SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.
Publication date: Sun, 27 Nov 2005 02:03:00 +0000
Cyber News related to CVE-2005-3833
CVE-2005-3833 - SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter. ...
14 years ago
CVE-2011-5069 - Unrestricted file upload vulnerability in incident_attachments.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a ...
7 years ago
CVE-2008-3833 - The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain ...
2 years ago
CVE-2021-3833 - Integria IMS login check uses a loose comparator ("") to compare the MD5 hash of the password provided by the user and the MD5 hash stored in the database. An attacker with a specific formatted password could exploit this vulnerability in ...
2 years ago
CVE-2009-3833 - Cross-site scripting (XSS) vulnerability in index.php in TFTgallery 0.13 allows remote attackers to inject arbitrary web script or HTML via the album parameter. ...
15 years ago
CVE-2013-3833 - Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authentication Engine. ...
11 years ago
CVE-2014-3833 - Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly ...
10 years ago
CVE-2015-3833 - The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground ...
9 years ago
CVE-2016-3833 - The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted ...
8 years ago
CVE-2017-3833 - A vulnerability in the web framework of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of the affected software. More ...
8 years ago
CVE-2007-3833 - The AOL Instant Messenger (AIM) protocol handler in Cerulean Studios Trillian allows remote attackers to create files with arbitrary contents via certain aim: URIs, as demonstrated by a URI that begins with the "aim: &c:\" substring and ...
7 years ago
CVE-2011-3833 - Unrestricted file upload vulnerability in ftp_upload_file.php in Support Incident Tracker (aka SiT!) 3.65 allows remote authenticated users to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in ...
7 years ago
CVE-2012-3833 - Cross-site scripting (XSS) vulnerability in the default index page in admin/ in Quick.CMS 4.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. ...
7 years ago
CVE-2006-3833 - index.php in EJ3 TOPo 2.2.178 allows remote attackers to overwrite existing entries and establish new passwords for the overwritten entries via a URL with a modified entry ID. ...
6 years ago
CVE-2010-3833 - MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and ...
1 year ago
CVE-2020-3833 - An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 13.0.5. Visiting a malicious website may lead to address bar spoofing. ...
5 years ago
CVE-2022-3833 - The Fancier Author Box by ThematoSoup WordPress plugin through 1.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html ...
2 years ago
CVE-2018-3833 - An exploitable firmware downgrade vulnerability exists in Insteon Hub running firmware version 1013. The firmware upgrade functionality, triggered via PubNub, retrieves signed firmware binaries using plain HTTP requests. The device doesn't check ...
2 years ago
CVE-2019-3833 - Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request ...
2 years ago
CVE-2023-3833 - A vulnerability was found in Bug Finder Montage 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument ...
1 year ago
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago
CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago