CyberSecurityBoard
Sponsor Register Login

CVE-2005-3975

Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer as a result of CVE-2005-3312. NOTE: it could be argued that this vulnerability is due to a design flaw in Internet Explorer and the proper fix should be in that browser; if so, then this should not be treated as a vulnerability in Drupal.

Publication date: Sun, 04 Dec 2005 01:03:00 +0000


Cyber News related to CVE-2005-3975

CVE-2005-3975 - Interpretation conflict in file.inc in Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 allows remote authenticated users to inject arbitrary web script or HTML via HTML in a file with a GIF or JPEG file extension, which causes the HTML to be ...
6 years ago
CVE-2007-3975 - Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412. ...
6 years ago
CVE-2024-3975 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
2 months ago Tenable.com
CVE-2008-3975 - Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3977. ...
7 years ago
CVE-2008-3977 - Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 9.0.4.3 and 10.1.2.3 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CVE-2008-3975. ...
7 years ago
CVE-2014-3975 - Absolute path traversal vulnerability in filemanager.php in AuraCMS 3.0 allows remote attackers to list a directory via a full pathname in the viewdir parameter. ...
10 years ago
CVE-2011-3975 - A certain HTC update for Android 2.3.4 build GRJ22, when the Sense interface is used on the HTC EVO 3D, EVO 4G, ThunderBolt, and unspecified other devices, provides the HtcLoggers.apk application, which allows user-assisted remote attackers to obtain ...
7 years ago
CVE-2013-3975 - Unspecified vulnerability in the Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 allows remote attackers to discover user names, full names, and e-mail addresses via a search. ...
7 years ago
CVE-2009-3975 - SQL injection vulnerability in index.php in Moa Gallery 1.1.0 and 1.2.0 allows remote attackers to execute arbitrary SQL commands via the gallery_id parameter in a gallery_view action. ...
7 years ago
CVE-2012-3975 - The DOMParser component in Mozilla Firefox before 15.0, Thunderbird before 15.0, and SeaMonkey before 2.12 loads subresources during parsing of text/html data within an extension, which allows remote attackers to obtain sensitive information by ...
7 years ago
CVE-2010-3975 - Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file ...
6 years ago
CVE-2020-3975 - VMware App Volumes 2.x prior to 2.18.6 and VMware App Volumes 4 prior to 2006 contain a Stored Cross-Site Scripting (XSS) vulnerability. A malicious actor with access to create and edit applications or create storage groups, may be able to inject ...
4 years ago
CVE-2006-3975 - Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input." ...
4 years ago
CVE-2016-3975 - Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to ...
3 years ago
CVE-2019-3975 - Stack-based buffer overflow in Advantech WebAccess/SCADA 8.4.1 allows a remote, unauthenticated attacker to execute arbitrary code via a crafted IOCTL 70603 RPC message. ...
3 years ago
CVE-2018-3975 - An exploitable uninitialized variable vulnerability exists in the RTF-parsing functionality of Atlantis Word Processor 3.2.6 version. A specially crafted RTF file can leverage an uninitialized stack address, resulting in an out-of-bounds write, which ...
2 years ago
CVE-2022-3975 - A vulnerability, which was classified as problematic, has been found in NukeViet CMS. Affected by this issue is the function filterAttr of the file vendor/vinades/nukeviet/Core/Request.php of the component Data URL Handler. The manipulation of the ...
2 years ago
CVE-2021-3975 - A use-after-free flaw was found in libvirt. The qemuMonitorUnregister() function in qemuProcessHandleMonitorEOF is called using multiple threads without being adequately protected by a monitor lock. This flaw could be triggered by the ...
2 years ago
CVE-2023-3975 - OS Command Injection in GitHub repository jgraph/drawio prior to 21.5.0. ...
1 year ago
CVE-2015-3975 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2015. Notes: none ...
55 years ago Tenable.com
CVE-2017-3975 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-52550 - Jenkins Pipeline: Groovy Plugin 3990.vd281dd77a_388 and earlier, except 3975.3977.v478dd9e956c3 does not check whether the main (Jenkinsfile) script for a rebuilt build is approved, allowing attackers with Item/Build permission to rebuild a previous ...
5 months ago Tenable.com
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)