CVE-2005-3414

eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials.

Publication date: Wed, 02 Nov 2005 02:03:00 +0000

Cyber News related to CVE-2005-3414

CVE-2013-4146 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2013-4145 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-3414. Reason: This candidate is a duplicate of CVE-2012-3414. Notes: All CVE users should reference CVE-2012-3414 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2005-3414 - eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials. ...
7 years ago

CVE-2009-3414 - Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than ...
8 years ago

CVE-2009-3413 - Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than ...
8 years ago

CVE-2008-3976 - Unspecified vulnerability in the Oracle Spatial component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality and integrity via unknown vectors, a different vulnerability than ...
7 years ago

CVE-2010-3414 - Google Chrome before 6.0.472.59 on Mac OS X does not properly implement file dialogs, which allows attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. NOTE: this issue exists ...
3 years ago

CVE-2012-2399 - Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote attackers to inject arbitrary web script or HTML ...
7 years ago

CVE-2006-3414 - Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution. ...
16 years ago

CVE-2014-3414 - Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a user via the admin parameter to ...
9 years ago

CVE-2012-3414 - Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFUpload 2.2.0.1 and earlier, as used in WordPress before 3.3.2, TinyMCE Image Manager 1.1, and other products, allows remote attackers to inject arbitrary web script or HTML via the ...
8 years ago

CVE-2007-3414 - Multiple cross-site scripting (XSS) vulnerabilities in access2asp 4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) od and (2) search parameters to (a) suppliersList.asp and (b) contactsList.asp. ...
7 years ago

CVE-2008-3414 - SQL injection vulnerability in line2.php in SiteAdmin allows remote attackers to execute arbitrary SQL commands via the art parameter. Additional source found during analysis: ...
7 years ago

CVE-2019-3414 - All versions up to V1.19.20.02 of ZTE OTCP product are impacted by XSS vulnerability. Due to XSS, when an attacker invokes the security management to obtain the resources of the specified operation code owned by a user, the malicious script code ...
5 years ago

CVE-2017-9555 - Cross-site scripting (XSS) vulnerability in PixlrEditorHandler.php in Synology Photo Station before 6.7.0-3414 allows remote attackers to inject arbitrary web script or HTML via the image parameter. ...
5 years ago

CVE-2016-3414 - Unspecified vulnerability in Zimbra Collaboration before 8.6.0 Patch 7 allows remote authenticated users to affect availability via unknown vectors, aka bug 102029. ...
4 years ago

CVE-2017-3414 - Vulnerability in the Oracle Advanced Outbound Telephony component of Oracle E-Business Suite (subcomponent: User Interface). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable ...
5 years ago

CVE-2020-3414 - A vulnerability in the packet processing of Cisco IOS XE Software for Cisco 4461 Integrated Services Routers could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. The ...
1 year ago

CVE-2011-3414 - The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ...
1 year ago

CVE-2015-3414 - SQLite before 3.8.9 does not properly implement the dequoting of collation-sequence names, which allows context-dependent attackers to cause a denial of service (uninitialized memory access and application crash) or possibly have unspecified other ...
2 years ago

CVE-2021-3414 - A flaw was found in satellite. When giving granular permission related to the organization, other permissions allowing a user to view and manage other organizations are also granted. The highest threat from this vulnerability is to data ...
2 years ago

CVE-2022-3414 - A vulnerability was found in SourceCodester Web-Based Student Clearance System. It has been classified as critical. Affected is an unknown function of the file /Admin/login.php of the component POST Parameter Handler. The manipulation of the argument ...
2 years ago

CVE-2023-3414 - A cross-site request forgery vulnerability exists in versions of the Jenkins Plug-in for ServiceNow DevOps prior to 1.38.1 that, if exploited successfully, could cause the unwanted exposure of sensitive information. To address this issue, apply the ...
1 year ago

CVE-2013-3414 - Cross-site scripting (XSS) vulnerability in the WebVPN portal login page on Cisco Adaptive Security Appliances (ASA) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCug83080. ...
1 year ago

CVE-2024-3414 - A vulnerability was found in SourceCodester Human Resource Information System 1.0 and classified as problematic. This issue affects some unknown processing of the file Superadmin_Dashboard/process/addcorporate_process.php. The manipulation of the ...
10 months ago Tenable.com

Latest Cyber News

Serbian police used Cellebrite zero-day hack to unlock Android phones - 15 minutes ago
Microsoft confirms it's killing off Skype in May, after 14 years - 1 hour ago
CVE-2024-53408 - 1 hour ago
CVE-2024-41338 - 2 hours ago
Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - 2 hours ago
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - 3 hours ago
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - 3 hours ago
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data - 3 hours ago
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications - 4 hours ago
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - 4 hours ago
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access - 5 hours ago
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - 6 hours ago
1.6 Million Android TVs Worldwide Hacked by Vo1d Botnet - 7 hours ago
New GitHub Scam With Thousand of “mods" & "cracks" Steal Your Data - 8 hours ago
260 Domains Hosting 5,000 Weaponized PDF Files Attacking Users - 8 hours ago
Wallbleed Exposes Memory Vulnerability in China’s Great Firewall DNS System - 8 hours ago
18 Best Web Filtering Solutions - 2025 - 9 hours ago
DeepSeek Data Leak - 12,000 Hardcoded Live API keys and Passwords Exposed - 13 hours ago
Vo1d malware botnet grows to 1.6 million Android TVs worldwide - 17 hours ago
New Vo1d botnet variant infects 1.6 million Android TVs worldwide - 17 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
Kimsuky - 1 year ago
23andMe - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Serbian police used Cellebrite zero-day hack to unlock Android phones - 15 minutes ago
Microsoft confirms it's killing off Skype in May, after 14 years - 1 hour ago
Chinese Hackers Exploiting Check Point's VPN Zero-Day Vulnerability - 2 hours ago
Nakivo Backup & Replication Tool Vulnerability Allows Attackers to Read Arbitrary Files - 3 hours ago
Hacker behind over 90 high-profile data leaks worldwide arrested in Thailand | The Record from Recorded Future News - 3 hours ago
Poco RAT Malware Exploits PDF Files to Infiltrate Systems and Steal Data - 3 hours ago
Njrat Attacking Users Abusing Microsoft Dev Tunnels for C2 Communications - 4 hours ago
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins - 4 hours ago
PingAM Java Agent Vulnerability Let Attackers Gain Unauthorized Access - 5 hours ago
Lynx Ransomware Attacking Organizations to Exfiltrate Sensitive Data - 6 hours ago
1.6 Million Android TVs Worldwide Hacked by Vo1d Botnet - 7 hours ago
New GitHub Scam With Thousand of “mods" & "cracks" Steal Your Data - 8 hours ago
260 Domains Hosting 5,000 Weaponized PDF Files Attacking Users - 8 hours ago
Wallbleed Exposes Memory Vulnerability in China’s Great Firewall DNS System - 8 hours ago
18 Best Web Filtering Solutions - 2025 - 9 hours ago
DeepSeek Data Leak - 12,000 Hardcoded Live API keys and Passwords Exposed - 13 hours ago
CVE-2018-9994 - 1 year ago
CVE-2018-9329 - 1 year ago
CVE-2018-9324 - 1 year ago
CVE-2018-9323 - 1 year ago