CVE-2004-1995

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm.

Publication date: Fri, 31 Dec 2004 11:00:00 +0000

Cyber News related to CVE-2004-1995

CVE-2017-10604 - When the device is configured to perform account lockout with a defined period of time, any unauthenticated user attempting to log in as root with an incorrect password can trigger a lockout of the root account. When an SRX Series device is in ...
5 years ago

CVE-2004-1995 - Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. ...
11 months ago

CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
55 years ago Tenable.com

CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
55 years ago Tenable.com

CVE-2002-1995 - Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the filnavn parameter. ...
16 years ago

CVE-2008-1995 - Sun Java System Directory Proxy Server 6.0, 6.1, and 6.2 classifies a connection using the "bind-dn" criteria, which can cause an incorrect application of policy and allows remote attackers to bypass intended access restrictions for the ...
13 years ago

CVE-2009-1995 - Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_INV. ...
12 years ago

CVE-2014-1995 - Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ...
10 years ago

CVE-2015-1995 - Multiple cross-site scripting (XSS) vulnerabilities in IBM Security QRadar Incident Forensics 7.2.x before 7.2.5 Patch 5 allow remote attackers to inject arbitrary web script or HTML via a crafted URL. ...
9 years ago

CVE-2016-1995 - HPE System Management Homepage before 7.5.4 allows remote attackers to execute arbitrary code via unspecified vectors. ...
8 years ago

CVE-2005-1995 - Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message. ...
7 years ago

CVE-2007-1995 - bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon crash or exit) ...
1 year ago

CVE-2010-1995 - Multiple cross-site scripting (XSS) vulnerabilities in index.php in TomatoCMS before 2.0.5 allow remote authenticated users, with "Add new article" privileges, to inject arbitrary web script or HTML via the (1) title, (2) subTitle, and (3) ...
6 years ago

CVE-2006-1995 - Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the ...
6 years ago

CVE-2012-1995 - Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows local users to obtain sensitive information or modify data via unknown vectors. ...
5 years ago

CVE-2020-1995 - A NULL pointer dereference vulnerability in Palo Alto Networks PAN-OS allows an authenticated administrator to send a request that causes the rasmgr daemon to crash. Repeated attempts to send this request result in denial of service to all PAN-OS ...
4 years ago

CVE-2019-11687 - An issue was discovered in the DICOM Part 10 File Format in the NEMA DICOM Standard 1995 through 2019b. The preamble of a DICOM file that complies with this specification can contain the header for an executable file, such as Portable Executable (PE) ...
5 years ago

CVE-2013-1995 - X.org libXi 1.7.1 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to an unexpected sign extension in the XListInputDevices function. ...
4 years ago

CVE-2011-1995 - Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that was not properly initialized, aka "OLEAuto32.dll Remote Code Execution ...
2 years ago

CVE-2021-1995 - Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 10.3.6.0.0 and 12.1.3.0.0. Easily exploitable vulnerability allows low privileged attacker with ...
3 years ago

CVE-2019-1995 - In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email ...
3 years ago

CVE-2021-44568 - Two heap-overflow vulnerabilities exist in openSUSE/libsolv libsolv through 13 Dec 2020 in the decisionmap variable via the resolve_dependencies function at src/solver.c (line 1940 & line 1995), which could cause a remote Denial of Service. ...
2 years ago

CVE-2022-1995 - The Malware Scanner WordPress plugin before 4.5.2 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when ...
2 years ago

CVE-2023-1995 - Insufficient Logging vulnerability in Hitachi HiRDB Server, HiRDB Server With Addtional Function, HiRDB Structured Data Access Facility.This issue affects HiRDB Server: before 09-60-39, before 09-65-23, ...
1 year ago

CVE-2017-1995 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

Latest Cyber News

CVE-2024-56841 - 1 day ago
CVE-2024-47100 - 1 day ago
CVE-2024-53649 - 1 day ago
CVE-2024-12240 - 1 day ago
CVE-2024-45385 - 1 day ago
CVE-2024-12919 - 1 day ago
CVE-2025-20016 - 1 day ago
CVE-2025-20055 - 1 day ago
CVE-2025-20620 - 1 day ago
CVE-2025-0393 - 1 day ago
CVE-2025-0394 - 1 day ago
CVE-2024-11736 - 1 day ago
CVE-2024-13156 - 1 day ago
CVE-2024-11734 - 1 day ago
CVE-2024-12365 - 1 day ago
CVE-2024-12006 - 1 day ago
CVE-2024-12008 - 1 day ago
CVE-2024-13323 - 1 day ago
CVE-2024-13348 - 1 day ago
CVE-2025-23082 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-22828 - 2 days ago
CVE-2024-56065 - 1 day ago
CVE-2024-56301 - 1 day ago
CVE-2025-22314 - 1 day ago
CVE-2025-22337 - 1 day ago
CVE-2025-22344 - 1 day ago
CVE-2025-22498 - 1 day ago
CVE-2025-22499 - 1 day ago
CVE-2025-22506 - 1 day ago
CVE-2025-22514 - 1 day ago
CVE-2025-22567 - 1 day ago
CVE-2025-22568 - 1 day ago
CVE-2025-22569 - 1 day ago
CVE-2025-22570 - 1 day ago
CVE-2025-22576 - 1 day ago
CVE-2025-22583 - 1 day ago
CVE-2025-22586 - 1 day ago
CVE-2025-22588 - 1 day ago
CVE-2025-22777 - 1 day ago
CVE-2025-22800 - 1 day ago