LiveActive security incident?Get immediate response
CVE archive

October 2005

Browse CVE records published in October 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 300 matching CVEs · Page 2 of 6.

Unknown · CVSS Not scored

CVE-2005-3377: Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 en...

Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3373: Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file s...

Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3381: Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote...

Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3372: Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass...

Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3365: Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitr...

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php. NOTE: the mid parameter for forums.php is already associated with CVE-2005-0454. NOTE: the index.php/cid vector was later reported to affect 6.11.

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3375: Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a...

Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3370: Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus sc...

Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3374: Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file s...

Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3371: Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file...

Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3330: The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Amp...

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

Published Oct 27, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3312: The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site...

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.

Published Oct 26, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3310: Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote au...

Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer (CVE-2005-3312) and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in phpBB.

Published Oct 25, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3378: Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass viru...

Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3376: Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a f...

Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3382: Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus...

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3380: Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanni...

Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

Published Oct 29, 2005 · Updated Aug 7, 2024