CVE-2005-2991

ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.

Publication date: Wed, 21 Sep 2005 01:03:00 +0000

Cyber News related to CVE-2005-2991

CVE-2005-2991 - ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970. ...
7 years ago

CVE-2010-2991 - The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial ...
13 years ago

CVE-2008-2991 - Cross-site scripting (XSS) vulnerability in Adobe RoboHelp Server 6 and 7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Help Errors log. ...
13 years ago

CVE-2012-2991 - The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant's e-mail address, as demonstrated by setting ...
6 months ago

CVE-2015-2991 - Buffer overflow in NScripter before 3.00 allows remote attackers to execute arbitrary code via crafted save data. ...
8 years ago

CVE-2016-2991 - Multiple cross-site scripting (XSS) vulnerabilities in IBM Lotus Protector for Mail Security 2.8.0.0 through 2.8.1.0 before 2.8.1.0-22115 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago

CVE-2011-2991 - The browser engine in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, Thunderbird before 6, and possibly other products does not properly implement JavaScript, which allows remote attackers to cause a denial of service (memory corruption and ...
6 years ago

CVE-2007-2991 - Cross-site scripting (XSS) vulnerability in includes/send.inc.php in Evenzia CMS allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. ...
5 years ago

CVE-2006-2991 - Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations, in the ringid parameter ...
5 years ago

CVE-2009-2991 - Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. Per: ...
5 years ago

CVE-2022-2991 - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. This vulnerability ...
1 year ago

CVE-2018-2991 - Vulnerability in the Oracle Trade Management component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6 and 12.2.7. Easily exploitable ...
4 years ago

CVE-2017-2991 - Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 codec (related to decompression). Successful exploitation could lead to arbitrary code execution. ...
1 year ago

CVE-2019-2991 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.017 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple ...
1 year ago

CVE-2023-2991 - Fortra Globalscape EFT's administration server suffers from an information disclosure vulnerability where the serial number of the harddrive that Globalscape is installed on can be remotely determined via a "trial extension request" ...
1 year ago

CVE-2013-2991 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none ...
54 years ago Tenable.com

CVE-2024-2991 - A vulnerability has been found in Tenda FH1203 2.0.1.6 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to command injection. The attack ...
3 months ago

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
15 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
15 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
6 months ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
15 years ago

CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
54 years ago Tenable.com

CVE-2005-3122 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should ...
54 years ago Tenable.com

CVE-2005-2965 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should ...
54 years ago Tenable.com

CVE-2005-2937 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reason: this candidate was intended for one issue, but multiple advisories used this candidate for different issues. Notes: All CVE users should consult ...
54 years ago Tenable.com

Latest Cyber News

Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities - 29 minutes ago
Indonesian government didn't backup ransomwared data The Register - 49 minutes ago
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - 49 minutes ago
Portainer: Open-source Docker and Kubernetes management - 49 minutes ago
Why every company needs a DDoS response plan - 49 minutes ago
Microsoft tells more customers their emails have been stolen The Register - 1 hour ago
Preparing for Q-Day as NIST nears approval of PQC standards - 2 hours ago
Infosec products of the month: June 2024 - 2 hours ago
CVE-2024-38525 - 5 hours ago
CVE-2024-6418 - 6 hours ago
CVE-2024-6417 - 6 hours ago
CVE-2023-48733 - 6 hours ago
Cybersecurity Today: Cyber Security Today, Week in Review for week ending Friday, June 28, 2024 - 7 hours ago
CVE-2024-6416 - 7 hours ago
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO - 8 hours ago
Google Chrome to let Isolated Web App access sensitive USB devices - 8 hours ago
CVE-2024-34703 - 8 hours ago
CVE-2024-28794 - 10 hours ago
CVE-2023-50964 - 10 hours ago
The dangers of voice fraud: We can't detect what we can't see - 10 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities - 29 minutes ago
Why every company needs a DDoS response plan - 49 minutes ago
Portainer: Open-source Docker and Kubernetes management - 49 minutes ago
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - 49 minutes ago
Indonesian government didn't backup ransomwared data The Register - 49 minutes ago
Microsoft tells more customers their emails have been stolen The Register - 1 hour ago
Preparing for Q-Day as NIST nears approval of PQC standards - 2 hours ago
Infosec products of the month: June 2024 - 2 hours ago
CVE-2024-6416 - 7 hours ago
CVE-2024-6418 - 6 hours ago
CVE-2024-6417 - 6 hours ago
CVE-2024-34703 - 8 hours ago
Cybersecurity Today: Cyber Security Today, Week in Review for week ending Friday, June 28, 2024 - 7 hours ago
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO - 8 hours ago
CVE-2024-28797 - 11 hours ago
CVE-2023-50952 - 11 hours ago
CVE-2024-31898 - 11 hours ago
CVE-2023-50953 - 11 hours ago
CVE-2024-28794 - 10 hours ago
CVE-2023-50964 - 10 hours ago