CyberSecurityBoard
Sponsor Register Login

CVE-2005-0928

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

Publication date: Mon, 02 May 2005 09:00:00 +0000


Cyber News related to CVE-2005-0928

CVE-2004-1479 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-0928. Reason: This candidate is a duplicate of CVE-2004-0928. Notes: All CVE users should reference CVE-2004-0928 instead of this candidate. All references and descriptions in ...
56 years ago Tenable.com
CVE-2008-1112 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-0928. Reason: This candidate is a duplicate of CVE-2008-0928. Notes: All CVE users should reference CVE-2008-0928 instead of this candidate. All references and descriptions in ...
56 years ago Tenable.com
CVE-2005-0928 - Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, ...
9 years ago
CVE-2020-16854 - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1033, CVE-2020-1589, ...
5 years ago
CVE-2020-1033 - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0928, CVE-2020-1589, CVE-2020-1592, ...
5 years ago
CVE-2020-0928 - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-1033, CVE-2020-1589, CVE-2020-1592, ...
5 years ago
CVE-2021-0928 - In createFromParcel of OutputConfiguration.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User ...
2 years ago
CVE-2002-0928 - Buffer overflow in the Pirch 98 IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long hyperlink in a channel or private message. ...
17 years ago
CVE-1999-0928 - Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL. ...
17 years ago
CVE-2012-0928 - The ATRAC codec in RealNetworks RealPlayer 11.x and 14.x through 14.0.7, RealPlayer SP 1.0 through 1.1.5, and Mac RealPlayer 12.x before 12.0.0.1703 does not properly decode samples, which allows remote attackers to execute arbitrary code via a ...
13 years ago
CVE-2013-0928 - The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation. ...
10 years ago
CVE-2001-0928 - Buffer overflow in the permitted function of GNOME gtop daemon (libgtop_daemon) in libgtop 1.0.13 and earlier may allow remote attackers to execute arbitrary code via long authentication data. ...
9 years ago
CVE-2003-0928 - Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy. ...
9 years ago
CVE-2016-0928 - Multiple open redirect vulnerabilities in Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.30 and 1.7.x before 1.7.8 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors. ...
9 years ago
CVE-2004-0928 - The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6.0, 6.1, and 6.1 J2EE allows remote attackers to bypass authentication and view source files, such as .asp, .pl, and .php files, via an HTTP request that ends in ";.cfm". ...
8 years ago
CVE-2010-0928 - OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it ...
8 years ago
CVE-2000-0928 - WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares. ...
8 years ago
CVE-2007-0928 - Virtual Calendar stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an encoded password via a direct request for pwd.txt. ...
7 years ago
CVE-2006-0928 - The POP3 Server in ArGoSoft Mail Server Pro 1.8 allows remote attackers to obtain sensitive information via the _DUMP command, which reveals the operating system, registered user, and registration code. ...
7 years ago
CVE-2009-0928 - Heap-based buffer overflow in Adobe Acrobat Reader and Acrobat Professional 7.1.0, 8.1.3, 9.0.0, and other versions allows remote attackers to execute arbitrary code via a PDF file containing a JBIG2 stream with a size inconsistency related to an ...
7 years ago
CVE-2019-0928 - A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate input from a privileged user on a guest operating system, aka 'Windows Hyper-V Denial of Service Vulnerability'. ...
6 years ago
CVE-2017-0928 - html-janitor node module suffers from an External Control of Critical State Data vulnerability via user-control of the '_sanitized' variable causing sanitization to be bypassed. ...
6 years ago
CVE-2015-0928 - libhtp 0.5.15 allows remote attackers to cause a denial of service (NULL pointer dereference). ...
5 years ago
CVE-2008-0928 - Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine. ...
5 years ago
CVE-2022-0928 - Cross-site Scripting (XSS) - Stored in GitHub repository microweber/microweber prior to 1.2.12. ...
3 years ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)