CVE-2005-1108

The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.

Publication date: Mon, 02 May 2005 09:00:00 +0000

Cyber News related to CVE-2005-1108

CVE-2021-47338 - In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previous fbcon_mode_deleted(). As a result, the mode is ...
5 months ago Tenable.com

CVE-2005-1108 - The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. ...
7 years ago

CVE-2016-4121 - Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different ...
1 year ago

CVE-1999-1108 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-1107. Reason: This candidate is a duplicate of CVE-1999-1107. Notes: All CVE users should reference CVE-1999-1107 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com

CVE-2007-4645 - SQL injection vulnerability in index.php in NMDeluxe 2.0.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a newspost do action, a different vulnerability than CVE-2006-1108. ...
7 years ago

CVE-2021-1108 - NVIDIA Linux kernel distributions contain a vulnerability in FuSa Capture (VI/ISP), where integer underflow due to lack of input validation may lead to complete denial of service, partial integrity, and serious confidentiality loss for all processes ...
2 years ago

CVE-2013-1108 - Cisco WebEx Training Center allows remote authenticated users to remove hands-on lab-session reservations via a crafted URL, aka Bug ID CSCzu81064. ...
11 years ago

CVE-2015-1108 - The Lock Screen component in Apple iOS before 8.3 does not properly enforce the limit on incorrect passcode-authentication attempts, which makes it easier for physically proximate attackers to obtain access by making many passcode guesses. ...
7 years ago

CVE-2004-1108 - qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary directory. ...
7 years ago

CVE-2010-1108 - Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via ...
7 years ago

CVE-2012-1108 - The parse function in ogg/xiphcomment.cpp in TagLib 1.7 and earlier allows remote attackers to cause a denial of service (crash) via a crafted vendorLength field in an ogg file. ...
7 years ago

CVE-2008-1108 - Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. ...
7 years ago

CVE-2000-1108 - cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as ...
7 years ago

CVE-2002-1108 - Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel. ...
7 years ago

CVE-2001-1108 - Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL. ...
7 years ago

CVE-2003-1108 - The Session Initiation Protocol (SIP) implementation in Alcatel OmniPCX Enterprise 5.0 Lx allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted INVITE messages, as demonstrated by the OUSPG PROTOS ...
7 years ago

CVE-2007-1108 - PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action. ...
7 years ago

CVE-2016-1108 - Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs ...
6 years ago

CVE-2006-1108 - SQL injection vulnerability in news.php in NMDeluxe before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. This vulnerability affcts NMDeluxe versions 1.0 and previous. ...
6 years ago

CVE-2019-1108 - An information disclosure vulnerability exists when the Windows RDP client improperly discloses the contents of its memory, aka 'Remote Desktop Protocol Client Information Disclosure Vulnerability'. ...
5 years ago

CVE-2011-1108 - Google Chrome before 9.0.597.107 does not properly implement JavaScript dialogs, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document. ...
4 years ago

CVE-2022-1108 - A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code. ...
2 years ago

CVE-2018-1108 - kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated. ...
1 year ago

CVE-2019-7201 - An unquoted service path vulnerability is reported to affect the service QVssService in QNAP NetBak Replicator. This vulnerability could allow an authorized but non-privileged local user to execute arbitrary code with elevated system privileges. QNAP ...
1 year ago

CVE-2021-3675 - Improper Input Validation vulnerability in synaTEE.signed.dll of Synaptics Fingerprint Driver allows a local authorized attacker to overwrite a heap tag, with potential loss of confidentiality. This issue affects: Synaptics Synaptics Fingerprint ...
1 year ago

Latest Cyber News

CVE-2024-43434 - 5 hours ago
CVE-2024-43436 - 5 hours ago
CVE-2024-43438 - 5 hours ago
CVE-2024-43440 - 5 hours ago
CVE-2024-43425 - 5 hours ago
CVE-2024-43426 - 5 hours ago
CVE-2024-43428 - 5 hours ago
CVE-2024-43431 - 5 hours ago
CVE-2024-8442 - 6 hours ago
CVE-2024-24914 - 7 hours ago
CVE-2024-10526 - 8 hours ago
CVE-2024-50169 - 9 hours ago
CVE-2024-50170 - 9 hours ago
CVE-2024-50171 - 9 hours ago
CVE-2024-50172 - 9 hours ago
CVE-2024-51504 - 9 hours ago
CVE-2024-50155 - 9 hours ago
CVE-2024-50156 - 9 hours ago
CVE-2024-50157 - 9 hours ago
CVE-2024-50158 - 9 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10081 - 1 day ago
CVE-2024-10082 - 1 day ago
CVE-2024-10916 - 1 day ago
CVE-2024-35146 - 1 day ago
CVE-2024-6861 - 1 day ago
CVE-2024-10919 - 1 day ago
CVE-2024-10920 - 1 day ago
CVE-2024-10318 - 1 day ago
CVE-2024-20371 - 1 day ago
CVE-2024-20418 - 1 day ago
CVE-2024-20445 - 1 day ago
CVE-2024-20457 - 1 day ago
CVE-2024-20476 - 1 day ago
CVE-2024-20484 - 1 day ago
CVE-2024-20487 - 1 day ago
CVE-2024-20504 - 1 day ago
CVE-2024-20507 - 1 day ago
CVE-2024-20511 - 1 day ago
CVE-2024-20514 - 1 day ago
CVE-2024-20525 - 1 day ago