Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php.
Max CVSS
6.8
EPSS Score
2.29%
Published
2004-08-18
Updated
2017-10-11
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
Max CVSS
5.0
EPSS Score
1.28%
Published
2005-08-15
Updated
2024-02-14
Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an incoming message.
Max CVSS
7.5
EPSS Score
6.76%
Published
2005-07-26
Updated
2017-10-11
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows remote attackers to inject arbitrary web script via HTML attributes in page templates.
Max CVSS
4.3
EPSS Score
0.29%
Published
2005-06-06
Updated
2008-09-05
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information.
Max CVSS
2.1
EPSS Score
0.07%
Published
2005-08-16
Updated
2018-10-19
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters.
Max CVSS
5.0
EPSS Score
3.36%
Published
2005-08-16
Updated
2018-10-19
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a large number of AIM substitution strings, such as %t or %n.
Max CVSS
9.8
EPSS Score
20.27%
Published
2005-08-16
Updated
2024-02-02
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web script or HTML via a parameter in the page move template, a different vulnerability than CVE-2005-1888.
Max CVSS
4.3
EPSS Score
0.24%
Published
2005-07-12
Updated
2008-09-05
PowerDNS before 2.9.18, when running with an LDAP backend, does not properly escape LDAP queries, which allows remote attackers to cause a denial of service (failure to answer ldap questions) and possibly conduct an LDAP injection attack.
Max CVSS
5.0
EPSS Score
1.69%
Published
2005-07-19
Updated
2016-10-18
PowerDNS before 2.9.18, when allowing recursion to a restricted range of IP addresses, does not properly handle questions from clients that are denied recursion, which could cause a "blank out" of answers to those clients that are allowed to use recursion.
Max CVSS
2.1
EPSS Score
0.05%
Published
2005-07-19
Updated
2016-10-18
Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.97%
Published
2005-08-10
Updated
2017-10-11
Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.97%
Published
2005-08-10
Updated
2017-10-11
Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets.
Max CVSS
5.0
EPSS Score
1.07%
Published
2005-08-10
Updated
2017-10-11
Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.97%
Published
2005-08-10
Updated
2017-10-11
Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference.
Max CVSS
5.0
EPSS Score
0.92%
Published
2005-08-10
Updated
2017-10-11
Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.97%
Published
2005-08-10
Updated
2017-10-11
Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors.
Max CVSS
5.0
EPSS Score
0.97%
Published
2005-08-10
Updated
2017-10-11
Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet.
Max CVSS
7.5
EPSS Score
1.39%
Published
2005-08-10
Updated
2017-10-11
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors.
Max CVSS
7.5
EPSS Score
1.86%
Published
2005-08-16
Updated
2017-07-11
pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.
Max CVSS
7.5
EPSS Score
2.05%
Published
2005-08-05
Updated
2017-10-11
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!