CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 2CVE-2005-0844
https://notcve.org/view.php?id=CVE-2005-0844
Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information. • http://marc.info/?l=bugtraq&m=111151589203707&w=2 http://securitytracker.com/id?1013512 http://www.nta-monitor.com/news/vpn-flaws/nortel/nortel-client https://exchange.xforce.ibmcloud.com/vulnerabilities/19791 • CWE-310: Cryptographic Issues •
CVSS: 5.0EPSS: 12%CPEs: 3EXPL: 3CVE-2004-2549 – Nortel Wireless LAN Access Point 2200 Series - Denial of Service
https://notcve.org/view.php?id=CVE-2004-2549
Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 and (2) the HTTP service on TCP port 80, possibly due to a buffer overflow. • https://www.exploit-db.com/exploits/23786 https://github.com/alt3kx/CVE-2004-2549 http://archives.neohapsis.com/archives/fulldisclosure/2004-03/0055.html http://secunia.com/advisories/11034 http://securitytracker.com/id?1009294 http://www.osvdb.org/4128 http://www.securityfocus.com/bid/9787 http://www116.nortelnetworks.com/docs/bvdoc/wlan/216109a.pdf https://exchange.xforce.ibmcloud.com/vulnerabilities/15373 •
CVSS: 4.0EPSS: 0%CPEs: 5EXPL: 0CVE-2004-2621
https://notcve.org/view.php?id=CVE-2004-2621
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates a race condition that allows remote attackers to perform a man-in-the-middle (MITM) attack. • http://secunia.com/advisories/12881 http://securitytracker.com/id?1011846 http://www.osvdb.org/11002 http://www.securityfocus.com/bid/11495 http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?level=6&category=8&subcategory=6&subtype=&DocumentOID=276620&RenditionID=REND159588 https://exchange.xforce.ibmcloud.com/vulnerabilities/17812 •
CVSS: 5.0EPSS: 19%CPEs: 67EXPL: 1CVE-2004-1305 – Microsoft Windows Kernel - '.ANI' File Parsing Crash
https://notcve.org/view.php?id=CVE-2004-1305
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang. • https://www.exploit-db.com/exploits/721 http://marc.info/?l=bugtraq&m=110382854111833&w=2 http://www.kb.cert.org/vuls/id/177584 http://www.kb.cert.org/vuls/id/697136 http://www.us-cert.gov/cas/techalerts/TA05-012A.html http://www.xfocus.net/flashsky/icoExp https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-002 https://exchange.xforce.ibmcloud.com/vulnerabilities/18667 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.o •
CVSS: 5.0EPSS: 7%CPEs: 27EXPL: 2CVE-2004-1319
https://notcve.org/view.php?id=CVE-2004-1319
The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject arbitrary web script into other domains by setting a name for a window, opening a child page whose target is the window with the given name, then injecting the script from the parent into the child using execScript, as demonstrated by "AbusiveParent" in Internet Explorer 6.0.2900.2180. • http://archives.neohapsis.com/archives/bugtraq/2004-12/0167.html http://freehost07.websamba.com/greyhats/abusiveparent-discussion.htm http://secunia.com/advisories/13482 http://www.kb.cert.org/vuls/id/356600 http://www.securityfocus.com/bid/11950 http://www.us-cert.gov/cas/techalerts/TA05-039A.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2005/ms05-013 https://exchange.xforce.ibmcloud.com/vulnerabilities/18504 https://oval.cisecurity.org/repository/search/definitio •