CyberSecurityBoard
Sponsor Register Login

CVE-2005-3755

Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the resulting error messages.

Publication date: Wed, 23 Nov 2005 03:03:00 +0000


Cyber News related to CVE-2005-3755

CVE-2021-47341 - In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec ...
1 year ago Tenable.com
CVE-2022-49947 - In the Linux kernel, the following vulnerability has been resolved: ...
1 day ago
CVE-2005-3755 - Directory traversal vulnerability in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to determine the existence of arbitrary files via a relative path from a style sheet directory, then comparing the ...
6 years ago
CVE-2017-3755 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
10 months ago
CVE-2010-3755 - The _DAS_ReadBlockReply function in FastBackServer.exe in the Server in IBM Tivoli Storage Manager (TSM) FastBack 5.5.0.0 through 5.5.6.0 and 6.1.0.0 through 6.1.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and ...
6 years ago
CVE-2020-3755 - Adobe Acrobat and Reader versions 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information ...
3 years ago
CVE-2011-3755 - MantisBT 1.2.4 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by view_all_inc.php and certain other files. ...
11 years ago
CVE-2014-3755 - The QSvg module in Qt, as used in the Mumble client 1.2.x before 1.2.6, allows remote attackers to cause a denial of service (hang and resource consumption) via a local file reference in an (1) image tag or (2) XML stylesheet in an SVG file. ...
10 years ago
CVE-2016-3755 - decoder/ih264d_parse_pslice.c in mediaserver in Android 6.x before 2016-07-01 does not properly select concealment frames, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug ...
8 years ago
CVE-2006-3755 - PHP remote file inclusion vulnerability in Include/editor/class.rich.php in FlushCMS 1.0.0-pre2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the class_path parameter. NOTE: the provenance of this information is ...
7 years ago
CVE-2013-3755 - Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 allows remote attackers to affect integrity via vectors related to SSO Engine. ...
7 years ago
CVE-2009-3755 - Multiple cross-site scripting (XSS) vulnerabilities in phpBMS 0.96 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) index.php and (2) modules\base\myaccount.php; and the PATH_INFO to (3) modules_view.php, (4) ...
7 years ago
CVE-2012-3755 - Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image. ...
7 years ago
CVE-2008-3755 - SQL injection vulnerability in view.php in YourFreeWorld Classifieds Script allows remote attackers to execute arbitrary SQL commands via the category parameter. ...
7 years ago
CVE-2015-3755 - WebKit in Apple Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, as used in iOS before 8.4.1 and other products, allows remote attackers to spoof the user interface via a malformed URL. ...
6 years ago
CVE-2007-3755 - Mail in Apple iPhone 1.1.1 allows remote user-assisted attackers to force the iPhone user to make calls to arbitrary telephone numbers via a "tel:" link, which does not prompt the user before dialing the number. ...
2 years ago
CVE-2018-3755 - XSS in sexstatic <0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. ...
2 years ago
CVE-2023-3755 - A vulnerability has been found in Creativeitem Atlas Business Directory Listing 2.13 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /home/filter_listings. The manipulation of the argument ...
1 year ago
CVE-2024-3755 - The MF Gig Calendar WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as editor to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ...
1 year ago
CVE-2021-3755 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none ...
1 year ago
CVE-2022-3755 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. ...
1 year ago
CVE-2025-3755 - Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a ...
3 weeks ago
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)