CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Ubuntu : Security Vulnerabilities Published In 2005 (Execute Code)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2005-1527 Exec Code 2005-08-15 2008-09-05
5.0
None Remote Low Not required None Partial None
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
2 CVE-2005-0754 Exec Code 2005-04-22 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
3 CVE-2005-0156 Exec Code Overflow 2005-02-07 2013-10-23
2.1
None Local Low Not required None Partial None
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
4 CVE-2004-1235 Exec Code 2005-04-14 2013-09-09
6.2
Admin Local High Not required Complete Complete Complete
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
5 CVE-2004-1137 DoS Exec Code 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
6 CVE-2004-1067 Exec Code Overflow 2005-01-10 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
7 CVE-2004-1065 Exec Code Overflow 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
8 CVE-2004-1051 Exec Code 2005-03-01 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
9 CVE-2004-1019 20 DoS Exec Code 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
10 CVE-2004-1015 Exec Code Overflow 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, with the imapmagicplus option enabled, may allow remote attackers to execute arbitrary code, a different vulnerability than CVE-2004-1011.
11 CVE-2004-1013 Exec Code Mem. Corr. 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
12 CVE-2004-1012 Exec Code Mem. Corr. 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
13 CVE-2004-1011 Exec Code Overflow 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
14 CVE-2004-0989 Exec Code Overflow 2005-03-01 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
15 CVE-2004-0891 DoS Exec Code Overflow 2005-01-27 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an "unexpected sequence of MSNSLP messages" that results in an unbounded copy operation that writes to the wrong buffer.
16 CVE-2004-0889 DoS Exec Code Overflow 2005-01-27 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
17 CVE-2004-0888 DoS Exec Code Overflow 2005-01-27 2013-08-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
18 CVE-2004-0882 Exec Code Overflow 2005-01-27 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x through 3.0.7 may allow remote attackers to execute arbitrary code via a TRANSACT2_QFILEPATHINFO request with a small "maximum data bytes" value.
Total number of vulnerabilities : 18   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.