LiveActive security incident?Get immediate response
CVE archive

April 2005

Browse CVE records published in April 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 444 matching CVEs · Page 5 of 9.

Unknown · CVSS Not scored

CVE-2005-1184: The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU co...

The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets. NOTE: some followups indicate that this issue could not be replicated.

Published Apr 19, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1191: The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter...

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

Published Apr 19, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1179: Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55...

Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703.

Published Apr 19, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1159: The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite...

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

Published Apr 18, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1146: NOTE: this issue has been disputed by the vendor.

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in the login command in calendar.pl in CalendarScript 3.21 allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-1145

Published Apr 16, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1112: IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows...

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.

Published Apr 16, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1127: Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylis...

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.

Published Apr 16, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1157: Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace exist...

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

Published Apr 18, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-1145: NOTE: this issue has been disputed by the vendor.

NOTE: this issue has been disputed by the vendor. Cross-site scripting (XSS) vulnerability in calendar.pl in CalendarScript 3.20 allows remote attackers to inject arbitrary web script or HTML via the template parameter, a different vulnerability than CVE-2005-1146

Published Apr 16, 2005 · Updated Aug 7, 2024