CyberSecurityBoard
Sponsor Register Login

CVE-2004-1912

The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.

Publication date: Fri, 31 Dec 2004 11:00:00 +0000


Cyber News related to CVE-2004-1912

CVE-2004-1912 - The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which ...
7 years ago
CVE-2021-21990 - VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to ...
2 years ago
CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
55 years ago Tenable.com
CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
55 years ago Tenable.com
CVE-2005-1912 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1841. Reason: This candidate is a duplicate of CVE-2005-1841. Notes: this duplicate occurred as a result of separate assignments by multiple CNAs, one to the researcher and one ...
55 years ago Tenable.com
CVE-2012-1912 - Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566. ...
7 years ago
CVE-2021-1912 - Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile ...
3 years ago
CVE-2002-1912 - SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel panic) via a large number of packets. ...
16 years ago
CVE-2013-1912 - Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends to requests, allows remote attackers to cause a ...
11 years ago
CVE-2016-1912 - Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to ...
9 years ago
CVE-2009-1912 - Directory traversal vulnerability in src/func/language.php in webSPELL 4.2.0e and earlier allows remote attackers to include and execute arbitrary local .php files via a .. (dot dot) in a language cookie. NOTE: this can be leveraged for SQL injection ...
7 years ago
CVE-2007-1912 - Heap-based buffer overflow in Microsoft Windows allows user-assisted remote attackers to have an unknown impact via a crafted .HLP file. ...
7 years ago
CVE-2010-1912 - The SdcWebSecureBase interface in tgctlcm.dll in Consona Live Assistance, Dynamic Agent, and Subscriber Assistance allows remote attackers to bypass intended restrictions on ActiveX execution via "instantiation/free attacks." ...
6 years ago
CVE-2008-1912 - Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file. ...
6 years ago
CVE-2006-1912 - MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be ...
6 years ago
CVE-2018-1912 - IBM DOORS Next Generation (DNG/RRC) 6.0.2 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to ...
5 years ago
CVE-2014-1912 - Buffer overflow in the socket.recvfrom_into function in Modules/socketmodule.c in Python 2.5 before 2.7.7, 3.x before 3.3.4, and 3.4.x before 3.4rc1 allows remote attackers to execute arbitrary code via a crafted string. ...
5 years ago
CVE-2020-13884 - Citrix Workspace App before 1912 on Windows has Insecure Permissions and an Unquoted Path vulnerability which allows local users to gain privileges during the uninstallation of the application. ...
4 years ago
CVE-2020-13885 - Citrix Workspace App before 1912 on Windows has Insecure Permissions which allows local users to gain privileges during the uninstallation of the application. ...
4 years ago
CVE-2020-8207 - Improper access control in Citrix Workspace app for Windows 1912 CU1 and 2006.1 causes privilege escalation and code execution when the automatic updater service is running. ...
4 years ago
CVE-2020-1912 - An out-of-bounds read/write vulnerability when executing lazily compiled inner generator functions in Facebook Hermes prior to commit 091835377369c8fd5917d9b87acffa721ad2a168 allows attackers to potentially execute arbitrary code via crafted ...
4 years ago
CVE-2020-8200 - Improper authentication in Citrix StoreFront Server < 1912.0.1000 allows an attacker who is authenticated on the same Microsoft Active Directory domain as a Citrix StoreFront server to read arbitrary files from that server. ...
4 years ago
CVE-2019-1912 - A vulnerability in the web management interface of Cisco Small Business 220 Series Smart Switches could allow an unauthenticated, remote attacker to upload arbitrary files. The vulnerability is due to incomplete authorization checks in the web ...
4 years ago
CVE-2020-8270 - An unprivileged Windows user on the VDA or an SMB user can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285871 and CTX285872, 7.15 LTSR CU6 hotfix CTX285341 and CTX285342 ...
4 years ago
CVE-2020-8269 - An unprivileged Windows user on the VDA can perform arbitrary command execution as SYSTEM in CVAD versions before 2009, 1912 LTSR CU1 hotfixes CTX285870 and CTX286120, 7.15 LTSR CU6 hotfix CTX285344 and 7.6 LTSR CU9 ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)