Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2005-4858

около 20 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-4857

около 20 лет назад

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2005-4856

около 20 лет назад

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4855

около 20 лет назад

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

CVSS2: 3.5
EPSS: Низкий
nvd логотип

CVE-2005-4854

около 20 лет назад

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4853

около 20 лет назад

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

CVSS2: 9.4
EPSS: Низкий
nvd логотип

CVE-2005-4852

около 20 лет назад

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4851

около 20 лет назад

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2005-4850

около 20 лет назад

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4849

около 20 лет назад

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4848

около 20 лет назад

Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2005-4847

около 20 лет назад

Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2005-4846

около 20 лет назад

Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2005-4845

около 20 лет назад

The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2005-4844

около 20 лет назад

The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.1
EPSS: Средний
nvd логотип

CVE-2005-4843

около 20 лет назад

The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.8
EPSS: Средний
nvd логотип

CVE-2005-4842

около 20 лет назад

The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.1
EPSS: Средний
nvd логотип

CVE-2005-4841

около 20 лет назад

The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.1
EPSS: Средний
nvd логотип

CVE-2005-4840

около 20 лет назад

The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.

CVSS2: 4.3
EPSS: Средний
nvd логотип

CVE-2005-4839

около 20 лет назад

PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2005-4858

Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element.

CVSS2: 4.3
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4857

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".

CVSS2: 4
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4856

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

CVSS2: 5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4855

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

CVSS2: 3.5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4854

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

CVSS2: 5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4853

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

CVSS2: 9.4
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4852

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.

CVSS2: 5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4851

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

CVSS2: 4
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4850

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

CVSS2: 5
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4849

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

CVSS2: 5
2%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4848

Buffer overflow in the decompression algorithm in Research in Motion BlackBerry Enterprise Server 4.0 SP1 and earlier before 20050607 might allow remote attackers to execute arbitrary code via certain data packets.

CVSS2: 7.5
3%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4847

Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846.

CVSS2: 10
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4846

Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.

CVSS2: 4.3
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4845

The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2005-4844

The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.1
12%
Средний
около 20 лет назад
nvd логотип
CVE-2005-4843

The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.8
13%
Средний
около 20 лет назад
nvd логотип
CVE-2005-4842

The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.1
12%
Средний
около 20 лет назад
nvd логотип
CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

CVSS2: 7.1
12%
Средний
около 20 лет назад
nvd логотип
CVE-2005-4840

The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.

CVSS2: 4.3
29%
Средний
около 20 лет назад
nvd логотип
CVE-2005-4839

PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.

CVSS2: 5
0%
Низкий
около 20 лет назад

Уязвимостей на страницу