LiveActive security incident?Get immediate response
CVE archive

February 2005

Browse CVE records published in February 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 461 matching CVEs · Page 3 of 10.

Unknown · CVSS Not scored

CVE-2005-0546: Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1...

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.

Published Feb 25, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0543: Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HT...

Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.

Published Feb 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0545: Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypa...

Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive. NOTE: this issue has been disputed in a followup post.

Published Feb 25, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0544: phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) s...

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.

Published Feb 24, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0490: Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote...

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

Published Feb 21, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0486: Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.3...

Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and Tarantella Enterprise 3 3.40 and 3.30, when using RSA SecurID and multiple users have the same username, reveals sensitive information during authentication, which allows remote attackers to identify valid usernames and the authentication scheme.

Published Feb 19, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-0471: Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a fi...

Sun Java JRE 1.1.x through 1.4.x writes temporary files with long filenames that become predictable on a file system that uses 8.3 style short names, which allows remote attackers to write arbitrary files to known locations and facilitates the exploitation of vulnerabilities in applications that rely on unpredictable file names.

Published Feb 19, 2005 · Updated Aug 7, 2024