CAN-2005-0605

Technical details about CVE-2005-0605 are not provided in the supplied documents; linked entries reference the CVE but do not describe affected products, root cause, or fixes. Monitor for updates.

CAN-2005-1523

CVE-2005-1523 is a format-string vulnerability in the GNU Mailutils imap4d server (also reflected in Debian Gentoo advisories) that may allow a remote attacker to execute arbitrary code with the IMAP service privileges. The connected advisories describe that the issue stems from insufficient sani...

CAN-2005-0523

The CVE-2005-0523 entry pertains to ProZilla (versions up to 1.3.7.3 and earlier). A format string vulnerability in the Location header allows remote attackers to execute arbitrary code with the user’s privileges. Debian’s DSA-719-1 and related advisories fix the issue by upgrading ProZilla to la...

CAN-2005-0525

Technical details for CVE-2005-0525 are not publicly available in the provided documents. Monitor for updates.

CAN-2005-1546

CVE-2005-1546 is a buffer overflow vulnerability in ht’s PE parser, affecting ht packages in Debian (and cited in DSA-743-1). The issue was fixed in ht 0.8.0-2sarge4 (and related updates for woody before that). The Debian advisories describe the vulnerability and recommend upgrading ht to mitigat...

CAN-2005-1858

This CVE affects FUSE (filesystem in userspace): FUSE 2.x before 2.3.0 fails to clear memory from unfilled pages after a read returns a short byte count, potentially allowing local users to disclose sensitive information. The Debian advisory (DSA-744-1) links CVE-2005-1858 to fuse and notes a fix...

CAN-2005-1853

CVE-2005-1853 affects the Gopher client (gopher.c) in version 3.0.5, where improper creation of temporary files permits local users to gain privileges. Multiple sources (Red Hat advisory, CVE listing, Debian/Debian OSSVOS) confirm the flaw and its local-privilege elevation impact. Debian’s DSA-77...

CAN-2005-1914

CVE-2005-1914 affects CenterICQ 4.20.0 and earlier. The vulnerability arises because CenterICQ creates temporary files with predictable filenames, enabling local attackers to overwrite arbitrary files via a symlink attack on the gg.token.PID temporary file. The available connected documents confi...

CAN-2005-1686

CVE-2005-1686 is a format-string vulnerability in gedit (GNOME text editor) affecting multiple platforms. Connected advisories note a flaw in gedit’s filename handling that could permit arbitrary code execution. Public fixes exist across affected OS families, including Solaris patches (e.g., 1202...

CAN-2005-2256

CVE-2005-2256 relates to phppgadmin (PHP scripts for PostgreSQL web administration). The issue is missing input sanitising in phppgadmin, which can lead to disclosure of sensitive information. Exploitation requires that magic_quotes_gpc is disabled. Debian/DSA advisories (DSA-759-1) note the fix ...

CAN-2005-2724

CVE-2005-2724 is a real cross-site scripting (XSS) issue in SqWebmail, part of the Courier suite. The vulnerability arises from missing input sanitising in the handling of file attachments, enabling a remote attacker to inject script/HTML that may execute in a user’s browser when attachments are ...

CAN-2005-1937

CVE-2005-1937 appears across multiple advisories tied to Mozilla/Firefox components. Connected documents show CVSS base 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) and references in Ubuntu USN-149-1, Debian DSA-810-1, Gentoo GLSA 200507-24, FreeBSD ports Firefox advisories. Affected products include Firefox...

CAN-2005-2761

CVE-2005-2761 is associated with phpGroupWare and is documented in Debian DSA-798-1 and related OpenVAS entries. The vulnerability refers to a global cross-site scripting fix designed to protect against malicious scripts embedded in CSS and xmlns across various phpGroupWare components. Remediatio...

CAN-2005-1532

CVE-2005-1532 is a vulnerability in Mozilla-based applications (Mozilla Suite/Firefox/Thunderbird) caused by insufficient validation in handling JavaScript eval and Script objects, enabling remote code execution with the privileges of the logged-in user. Public advisories reference this CVE along...

CAN-2005-1636

CVE-2005-1636 is a MySQL vulnerability describing an insecure temporary file handling bug in the mysql_install_db script that could allow a local user to execute arbitrary SQL commands during installation. Public advisories (RHSA-2005:685, DSA-783-1, CentOS CES A-2005:685, MDKSA-2006:045) cite up...

CAN-2005-2641

The CAN-2005-2641 entry corresponds to a pam_ldap authentication bypass vulnerability. The connected documents confirm: the pam_ldap module before version 180 does not properly handle a new PasswordPolicyControl, enabling possible privilege escalation via authentication bypass. The impact stated ...

CAN-2005-2088

The connected Nessus document lists CVE-2005-2088 as an HTTP Request Smuggling issue in Apache httpd when acting as a proxy: Apache 1.3.x before 1.3.34 and 2.0.x before 2.0.55 are vulnerable to crafted requests with both Transfer-Encoding: chunked and Content-Length headers, leading to misinterpr...

CAN-2005-2627

CAN-2005-2627 and CAN-2005-2626 affect the kismet wireless sniffer. The Debian/OSS advisories describe CAN-2005-2627 as multiple integer underflows that could allow remote code execution, and CAN-2005-2626 as insecure handling of unprintable SSID characters. OpenVAS entries mirror these issues an...

CAN-2005-2101

CVE-2005-2101 concerns the KDE kdeedu suite, where the lange n2kvhtml converter (langen2kvhtml) creates insecure temporary files in /tmp with predictable names. This local-privilege issue allows a non-privileged user to potentially overwrite files, as described in Debian security advisories (DSA-...

CAN-2005-2536

CVE-2005-2536 affects pstotext, which failed to use Ghostscript -dSAFER, allowing remote attackers to exploit malformed PostScript/PDF files to execute arbitrary commands. The issue is documented in Debian DSA-792-1 and OSSC/NASL entries, stating that pstotext did not invoke -dSAFER and that fixe...