CyberSecurityBoard
Sponsor Register Login

CVE-2005-0336

Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML.

Publication date: Mon, 02 May 2005 09:00:00 +0000


Cyber News related to CVE-2005-0336

CVE-2017-0336 - An information disclosure vulnerability in the NVIDIA GPU driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without ...
7 years ago
CVE-2005-0336 - Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page ...
7 years ago
CVE-2015-0336 - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different ...
7 years ago
CVE-2015-0334 - Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different ...
7 years ago
CVE-2007-0336 - Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition. ...
16 years ago
CVE-2000-0336 - Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack. ...
16 years ago
CVE-2010-0336 - Unspecified vulnerability in the kiddog_mysqldumper (kiddog_mysqldumper) extension 0.0.3 and earlier for TYPO3 allows remote attackers to obtain sensitive information via unknown attack vectors. ...
13 years ago
CVE-2014-0336 - Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that use the user_new_master parameter to the ...
11 years ago
CVE-2002-0336 - Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a LIST command containing a large number of / (slash), * (wildcard), and .. ...
8 years ago
CVE-2003-0336 - Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora. ...
8 years ago
CVE-2006-0336 - Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". ...
7 years ago
CVE-2008-0336 - Multiple cross-site request forgery (CSRF) vulnerabilities in BugTracker.NET before 2.7.2 allow remote attackers to delete arbitrary bugs and perform other administrative tasks via unspecified vectors, possibly related to delete_*.aspx pages, and ...
7 years ago
CVE-2013-0336 - The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (crash) via a connection request without a ...
7 years ago
CVE-2009-0336 - Katy Whitton BlogIt! stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for database/Blog.mdb. NOTE: some of ...
7 years ago
CVE-2004-0336 - LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory. ...
7 years ago
CVE-2016-0336 - Cross-site scripting (XSS) vulnerability in IBM Security Identity Manager (ISIM) Virtual Appliance 7.0.0.0 through 7.0.1.0 before 7.0.1-ISS-SIM-FP0001 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago
CVE-2001-0336 - The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. ...
6 years ago
CVE-2018-0336 - A vulnerability in the batch provisioning feature of Cisco Prime Collaboration Provisioning could allow an authenticated, remote attacker to escalate privileges to the Administrator level. The vulnerability is due to insufficient authorization ...
5 years ago
CVE-2020-0336 - In SurfaceFlinger, there is possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: ...
3 years ago
CVE-1999-0336 - Buffer overflow in mstm in HP-UX allows local users to gain root access. ...
2 years ago
CVE-2023-0336 - The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment. ...
2 years ago
CVE-2021-0336 - In onReceive of BluetoothPermissionRequest.java, there is a possible permissions bypass due to a mutable PendingIntent. This could lead to local escalation of privilege that bypasses a permission check, with User execution privileges needed. User ...
1 year ago
CVE-2022-0336 - The Samba AD DC includes checks when adding service principals names (SPNs) to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that ...
1 year ago
CVE-2024-0336 - Improper Access Control vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PDKS: before 20240603.  ...
10 months ago
CVE-2025-0336 - A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible ...
2 months ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)