CVE-2005-2938

Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file.

Publication date: Fri, 18 Nov 2005 12:03:00 +0000


Cyber News related to CVE-2005-2938

CVE-2010-3068 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-2938. Reason: This candidate is a reservation duplicate of CVE-2010-2938. Notes: All CVE users should reference CVE-2010-2938 instead of this candidate. All references and ...
54 years ago Tenable.com
CVE-2018-2938 - Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Java DB). Supported versions that are affected are Java SE: 6u191, 7u181 and 8u172. Difficult to exploit vulnerability allows unauthenticated attacker with network access via ...
2 years ago
CVE-2005-2938 - Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 4.7.1.30 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file. ...
13 years ago
CVE-2006-2938 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-2937. Reason: This candidate was withdrawn by its CNA. it was incorrectly used to identify CVE-2006-2937. Notes: none ...
54 years ago Tenable.com
CVE-2008-2938 - Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal ...
1 year ago
CVE-2011-2938 - Multiple cross-site scripting (XSS) vulnerabilities in filter_api.php in MantisBT before 1.2.7 allow remote attackers to inject arbitrary web script or HTML via a parameter, as demonstrated by the project_id parameter to search.php. ...
11 years ago
CVE-2013-2938 - Unspecified vulnerability in Citrix CloudPortal Services Manager (aka Cortex) 10.0 before Cumulative Update 3 has unknown impact and attack vectors, a different vulnerability than other CVEs listed in CTX137162. ...
11 years ago
CVE-2014-2938 - Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands. ...
10 years ago
CVE-2015-2938 - Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.24, 1.2x before 1.23.9, and 1.24.x before 1.24.2 allows remote attackers to inject arbitrary web script or HTML via a custom JavaScript file, which is not properly handled when ...
7 years ago
CVE-2016-2938 - IBM iNotes is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. ...
7 years ago
CVE-2012-2938 - Multiple cross-site scripting (XSS) vulnerabilities in Travelon Express 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the holiday name field to (1) holiday_add.php or (2) holiday_view.php. ...
7 years ago
CVE-2010-2938 - arch/x86/hvm/vmx/vmcs.c in the virtual-machine control structure (VMCS) implementation in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when an Intel platform without Extended Page Tables (EPT) functionality is used, accesses VMCS ...
6 years ago
CVE-2007-2938 - Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD ...
3 years ago
CVE-2017-2938 - Adobe Flash Player versions 24.0.0.186 and earlier have a security bypass vulnerability related to handling TCP connections. ...
1 year ago
CVE-2019-2938 - Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 5.7.27 and prior and 8.0.17 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via ...
1 year ago
CVE-2020-2938 - Vulnerability in the Oracle Financial Services Loan Loss Forecasting and Provisioning product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.6 - 8.0.8. Easily exploitable ...
4 years ago
CVE-2022-2938 - A flaw was found in the Linux kernel's implementation of Pressure Stall Information. While the feature is disabled by default, it could allow an attacker to crash the system or have other memory-corruption side effects. ...
1 year ago
CVE-2023-2938 - Inappropriate implementation in Picture In Picture in Google Chrome prior to 114.0.5735.90 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security ...
1 year ago
CVE-2024-2938 - A vulnerability was found in Campcodes Online Examination System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /adminpanel/admin/facebox_modal/updateCourse.php. The manipulation of the argument id leads to ...
7 months ago Tenable.com
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
11 months ago
CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago
CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
54 years ago Tenable.com
CVE-2005-3122 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should ...
54 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)