CyberSecurityBoard
Sponsor Register Login

CVE-2005-0366

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

Publication date: Mon, 02 May 2005 09:00:00 +0000


Cyber News related to CVE-2005-0366

CVE-2005-0366 - The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are ...
4 years ago
CVE-2013-0361 - Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a ...
10 years ago
CVE-2013-0366 - Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a ...
10 years ago
CVE-2014-0369 - Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2015-0366. ...
8 years ago
CVE-2015-0366 - Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality via unknown vectors related to Java Integration, a different vulnerability than CVE-2014-0369. ...
7 years ago
CVE-2022-0366 - An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1. ...
1 year ago
CVE-2003-0366 - lyskom-server 2.0.7 and earlier allows unauthenticated users to cause a denial of service (CPU consumption) via a large query. ...
16 years ago
CVE-2000-0366 - dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files. ...
16 years ago
CVE-2009-0366 - The uncompress_buffer function in src/server/simple_wml.cpp in Wesnoth before r33069 allows remote attackers to cause a denial of service via a large compressed WML document. ...
15 years ago
CVE-2012-0366 - Cisco Unity Connection before 7.1.3b(Su2) allows remote authenticated users to change the administrative password by leveraging the Help Desk Administrator role, aka Bug ID CSCtd45141. ...
12 years ago
CVE-2014-0366 - Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.3, and 12.2.2 allows remote authenticated users to affect confidentiality via unknown vectors related to Attachments. ...
10 years ago
CVE-2004-0366 - SQL injection vulnerability in the libpam-pgsql library before 0.5.2 allows attackers to execute arbitrary SQL statements. ...
7 years ago
CVE-2007-0366 - Untrusted search path vulnerability in Rumpus 5.1 and earlier allows local users to gain privileges via a modified PATH that points to a malicious ipfw program. ...
7 years ago
CVE-2010-0366 - Multiple unrestricted file upload vulnerabilities in (1) register.php and (2) addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then ...
7 years ago
CVE-2001-0366 - saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. ...
7 years ago
CVE-2016-0366 - IBM Security Identity Manager Virtual Appliance 7.0.x before 7.0.1.3-ISS-SIM-IF0001 might allow remote attackers to obtain sensitive information by leveraging weak encryption. IBM X-Force ID: 112071. ...
6 years ago
CVE-2017-0366 - Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration. ...
1 year ago
CVE-1999-0366 - In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value. ...
1 year ago
CVE-2008-0366 - CORE FORCE before 0.95.172 does not properly validate arguments to SSDT hook handler functions in the Registry module, which allows local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via ...
6 years ago
CVE-2006-0366 - Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag. A simple fix has been released on the Main PCW site available directly at ...
6 years ago
CVE-2002-0366 - Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry. ...
5 years ago
CVE-2018-0366 - A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface ...
5 years ago
CVE-2020-0366 - In PackageInstaller, there is a possible permissions bypass due to a tapjacking vulnerability. This could lead to local escalation of privilege using an app set as the default Assist app with User execution privileges needed. User interaction is ...
3 years ago
CVE-2021-0366 - In vpu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-10, ...
3 years ago
CVE-2023-0366 - The Loan Comparison WordPress plugin before 1.5.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)