CVE-2005-2998

CVE-2011-3867 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-2998. Reason: This candidate is a duplicate of CVE-2011-2998. Notes: All CVE users should reference CVE-2011-2998 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2005-2998 - PHP Advanced Transfer Manager 1.30 has a default password for the administrator user, which allows remote attackers to upload and execute arbitrary PHP files. ...
16 years ago

CVE-2006-3475 - Multiple PHP remote file inclusion vulnerabilities in free QBoard 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter to (1) index.php, (2) about.php, (3) contact.php, (4) delete.php, (5) faq.php, (6) ...
6 years ago

CVE-2009-2998 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. Per: ...
6 years ago

CVE-2009-3458 - Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. Per: ...
6 years ago

CVE-2010-2998 - Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer ...
14 years ago

CVE-2012-2998 - SQL injection vulnerability in the ad hoc query module in Trend Micro Control Manager (TMCM) before 5.5.0.1823 and 6.0 before 6.0.0.1449 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
12 years ago

CVE-2016-2998 - Cross-site request forgery (CSRF) vulnerability in IBM Connections 4.0 through CR4, 4.5 through CR5, 5.0 before CR4, and 5.5 before CR1 allows remote authenticated users to hijack the authentication of arbitrary users for requests that update data. ...
8 years ago

CVE-2007-2998 - The Pascal run-time library (PAS$RTL.EXE) before 20070418 on OpenVMS for Integrity Servers 8.3, and PAS$RTL.EXE before 20070419 on OpenVMS Alpha 8.3, does not properly restore PC and PSL values, which allows local users to cause a denial of service ...
1 year ago

CVE-2008-2998 - Multiple cross-site scripting (XSS) vulnerabilities in the Aggregation module 5.x before 5.x-4.4 for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Per Hyperlink Record 1026625, Drupal core is not ...
7 years ago

CVE-2013-2998 - frontcontroller.jsp in IBM Maximo Asset Management 7.x before 7.5.0.6 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allows remote authenticated users to obtain sensitive information via an invalid action_code. ...
7 years ago

CVE-2011-2998 - Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression. ...
7 years ago

CVE-2006-2998 - PHP remote file inclusion vulnerability in board/post.php in free QBoard 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the qb_path parameter. ...
7 years ago

CVE-2015-2998 - SysAid Help Desk before 15.2 uses a hardcoded encryption key, which makes it easier for remote attackers to obtain sensitive information, as demonstrated by decrypting the database password in WEB-INF/conf/serverConf.xml. ...
6 years ago

CVE-2018-2998 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: SAML). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows low privileged ...
5 years ago

CVE-2022-2998 - Use after free in Browser Creation in Google Chrome prior to 104.0.5112.101 allowed a remote attacker who had convinced a user to engage in a specific UI interaction to potentially exploit heap corruption via a crafted HTML page. ...
2 years ago

CVE-2017-2998 - Adobe Flash Player versions 24.0.0.221 and earlier have an exploitable memory corruption vulnerability in the Primetime TVSDK API functionality related to timeline interactions. Successful exploitation could lead to arbitrary code execution. ...
2 years ago

CVE-2019-2998 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.17 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple ...
2 years ago

CVE-2023-2998 - Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.14. ...
2 years ago

CVE-2024-2998 - A vulnerability was found in Bdtask Multi-Store Inventory Management System up to 20240320. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Store Update Page. The manipulation of the argument ...
1 year ago

CVE-2025-2998 - A vulnerability was found in PyTorch 2.6.0. It has been declared as critical. Affected by this vulnerability is the function torch.nn.utils.rnn.pad_packed_sequence. The manipulation leads to memory corruption. Local access is required to approach ...
2 months ago

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago