CVE-2005-3924

SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters.

Publication date: Wed, 30 Nov 2005 17:03:00 +0000

Cyber News related to CVE-2005-3924

CVE-2005-3924 - SQL injection vulnerability in themes/kategorie/index.php in Randshop allows remote attackers to execute arbitrary SQL commands via the (1) kategorieid and (2) katid parameters. ...
13 years ago

CVE-2007-3924 - Argument injection vulnerability in Microsoft Internet Explorer, when running on systems with Netscape installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell ...
3 years ago

ISC fixed high-severity flaws in DNS software suite BIND - The latest BIND updates patch multiple remotely exploitable vulnerabilities that could lead to denial-of-service. BIND is a suite of software for interacting with the Domain Name System maintained by the Internet Systems Consortium. The ISC released ...
1 year ago Securityaffairs.com

CVE-2014-3884 - Cross-site scripting (XSS) vulnerability in Usermin before 1.600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. ...
10 years ago

CVE-2014-3885 - Cross-site scripting (XSS) vulnerability in Webmin before 1.690 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. ...
10 years ago

CVE-2014-3886 - Cross-site scripting (XSS) vulnerability in Webmin before 1.690, when referrer checking is disabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this might overlap CVE-2014-3924. ...
10 years ago

CVE-2021-3924 - grav is vulnerable to Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') ...
3 years ago

CVE-2006-3924 - Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
16 years ago

CVE-2014-3924 - Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows. ...
10 years ago

CVE-2016-3924 - services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 does not validate EFFECT_CMD_SET_PARAM and EFFECT_CMD_SET_PARAM_DEFERRED commands, ...
7 years ago

CVE-2009-3924 - Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly ...
7 years ago

CVE-2010-3924 - SQL injection vulnerability in Aimluck Aipo before 5.1.0.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. ...
7 years ago

CVE-2012-3924 - The SSLVPN implementation in Cisco IOS 15.1 and 15.2, when DTLS is enabled, does not properly handle certain outbound ACL configurations, which allows remote authenticated users to cause a denial of service (device crash) via a session involving a ...
7 years ago

CVE-2008-3924 - The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password ...
7 years ago

CVE-2019-3924 - MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this ...
5 years ago

CVE-2011-3924 - Use-after-free vulnerability in Google Chrome before 16.0.912.77 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to DOM selections. ...
4 years ago

CVE-2020-3924 - DVR firmware in TAT-76 and TAT-77 series of products, provided by TONNET do not properly verify patch files. Attackers can inject a specific command into a patch file and gain access to the system. ...
3 years ago

CVE-2018-3924 - An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in ...
2 years ago

CVE-2017-3924 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2022-3924 - This issue can affect BIND 9 resolvers with `stale-answer-enable yes;` that also make use of the option `stale-answer-client-timeout`, configured with a value greater than zero. If the resolver receives many queries that require recursion, there will ...
11 months ago

CVE-2024-3924 - A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is ...
5 months ago

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
11 months ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

Latest Cyber News

CVE-2024-10146 - 11 hours ago
CVE-2024-9186 - 11 hours ago
CVE-2023-34049 - 12 hours ago
CVE-2024-5082 - 14 hours ago
CVE-2024-5083 - 15 hours ago
CVE-2024-40408 - 18 hours ago
CVE-2024-40410 - 18 hours ago
CVE-2024-40404 - 18 hours ago
CVE-2024-40405 - 18 hours ago
CVE-2024-40407 - 18 hours ago
CVE-2024-50955 - 19 hours ago
CVE-2024-50956 - 19 hours ago
CVE-2024-51027 - 19 hours ago
CVE-2024-45878 - 20 hours ago
CVE-2024-45879 - 20 hours ago
CVE-2024-52549 - 20 hours ago
CVE-2024-52550 - 20 hours ago
CVE-2024-52551 - 20 hours ago
CVE-2024-52552 - 20 hours ago
CVE-2024-52553 - 20 hours ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10877 - 1 day ago
CVE-2024-9059 - 1 day ago
CVE-2024-9668 - 1 day ago
CVE-2024-9682 - 1 day ago
CVE-2024-11028 - 1 day ago
CVE-2024-8001 - 1 day ago
CVE-2024-11159 - 1 day ago
CVE-2024-48989 - 1 day ago
CVE-2024-11165 - 1 day ago
CVE-2024-48510 - 1 day ago
CVE-2024-48900 - 1 day ago
CVE-2024-49504 - 1 day ago
CVE-2024-49505 - 1 day ago
CVE-2024-49506 - 1 day ago
CVE-2024-50852 - 1 day ago
CVE-2024-50853 - 1 day ago
CVE-2024-50854 - 1 day ago
CVE-2024-9477 - 1 day ago
CVE-2024-10012 - 1 day ago
CVE-2024-10013 - 1 day ago