CVE-2005-2368

CVE-2005-2368 - vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. ...
6 years ago

CVE-2002-2368 - Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long username to (1) the GetString function in proxy.c for the SOCKS5 module or (2) the ...
15 years ago

CVE-2009-2368 - Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors. ...
14 years ago

CVE-2010-2368 - Untrusted search path vulnerability in Lhaplus before 1.58 allows local users to gain privileges via a Trojan horse DLL in the current working directory. Per: http://cwe.mitre.org/data/definitions/426.html ...
13 years ago

CVE-2012-2368 - Bytemark Symbiosis before Revision 1322 does not properly validate passwords, which allows remote attackers to gain access to email accounts via an arbitrary password. ...
11 years ago

CVE-2014-2368 - The BrowseFolder method in the bwocxrun ActiveX control in Advantech WebAccess before 7.2 allows remote attackers to read arbitrary files via a crafted call. ...
9 years ago

CVE-2016-2368 - Multiple memory corruption vulnerabilities exist in the handling of the MXIT protocol in Pidgin. Specially crafted MXIT data sent via the server could result in multiple buffer overflows, potentially resulting in code execution or memory disclosure. ...
7 years ago

CVE-2004-2368 - PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 allows remote attackers to execute arbitrary PHP code via the systempath parameter. ...
6 years ago

CVE-2006-2368 - Cross-site scripting (XSS) vulnerability in index.php in Clansys (aka Clanpage System) 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. ...
6 years ago

CVE-2017-2368 - An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. The issue involves the "Contacts" component. It allows remote attackers to cause a denial of service (application crash) via a crafted contact card. ...
6 years ago

CVE-2008-2368 - Red Hat Certificate System 7.2 stores passwords in cleartext in the UserDirEnrollment log, the RA wizard installer log, and unspecified other debug log files, and uses weak permissions for these files, which allows local users to discover passwords ...
6 years ago

CVE-2011-2368 - The WebGL implementation in Mozilla Firefox 4.x through 4.0.1 does not properly restrict write operations, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors. ...
6 years ago

CVE-2007-2368 - picture.php in WebSPELL 4.01.02 and earlier allows remote attackers to read arbitrary files via the file parameter. ...
6 years ago

CVE-2018-2368 - SAP NetWeaver System Landscape Directory, LM-CORE 7.10, 7.20, 7.30, 7.31, 7.40, does not perform any authentication checks for functionalities that require user identity. ...
6 years ago

CVE-2015-2368 - Untrusted search path vulnerability in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka ...
5 years ago

CVE-2013-2368 - Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to cause a denial of service via unknown vectors, aka ZDI-CAN-1669. ...
4 years ago

CVE-2021-2368 - Vulnerability in the Siebel CRM product of Oracle Siebel CRM (component: Siebel Core - Server Infrastructure). Supported versions that are affected are 21.5 and Prior. Difficult to exploit vulnerability allows unauthenticated attacker with network ...
2 years ago

CVE-2022-4055 - When xdg-mail is configured to use thunderbird for mailto URLs, improper parsing of the URL can lead to additional headers being passed to thunderbird that should not be included per RFC 2368. An attacker can use this method to create a mailto URL ...
1 year ago

CVE-2023-2368 - A vulnerability was found in SourceCodester Faculty Evaluation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php?pagemanage_questionnaire. The manipulation of the argument id leads to sql ...
1 year ago

CVE-2022-2368 - Authentication Bypass by Spoofing in GitHub repository microweber/microweber prior to 1.2.20. ...
11 months ago

CVE-2024-26728 - In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix null-pointer dereference on edid reading Use i2c adapter when there isn't aux_mode in dc_link to fix a null-pointer derefence that happens when running ...
2 months ago Tenable.com

CVE-2024-2368 - The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for ...
3 weeks ago

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
15 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
15 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
6 months ago