CVE-2005-2158

A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845.

Publication date: Wed, 06 Jul 2005 09:00:00 +0000

Cyber News related to CVE-2005-2158

CVE-2005-2158 - A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845. ...
8 years ago

CVE-2002-2158 - zenTrack 2.0.3 and earlier allows remote attackers to obtain the full path to the web root via an invalid ticket ID, which leaks the path in an error message. ...
16 years ago

CVE-2010-2158 - Multiple cross-site scripting (XSS) vulnerabilities in the Storm module 5.x and 6.x before 6.x-1.33 for Drupal allow remote authenticated users, with certain module privileges, to inject arbitrary web script or HTML via the (1) fullname, (2) phone, ...
14 years ago

CVE-2014-2158 - Cisco TelePresence System MXP Series Software before F9.3.1 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCty45720. ...
10 years ago

CVE-2004-2158 - SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. ...
7 years ago

CVE-2006-2158 - Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable ...
7 years ago

CVE-2008-2158 - Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025. ...
7 years ago

CVE-2011-2158 - The SmarterTools SmarterStats 6.0 web server sends incorrect Content-Type headers for certain resources, which might allow remote attackers to have an unspecified impact by leveraging an interpretation conflict involving (1) Admin/frmSite.aspx, (2) ...
7 years ago

CVE-2013-2158 - Cross-site request forgery (CSRF) vulnerability in the Services module 6.x-3.x and 7.x-3.x before 7.x-3.4 for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. ...
7 years ago

CVE-2007-2158 - PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. ...
7 years ago

CVE-2015-2158 - Off-by-one error in the pngcrush_measure_idat function in pngcrush.c in pngcrush before 1.7.84 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file. ...
7 years ago

CVE-2017-2158 - Improper verification when expanding ZIP64 archives in Lhaplus versions 1.73 and earlier may lead to unintended contents to be extracted from a specially crafted ZIP64 archive. ...
6 years ago

CVE-2009-2158 - account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack. ...
6 years ago

CVE-2019-2158 - In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: ...
5 years ago

CVE-2016-2158 - lib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information ...
4 years ago

CVE-2023-2158 - Code Dx versions prior to 2023.4.2 are vulnerable to user impersonation attack where a malicious actor is able to gain access to another user's account by crafting a custom "Remember Me" token. This is possible due to the use of a ...
1 year ago

CVE-2021-2158 - Vulnerability in the Hyperion Financial Management product of Oracle Hyperion (component: Task Automation). The supported version that is affected is 11.1.2.4. Difficult to exploit vulnerability allows high privileged attacker with network access via ...
3 years ago

CVE-2022-2158 - Type confusion in V8 in Google Chrome prior to 103.0.5060.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. ...
1 year ago

CVE-2020-2158 - Jenkins Literate Plugin 1.0 and earlier does not configure its YAML parser to prevent the instantiation of arbitrary types, resulting in a remote code execution vulnerability. ...
1 year ago

CVE-2018-2158 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
54 years ago Tenable.com

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-31892 - 20 hours ago
CVE-2024-31891 - 20 hours ago
CVE-2024-11721 - 1 day ago
CVE-2024-11720 - 1 day ago
CVE-2024-12446 - 1 day ago
CVE-2024-12628 - 1 day ago
CVE-2024-11711 - 1 day ago
CVE-2024-11712 - 1 day ago
CVE-2024-11713 - 1 day ago
CVE-2024-11714 - 1 day ago
CVE-2024-11715 - 1 day ago
CVE-2024-11710 - 1 day ago
CVE-2024-10690 - 1 day ago
CVE-2024-11752 - 1 day ago
CVE-2024-12422 - 1 day ago
CVE-2024-12459 - 1 day ago
CVE-2024-12474 - 1 day ago
CVE-2024-12501 - 1 day ago
CVE-2024-10646 - 1 day ago
CVE-2024-12578 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2022-43472 - 1 day ago
CVE-2022-44578 - 1 day ago
CVE-2022-45806 - 1 day ago
CVE-2022-45819 - 1 day ago
CVE-2022-45826 - 1 day ago
CVE-2022-45840 - 1 day ago
CVE-2022-45841 - 1 day ago
CVE-2022-46795 - 1 day ago
CVE-2022-46796 - 1 day ago
CVE-2022-46807 - 1 day ago
CVE-2022-46811 - 1 day ago
CVE-2022-46838 - 1 day ago
CVE-2022-46840 - 1 day ago
CVE-2022-46846 - 1 day ago
CVE-2022-47168 - 1 day ago
CVE-2022-47176 - 1 day ago
CVE-2022-47182 - 1 day ago
CVE-2022-47429 - 1 day ago
CVE-2022-47594 - 1 day ago
CVE-2023-22697 - 1 day ago