CVE-2005-1135

Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Publication date: Mon, 02 May 2005 09:00:00 +0000


Cyber News related to CVE-2005-1135

CVE-2006-6032 - Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, ...
6 years ago
CVE-2005-1135 - Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. ...
8 years ago
CVE-2015-1135 - fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1134. ...
5 years ago
CVE-2015-1133 - fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1134, and CVE-2015-1135. ...
5 years ago
CVE-2015-1132 - fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. ...
5 years ago
CVE-2015-1134 - fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1131, CVE-2015-1132, CVE-2015-1133, and CVE-2015-1135. ...
5 years ago
CVE-2015-1131 - fontd in Apple Type Services (ATS) in Apple OS X before 10.10.3 allows local users to gain privileges via unspecified vectors, a different vulnerability than CVE-2015-1132, CVE-2015-1133, CVE-2015-1134, and CVE-2015-1135. ...
5 years ago
CVE-2006-2189 - SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to ...
6 years ago
CVE-2003-1135 - Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID. ...
16 years ago
CVE-2007-1135 - Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php. ...
13 years ago
CVE-2013-1135 - Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance 8.6 and 9.0 allows remote attackers to cause a denial of service (CPU consumption and monitoring outage) via malformed TLS messages to TCP port (1) 9043 or (2) 9443, aka Bug ID ...
11 years ago
CVE-2016-1135 - Cross-site scripting (XSS) vulnerability on BUFFALO BHR-4GRV2 devices with firmware 1.04 and earlier, WEX-300 devices with firmware 1.90 and earlier, WHR-1166DHP devices with firmware 1.90 and earlier, WHR-300HP2 devices with firmware 1.90 and ...
8 years ago
CVE-2002-1135 - modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code. ...
8 years ago
CVE-2004-1135 - Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remote attackers to cause a denial of service (service crash) via long (1) SITE, (2) XMKD, (3) MKD, and (4) RNFR commands. ...
7 years ago
CVE-2006-1135 - Multiple cross-site scripting (XSS) vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to search.php or (2) username parameter to comments_do.php. ...
7 years ago
CVE-2010-1135 - The user_logout function in TikiWiki CMS/Groupware 4.x before 4.2 does not properly delete user login cookies, which allows remote attackers to gain access via cookie reuse. ...
7 years ago
CVE-2000-1135 - fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack. Note: fixed in potato version ...
7 years ago
CVE-1999-1135 - Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root privileges, as fixed by PHSS_4994 and PHSS_5438. ...
7 years ago
CVE-2001-1135 - ZyXEL Prestige 642R and 642R-I routers do not filter the routers' Telnet and FTP ports on the external WAN interface from inside access, allowing someone on an internal computer to reconfigure the router, if the password is known. ...
7 years ago
CVE-2018-1135 - An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL. ...
6 years ago
CVE-2008-1135 - OMEGA (aka Omegasoft) INterneSErvicesLosungen (INSEL) 7 generates different responses depending on whether or not a username is valid in a failed login attempt, which allows remote attackers to enumerate valid usernames. ...
6 years ago
CVE-2009-1135 - Microsoft Internet Security and Acceleration (ISA) Server 2006 Gold and SP1, when Radius OTP is enabled, uses the HTTP-Basic authentication method, which allows remote attackers to gain the privileges of an arbitrary account, and access published web ...
6 years ago
CVE-2011-1135 - Cross-Site Scripting (XSS) in Xinha, as included in the Serendipity package before 1.5.5, allows remote attackers to execute arbitrary code in plugins/ExtendedFileManager/manager.php and plugins/ImageManager/manager.php. ...
5 years ago
CVE-2012-1135 - FreeType before 2.4.9, as used in Mozilla Firefox Mobile before 10.0.4 and other products, allows remote attackers to cause a denial of service (invalid heap read operation and memory corruption) or possibly execute arbitrary code via vectors ...
3 years ago
CVE-2021-1135 - Multiple vulnerabilities in the REST API endpoint of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. For more information about these ...
3 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)