CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2005-0754 – KDE Security Advisory 2005-04-20.1
https://notcve.org/view.php?id=CVE-2005-0754
22 Apr 2005 — Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 1CVE-2005-1121 – Gentoo Linux Security Advisory 200505-2
https://notcve.org/view.php?id=CVE-2005-1121
16 Apr 2005 — Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL. A format string flaw has been detected in the my_xlog() function of the Oops! proxy, which is called by the passwd_mysql and passwd_pgsql module's auth() functions. Versions less than 1.5.24_pre20050503 are affected. • http://rst.void.ru/papers/advisory24.txt •
CVSS: 6.3EPSS: 0%CPEs: 104EXPL: 0CVE-2005-0988 – Gentoo Linux Security Advisory 200505-5
https://notcve.org/view.php?id=CVE-2005-0988
06 Apr 2005 — Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. The gzip and gunzip programs are vulnerable to a race condition when setting file permissions (CVE-2005-0988), as well as improper handling of filename restoration (CVE-2005-1228). The zgrep utility improperly sanitizes argumen... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 9.8EPSS: 3%CPEs: 27EXPL: 0CVE-2005-0667 – Gentoo Linux Security Advisory 200503-26
https://notcve.org/view.php?id=CVE-2005-0667
07 Mar 2005 — Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. Sylpheed and Sylpheed-claws fail to properly handle non-ASCII characters in email headers when composing reply messages. Versions less than 1.0.3 are affected. • http://secunia.com/advisories/14491 •
CVSS: 8.8EPSS: 0%CPEs: 12EXPL: 0CVE-2005-0535 – Gentoo Linux Security Advisory 200502-33
https://notcve.org/view.php?id=CVE-2005-0535
22 Feb 2005 — Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to perform unauthorized actions as authenticated MediaWiki users. A security audit of the MediaWiki project discovered that MediaWiki is vulnerable to several cross-site scripting and cross-site request forgery attacks, and that the image deletion code does not sufficiently sanitize input parameters. Versions less than 1.3.11 are affected. • http://secunia.com/advisories/14360 •
CVSS: 7.5EPSS: 1%CPEs: 10EXPL: 0CVE-2005-0470
https://notcve.org/view.php?id=CVE-2005-0470
19 Feb 2005 — Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. • http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html •
CVSS: 9.1EPSS: 6%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-0077 – dsa-658.txt
https://notcve.org/view.php?id=CVE-2005-0077
26 Jan 2005 — The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. The Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. • http://marc.info/?l=bugtraq&m=110667936707597&w=2 •
CVSS: 8.8EPSS: 3%CPEs: 57EXPL: 1CVE-2005-0005 – iDEFENSE Security Advisory 2005-01-17.t
https://notcve.org/view.php?id=CVE-2005-0005
18 Jan 2005 — Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers. Remote exploitation of a buffer overflow vulnerability in The ImageMagick's Project's ImageMagick PSD image-decoding module could allow an attacker to execute arbitrary code. Versions 6.1.7 and below are affected. • http://marc.info/?l=bugtraq&m=110608222117215&w=2 •
CVSS: 9.1EPSS: 0%CPEs: 47EXPL: 0CVE-2004-1004 – dsa-639.txt
https://notcve.org/view.php?id=CVE-2004-1004
16 Jan 2005 — Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact. Múltiples vulnerabilidades de cadena de formato en Midnight Commander (mc) 4.5.55 y versiones anteriores, permiten a atacantes remotos ejecutar acciones de impacto desconocido. Andrew V. Samoilov has noticed that several bugfixes which were applied to the source by upstream developers of mc, the midnight commander, a file browser and manager, were not backported to the curre... • http://secunia.com/advisories/13863 •