LiveActive security incident?Get immediate response
CVE archive

February 2005

Browse CVE records published in February 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 461 matching CVEs · Page 1 of 10.

Unknown · CVSS Not scored

CVE-2005-4716: Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of se...

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes.

Published Feb 15, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4718: Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafte...

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.

Published Feb 15, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4690: Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitra...

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory. NOTE: this issue can be used in conjunction with CVE-2005-3102 to create or overwrite arbitrary files of all types.

Published Feb 1, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4717: Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, a...

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.

Published Feb 15, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4720: Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client cra...

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.

Published Feb 15, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4702: SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attack...

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. In addition, the demonstration code as used by third parties suggests that this might be a different type of vulnerability related to shell metacharacters. Finally, this could be a rediscovery of CVE-2004-1430.

Published Feb 1, 2006 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4878: Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrus...

Multiple cross-site scripting (XSS) vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to inject arbitrary web script or HTML via the sig[1] parameter and possibly other parameters, a different vulnerability than CVE-2007-6156.

Published Feb 18, 2009 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4828: Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong pl...

Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments. NOTE: it is not clear whether this issue crosses privilege boundaries, so this might not be a vulnerability.

Published Feb 12, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4827: Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin secur...

Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces. NOTE: this issue can be leveraged to conduct referer spoofing, HTTP Request Smuggling, and other attacks.

Published Feb 7, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4709: The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3...

The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.

Published Feb 2, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-4713: Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7p...

Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.

Published Feb 13, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-4719: Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to...

Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php.

Published Feb 15, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-4681: Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long...

Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerability. The above report describes a local bug in mIRC." It could be that this is only exploitable by the user of the application, and thus would not cross privilege boundaries unless under an otherwise restrictive environment such as a kiosk

Published Feb 1, 2006 · Updated Aug 7, 2024