome: URL.
Max CVSS
7.5
EPSS Score
77.48%
Published
2005-07-13
Updated
2017-10-11

CVE-2005-2265

Public exploit
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
Max CVSS
5.0
EPSS Score
96.67%
Published
2005-07-13
Updated
2017-10-11
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
Max CVSS
5.1
EPSS Score
57.08%
Published
2005-07-13
Updated
2017-10-11
The dispallclosed2 function in dispallclosed.pl for multiple USANet Creations products, including (1) USANet Shopping Mall Software, (2) Domain Name Auction Software, (3) Standard Classified Ads Software, and (4) MakeBid Reverse Auction allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter.
Max CVSS
10.0
EPSS Score
2.84%
Published
2005-07-13
Updated
2008-09-05
PHP remote file inclusion vulnerability in photolist.inc.php in Squito Gallery 1.33 allows remote attackers to execute arbitrary code via the photoroot parameter.
Max CVSS
7.5
EPSS Score
1.37%
Published
2005-07-13
Updated
2008-09-05
PHP remote file inclusion vulnerability in secure.php in PHPSecurePages (phpSP) 0.28beta and earlier allows remote attackers to execute arbitrary code via the cfgProgDir parameter, a variant of CVE-2001-1468.
Max CVSS
7.5
EPSS Score
65.69%
Published
2005-07-13
Updated
2017-10-11
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
Max CVSS
7.5
EPSS Score
15.69%
Published
2005-07-13
Updated
2008-09-05
Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 allow remote attackers to execute arbitrary code via the (1) doc_path parameter to getpage.php or (2) set_menu parameter to lib/static/header.php.
Max CVSS
7.5
EPSS Score
10.01%
Published
2005-07-12
Updated
2017-10-11
The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to execute arbitrary code or corrupt memory via crafted packets that trigger a memory allocation failure and lead to a buffer overflow.
Max CVSS
5.0
EPSS Score
1.56%
Published
2005-07-12
Updated
2017-07-11
Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-07-12
Updated
2008-09-05
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.
Max CVSS
7.2
EPSS Score
0.04%
Published
2005-07-12
Updated
2008-09-05
45 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!