CVE-2005-0638
https://notcve.org/view.php?id=CVE-2005-0638
xloadimage before 4.1-r2, and xli before 1.17, allows attackers to execute arbitrary commands via shell metacharacters in filenames for compressed images, which are not properly quoted when calling the gunzip command. • http://bugs.gentoo.org/show_bug.cgi?id=79762 http://secunia.com/advisories/14459 http://secunia.com/advisories/14462 http://security.gentoo.org/glsa/glsa-200503-05.xml http://support.avaya.com/elmodocs2/security/ASA-2005-134_RHSA-2005-332.pdf http://www.debian.org/security/2005/dsa-695 http://www.osvdb.org/14365 http://www.redhat.com/support/errata/RHSA-2005-332.html http://www.securityfocus.com/archive/1/433935/30/5010/threaded http://www.securityfocus.com/bi •
CVE-2005-0639
https://notcve.org/view.php?id=CVE-2005-0639
Multiple vulnerabilities in xli before 1.17 may allow remote attackers to execute arbitrary code via "buffer management errors" from certain image properties, some of which may be related to integer overflows in PPM files. • http://bugs.gentoo.org/show_bug.cgi?id=79762 http://secunia.com/advisories/14459 http://security.gentoo.org/glsa/glsa-200503-05.xml http://www.debian.org/security/2005/dsa-695 •
CVE-2005-0605 – libxpm buffer overflow
https://notcve.org/view.php?id=CVE-2005-0605
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.57/SCOSA-2005.57.txt ftp://patches.sgi.com/support/free/security/advisories/20060403-01-U http://bugs.gentoo.org/show_bug.cgi?id=83598 http://bugs.gentoo.org/show_bug.cgi?id=83655 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://secunia.c •
CVE-2005-0470
https://notcve.org/view.php?id=CVE-2005-0470
Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers to cause a denial of service (segmentation fault) via invalid EAPOL-Key packet data. • http://lists.shmoo.com/pipermail/hostap/2005-February/009465.html http://secunia.com/advisories/14313 http://securitytracker.com/id?1013226 http://www.gentoo.org/security/en/glsa/glsa-200502-22.xml https://exchange.xforce.ibmcloud.com/vulnerabilities/19357 •
CVE-2005-0085
https://notcve.org/view.php?id=CVE-2005-0085
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ht://dig (htdig) anteriores a 3.1.6r7 permite a atacantes remotos ejecutar script web de su elección o HTML mediante el parámetro config, que no es limpiado adecuamante antes de ser mostrado en le mensaje de error. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt http://secunia.com/advisories/14255 http://secunia.com/advisories/14276 http://secunia.com/advisories/14303 http://secunia.com/advisories/14795 http://secunia.com/advisories/15007 http://secunia.com/advisories/17414 http://secunia.com/advisories/17415 http://securitytracker.com/id?1013078 http://www.debian.org/security/2005/dsa-680 http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml http •