CyberSecurityBoard
Sponsor Register Login

CVE-2004-2565

Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read arbitrary files via (1) a "..\" (dot dot backslash) in the file parameter to showini.asp, or (2) an absolute path with drive letter in the log parameter to showlog.asp.

Publication date: Fri, 31 Dec 2004 11:00:00 +0000


Cyber News related to CVE-2004-2565

CVE-2013-1748 - Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view.php id vector is already covered by ...
11 years ago
CVE-2004-2565 - Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta 2 on Windows, and possibly other versions on Linux, when the administrative IP address restrictions have been modified from the default, allow remote authenticated users to read ...
7 years ago
CVE-2004-1159 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1122, CVE-2004-1314. Reason: this was an out-of-band assignment duplicate intended for one issue, but the description and references inadvertently combined multiple issues. ...
55 years ago Tenable.com
CVE-2004-0868 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0866. Reason: This candidate is a duplicate of CVE-2004-0866. Notes: The description for CVE-2004-0866 was inadvertently attached to this issue instead. All CVE users should ...
55 years ago Tenable.com
CVE-2012-1911 - Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already ...
7 years ago
CVE-2009-2608 - Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are ...
6 years ago
CVE-2012-2565 - Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table approach. ...
12 years ago
CVE-2014-2565 - The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injection." ...
10 years ago
CVE-2015-2565 - Unspecified vulnerability in the Oracle Installed Base component in Oracle E-Business Suite 11.5.10.2, 12.0.4, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect integrity via unknown vectors related to Create Item Instance. ...
8 years ago
CVE-2016-2565 - Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. ...
7 years ago
CVE-2005-2565 - Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive information via (1) a 1 in the perm parameter to deletethread.php or a direct request to (2) ban.php, (3) addnews.php, (4) banned.php, (5) boardstats.php, (6) adminform.php, (7) ...
7 years ago
CVE-2009-2565 - Cross-site scripting (XSS) vulnerability in Perl CGI's By Mrs. Shiromuku shiromuku(fs6)DIARY 2.40 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago
CVE-2018-2565 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: InnoDB). Supported versions that are affected are 5.7.20 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple ...
7 years ago
CVE-2008-2565 - Multiple SQL injection vulnerabilities in PHP Address Book 3.1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.php and (2) edit.php. NOTE: it was later reported that 4.0.x is also affected. ...
6 years ago
CVE-2007-2565 - Cdelia Software ImageProcessing allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted BMP file. ...
6 years ago
CVE-2006-2565 - SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can ...
6 years ago
CVE-2013-2565 - A vulnerability in Mambo CMS v4.6.5 where the scripts thumbs.php, editorFrame.php, editor.php, images.php, manager.php discloses the root path of the webserver. ...
5 years ago
CVE-2019-2565 - Vulnerability in the JD Edwards World Technical Foundation component of Oracle JD Edwards Products (subcomponent: Service Enablement). Supported versions that are affected are A9.2, A9.3.1 and A9.4. Easily exploitable vulnerability allows ...
4 years ago
CVE-2020-2565 - Vulnerability in the Oracle Solaris product of Oracle Systems (component: Consolidation Infrastructure). The supported version that is affected is 11. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure ...
2 years ago
CVE-2022-2565 - The Simple Payment Donations & Subscriptions WordPress plugin before 4.2.1 does not sanitise and escape user input given in its forms, which could allow unauthenticated attackers to perform Cross-Site Scripting attacks against admins ...
2 years ago
CVE-2023-2565 - A vulnerability has been found in SourceCodester Multi Language Hotel Management Software 1.0 and classified as problematic. This vulnerability affects unknown code of the file ajax.php of the component POST Parameter Handler. The manipulation of the ...
1 year ago
CVE-2010-2565 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2010. Notes: none ...
55 years ago Tenable.com
CVE-2024-2565 - A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file ...
1 year ago
CVE-2022-48691 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago
CVE-2025-2565 - The data exposure vulnerability in Liferay Portal 7.4.0 through 7.4.3.126, and Liferay DXP 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 ...
1 week ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)