CyberSecurityBoard
Sponsor Register Login

CVE-2005-3405

ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability.

Publication date: Tue, 01 Nov 2005 18:47:00 +0000


Cyber News related to CVE-2005-3405

CVE-2005-3405 - ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection ...
8 years ago
CVE-2012-3406 - The vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not "properly restrict the use of" the alloca function when allocating the SPECS array, which allows context-dependent ...
5 years ago
CVE-2012-3405 - The vfprintf function in stdio-common/vfprintf.c in libc in GNU C Library (aka glibc) 2.14 and other versions does not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection ...
5 years ago
CVE-2009-3405 - Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availability via unknown vectors. ...
12 years ago
CVE-2013-3405 - The web portal in TC software on Cisco TelePresence endpoints does not require an exact password match during a login attempt by a user who has not configured a password, which allows remote attackers to bypass authentication by sending an arbitrary ...
11 years ago
CVE-2014-3405 - Cisco IOS XE enables the IPv6 Routing Protocol for Low-Power and Lossy Networks (aka RPL) on both the Autonomic Control Plane (ACP) and external Autonomic Networking Infrastructure (ANI) interfaces, which allows remote attackers to conduct ...
10 years ago
CVE-2007-3405 - Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this information is unknown; ...
7 years ago
CVE-2008-3405 - Directory traversal vulnerability in index.php in Ricardo Amaral nzFotolog 0.4.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action_file parameter. ...
7 years ago
CVE-2006-3405 - Cross-site scripting (XSS) vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) delete, (2) pathext, and (3) edit parameters. ...
6 years ago
CVE-2010-3405 - Buffer overflow in sa_snap in the bos.esagent fileset in IBM AIX 6.1, 5.3, and earlier and VIOS 2.1, 1.5, and earlier allows local users to leverage system group membership and gain privileges via unspecified vectors. ...
5 years ago
CVE-2016-3405 - Multiple unspecified vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to affect integrity via unknown vectors, aka bugs 103961 and 104828. ...
4 years ago
CVE-2020-3405 - A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML ...
4 years ago
CVE-2019-3405 - In the 3.1.3.64296 and lower version of 360F5, the third party can trigger the device to send a deauth frame by constructing and sending a specific illegal 802.11 Null Data Frame, which will cause other wireless terminals connected to disconnect from ...
3 years ago
CVE-2021-3405 - A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml. ...
2 years ago
CVE-2015-3405 - ntp-keygen in ntp 4.2.8px before 4.2.8p2-RC2 and 4.3.x before 4.3.12 does not generate MD5 keys with sufficient entropy on big endian machines when the lowest order byte of the temp variable is between 0x20 and 0x7f and not #, which might allow ...
1 year ago
CVE-2017-3405 - Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable ...
5 years ago
CVE-2022-3405 - Code execution and sensitive information disclosure due to excessive privileges assigned to Acronis Agent. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) ...
1 year ago
CVE-2023-3405 - Unchecked parameter value in M-Files Server in versions before 23.6.12695.3 (excluding 23.2 SR2 and newer) allows anonymous user to cause denial of service ...
11 months ago
CVE-2011-3405 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none ...
54 years ago Tenable.com
CVE-2024-3405 - The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack ...
6 months ago
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
11 months ago
CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago
CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
54 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)