CVE-2005-4047

Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter.

Publication date: Wed, 07 Dec 2005 17:03:00 +0000

Cyber News related to CVE-2005-4047

CVE-2005-4047 - Cross-site scripting (XSS) vulnerability in kb.asp in IISWorks ASPKnowledgeBase 2.0 allows remote attackers to inject arbitrary web script or HTML via the a parameter. ...
13 years ago

CVE-2021-4047 - The release of OpenShift 4.9.6 included four CVE fixes for the haproxy package, however the patch for CVE-2021-39242 was missing. This issue only affects Red Hat OpenShift 4.9. ...
1 year ago

CVE-2008-4047 - Unspecified vulnerability in Novell Forum (formerly SiteScape Forum) 7.0, 7.1, 7.2, 7.3, and 8.0 allows remote attackers to execute arbitrary TCL code via a modified URL. NOTE: this might overlap CVE-2007-6515. ...
7 years ago

CVE-2008-2461 - SQL injection vulnerability in index.php in Netious CMS 0.4 allows remote attackers to execute arbitrary SQL commands via the pageid parameter, a different vector than CVE-2006-4047. ...
7 years ago

CVE-2009-4047 - Multiple cross-site scripting (XSS) vulnerabilities in PHD Help Desk 1.43 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to area.php; the (2) pagina, (3) sentido, (4) q_registros, and (5) orden parameters to ...
15 years ago

CVE-2011-4047 - The Dell KACE K2000 System Deployment Appliance allows remote attackers to execute arbitrary commands by leveraging database write access. ...
13 years ago

CVE-2006-4047 - SQL injection vulnerability in index.php in Netious CMS 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained from third ...
7 years ago

CVE-2013-4047 - Cross-site scripting (XSS) vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote attackers to inject arbitrary web script or HTML via a crafted link. ...
7 years ago

CVE-2010-4047 - Opera before 10.63 does not properly select the security context of JavaScript code associated with an error page, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site. ...
7 years ago

CVE-2014-4047 - Asterisk Open Source 1.8.x before 1.8.28.1, 11.x before 11.10.1, and 12.x before 12.3.1 and Certified Asterisk 1.8.15 before 1.8.15-cert6 and 11.6 before 11.6-cert3 allows remote attackers to cause a denial of service (connection consumption) via a ...
6 years ago

CVE-2007-4047 - geoBlog (aka BitDamaged) 1 does not require authentication for (1) deletecomment.php, (2) deleteblog.php, and (3) listcomment.php in admin/, which allows remote attackers to delete arbitrary comments, delete arbitrary blogs, and have other ...
6 years ago

CVE-2016-4047 - An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev8. References to external Open XML document type definitions (.dtd resources) can be placed within .docx and .xslx files. Those resources were requested when parsing certain parts ...
6 years ago

CVE-2015-4047 - racoon/gssapi.c in IPsec-Tools 0.8.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a series of crafted UDP requests. ...
5 years ago

CVE-2018-4047 - An exploitable privilege escalation vulnerability exists in the helper service of Clean My Mac X, version 4.04, due to improper input validation. An attacker with local access could exploit this vulnerability to modify the file system as root. ...
2 years ago

CVE-2019-4047 - IBM Jazz Reporting Service (JRS) 6.0.6 could allow an authenticated user to access the execution log files as a guest user, and obtain the information of the server execution. IBM X-Force ID: 156243. ...
2 years ago

CVE-2022-4047 - The Return Refund and Exchange For WooCommerce WordPress plugin before 4.0.9 does not validate attachment files to be uploaded via an AJAX action available to unauthenticated users, which could allow them to upload arbitrary files such as PHP and ...
2 years ago

CVE-2020-4047 - In affected versions of WordPress, authenticated users with upload permissions (like authors) are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher ...
1 year ago

CVE-2023-4047 - A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 116, Firefox ESR < 102.14, and Firefox ESR < 115.1. ...
3 months ago

CVE-2017-4047 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
55 years ago Tenable.com

CVE-2005-3122 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should ...
55 years ago Tenable.com

Latest Cyber News

CVE-2025-25246 - 14 hours ago
CVE-2025-1022 - 14 hours ago
CVE-2025-1025 - 14 hours ago
CVE-2025-1026 - 14 hours ago
CVE-2025-1028 - 15 hours ago
CVE-2025-23114 - 17 hours ago
CVE-2024-53966 - 19 hours ago
CVE-2025-0413 - 19 hours ago
CVE-2024-53962 - 19 hours ago
CVE-2024-53963 - 19 hours ago
CVE-2024-53964 - 19 hours ago
CVE-2024-53965 - 19 hours ago
CVE-2023-39943 - 20 hours ago
CVE-2023-40222 - 20 hours ago
CVE-2024-11467 - 20 hours ago
CVE-2024-11468 - 20 hours ago
CVE-2024-48445 - 20 hours ago
CVE-2024-8125 - 21 hours ago
CVE-2024-13722 - 21 hours ago
CVE-2024-13723 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-13114 - 1 day ago
CVE-2024-13115 - 1 day ago
CVE-2024-13325 - 1 day ago
CVE-2024-13326 - 1 day ago
CVE-2024-13327 - 1 day ago
CVE-2024-13328 - 1 day ago
CVE-2024-13329 - 1 day ago
CVE-2024-13330 - 1 day ago
CVE-2024-13331 - 1 day ago
CVE-2024-13332 - 1 day ago
CVE-2025-0368 - 1 day ago
CVE-2025-0466 - 1 day ago
CVE-2024-12597 - 1 day ago
CVE-2024-13607 - 1 day ago
CVE-2024-10237 - 1 day ago
CVE-2024-10238 - 1 day ago
CVE-2024-10239 - 1 day ago
CVE-2024-12046 - 1 day ago
CVE-2024-13514 - 1 day ago
CVE-2025-20881 - 1 day ago