CVE-2005-3288

CVE-2005-3288 - Mailsite Express allows remote attackers to upload and execute files with executable extensions such as ASP by attaching the file using the "compose page" feature, then accessing the file from the cache directory before saving or sending the ...
11 months ago

CVE-2011-3288 - Cisco Unified Presence before 8.5(4) does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption, and process crash) via a crafted XML document containing a large ...
12 years ago

CVE-2016-3288 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290. ...
6 years ago

CVE-2016-3290 - Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3288. ...
6 years ago

CVE-2010-3288 - Cross-site request forgery (CSRF) vulnerability in HP Systems Insight Manager (SIM) before 6.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. ...
14 years ago

CVE-2009-3288 - The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as ...
13 years ago

CVE-2013-3288 - Cross-site scripting (XSS) vulnerability on the EMC RSA Data Protection Manager (DPM) appliance 3.2.x before 3.2.4.2 and 3.5.x before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. ...
10 years ago

CVE-2006-3288 - Unspecified vulnerability in the TFTP server in Cisco Wireless Control System (WCS) for Linux and Windows before 3.2(51), when configured to use a directory path name that contains a space character, allows remote authenticated users to read and ...
7 years ago

CVE-2012-3288 - VMware Workstation 7.x before 7.1.6 and 8.x before 8.0.4, VMware Player 3.x before 3.1.6 and 4.x before 4.0.4, VMware Fusion 4.x before 4.1.3, VMware ESXi 3.5 through 5.0, and VMware ESX 3.5 through 4.1 allow user-assisted remote attackers to execute ...
7 years ago

CVE-2008-3288 - The Server Authentication Module in EMC Dantz Retrospect Backup Server 7.5.508 uses a "weak hash algorithm," which makes it easier for context-dependent attackers to recover passwords. ...
6 years ago

CVE-2007-3288 - Cross-site scripting (XSS) vulnerability in the skeltoac stats (Automattic Stats) 1.0 plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer field. ...
6 years ago

CVE-2022-3288 - A branch/tag name confusion in GitLab CE/EE affecting all versions prior to 15.2.5, 15.3 prior to 15.3.4, and 15.4 prior to 15.4.1 allows an attacker to manipulate pages where the content of the default branch would be expected. ...
2 years ago

CVE-2015-3288 - mm/memory.c in the Linux kernel before 4.1.4 mishandles anonymous pages, which allows local users to gain privileges or cause a denial of service (page tainting) via a crafted application that triggers writing to page zero. ...
1 year ago

CVE-2024-3288 - The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting ...
2 months ago

CVE-2023-3288 - A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation. ...
6 months ago

CVE-2017-3288 - Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications (subcomponent: Unit Trust). Supported versions that are affected are 12.0.1, 12.0.2, 12.0.3, 12.0.4, 12.1.0, 12.2.0 and 12.3.0. Easily ...
5 years ago

CVE-2018-3288 - Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.2.20. Easily exploitable vulnerability allows unauthenticated attacker with logon to the ...
5 years ago

CVE-2020-3288 - Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV320 and RV325 Series Routers and Cisco Small Business RV016, RV042, and RV082 Routers could allow an authenticated, remote attacker with administrative ...
3 years ago

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
55 years ago Tenable.com

CVE-2005-3122 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should ...
55 years ago Tenable.com

CVE-2005-2965 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should ...
55 years ago Tenable.com