B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg.
Publication date: Wed, 03 Aug 2005 09:00:00 +0000
Cyber News related to CVE-2005-2419
CVE-2005-2419 - B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg. ...
7 years ago
CVE-2007-6654 - Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the ...
7 years ago
CVE-2007-2419 - Multiple buffer overflows in an ActiveX control (boisweb.dll) in Macrovision FLEXnet Connect 6.0 and Update Service 3.x to 5.x allow remote attackers to execute arbitrary code via the (1) the second parameter to the DownloadAndExecute method and (2) ...
6 years ago
CVE-2024-2419 - A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate ...
6 months ago
CVE-2021-2419 - Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Outside In Filters). The supported version that is affected is 8.5.5. Easily exploitable vulnerability allows unauthenticated attacker with network ...
3 years ago
CVE-2002-2419 - Direct connect text client (DCTC) client 0.83.3 allows remote attackers to cause a denial of service (crash) via a string ending with a NULL byte character. ...
16 years ago
CVE-2010-2419 - Unspecified vulnerability in the Java Virtual Machine component in Oracle Database Server 10.1.0.5, 10.2.0.4, 11.1.0.7, and 11.2.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. ...
13 years ago
CVE-2006-2419 - Cross-site scripting (XSS) vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter. The vulnerability has been confirmed in the latest available version of this ...
13 years ago
CVE-2011-2419 - IML32.dll in Adobe Shockwave Player before 11.6.1.629 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. ...
13 years ago
CVE-2016-2419 - media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified ...
8 years ago
CVE-2004-2419 - Keene Digital Media Server 1.0.2 allows local users to obtain usernames and passwords by reading the dmscore.db file on the local system. ...
7 years ago
CVE-2008-2419 - Mozilla Firefox 2.0.0.14 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly execute arbitrary code by triggering an error condition during certain Iframe operations between a JSframe write and a ...
7 years ago
CVE-2009-2419 - Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted HTML ...
7 years ago
CVE-2015-2419 - JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability." ...
3 months ago
CVE-2017-2419 - An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass a Content Security Policy protection mechanism via ...
5 years ago
CVE-2018-2419 - SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. ...
5 years ago
CVE-2019-2419 - Vulnerability in the PeopleSoft Enterprise CC Common Application Objects component of Oracle PeopleSoft Products (subcomponent: Form and Approval Builder). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low ...
4 years ago
CVE-2012-2419 - Memory leak in the intu-help-qb (aka Intuit Help System Async Pluggable Protocol) handlers in HelpAsyncPluggableProtocol.dll in Intuit QuickBooks 2009 through 2012, when Internet Explorer is used, allows remote attackers to cause a denial of service ...
3 years ago
CVE-2013-2419 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via ...
2 years ago
CVE-2022-2419 - A vulnerability was found in URVE Web Manager. It has been declared as critical. This vulnerability affects unknown code of the file _internal/collector/upload.php. The manipulation leads to unrestricted upload. Access to the local network is ...
2 years ago
CVE-2014-2419 - Unspecified vulnerability in Oracle MySQL Server 5.5.35 and earlier and 5.6.15 and earlier allows remote authenticated users to affect availability via unknown vectors related to Partition. ...
2 years ago
CVE-2023-2419 - A vulnerability was found in Zhong Bang CRMEB 4.6.0. It has been declared as critical. This vulnerability affects the function videoUpload of the file \crmeb\app\services\system\attachment\SystemAttachmentServices.php. The manipulation of the ...
1 year ago
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
11 months ago