CVE-2005-2169

Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences.

Publication date: Wed, 06 Jul 2005 09:00:00 +0000

Cyber News related to CVE-2005-2169

CVE-2024-26724 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DPLL, Fix possible use after free after delayed work timer triggers I managed to hit following use after free warning recently: [ 2169.711665] ...
1 year ago Tenable.com

CVE-2005-2169 - Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when ...
16 years ago

CVE-2008-2169 - Unspecified vulnerability in Avici routers allows remote attackers to cause a denial of service (dropped session) via crafted BGP UPDATE messages, leading to route flapping, possibly a related issue to CVE-2007-6372. ...
16 years ago

CVE-2021-2169 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 5.7.33 and prior and 8.0.23 and prior. Easily exploitable vulnerability allows high privileged attacker with network ...
3 years ago

CVE-2002-2169 - Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META ...
16 years ago

CVE-2009-2169 - Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect ...
15 years ago

CVE-2011-2169 - Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it. ...
14 years ago

CVE-2014-2169 - Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal system scripts, aka Bug ID CSCue60211. ...
11 years ago

CVE-2015-2169 - Cross-site scripting (XSS) vulnerability in Zoho ManageEngine AssetExplorer 6.1 service pack 6112 allows remote attackers to inject arbitrary web script or HTML via a Publisher registry entry, which is not properly handled when the machine is ...
8 years ago

CVE-2017-2169 - Cross-site scripting vulnerability in MaxButtons prior to version 6.19 and MaxButtons Pro prior to version 6.19 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
8 years ago

CVE-2004-2169 - Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request. ...
7 years ago

CVE-2006-2169 - RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. ...
7 years ago

CVE-2012-2169 - Cross-site scripting (XSS) vulnerability in the file-upload functionality in the Web client in IBM Rational ClearQuest 7.1.x before 7.1.2.7 allows remote authenticated users to inject arbitrary web script or HTML via the File Description field. ...
7 years ago

CVE-2007-2169 - Static code injection vulnerability in add.php in Mozzers SubSystem 1.0 allows remote attackers to inject PHP code into subs.php via the (1) Sub-name or (2) Sub-url field. NOTE: an earlier report indicated that the add action can be reached through ...
7 years ago

CVE-2016-2169 - Cloud Foundry Cloud Controller, capi-release versions prior to 1.0.0 and cf-release versions prior to v237, contain a business logic flaw. An application developer may create an application with a route that conflicts with a platform service route ...
7 years ago

CVE-2010-2169 - Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allow attackers to cause a denial of service (pointer memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
6 years ago

CVE-2019-2169 - In libxaac there is a possible information disclosure due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: ...
4 years ago

CVE-2022-2169 - The Loading Page with Loading Screen WordPress plugin before 1.0.83 does not escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. ...
2 years ago

CVE-2023-2169 - The TaxoPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Related Posts functionality in versions up to, and including, 3.6.4 due to insufficient input sanitization and output escaping. This makes it possible for ...
2 years ago

CVE-2020-2169 - A form validation endpoint in Jenkins Queue cleanup Plugin 1.3 and earlier does not properly escape a query parameter displayed in an error message, resulting in a reflected XSS vulnerability. ...
1 year ago

CVE-2013-2169 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none ...
55 years ago Tenable.com

CVE-2018-2169 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2024-2169 - Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. ...
1 year ago

CVE-2025-2169 - The The WPCS – WordPress Currency Switcher Professional plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.2.0.4. This is due to the software allowing users to execute an action that does not ...
3 months ago

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago