CVE-2005-4170

SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php.

Publication date: Mon, 12 Dec 2005 03:03:00 +0000

Cyber News related to CVE-2005-4170

CVE-2005-4170 - SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php. ...
7 years ago

CVE-2006-4170 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4812. Reason: This candidate is a reservation duplicate of CVE-2006-4812. Notes: All CVE users should reference CVE-2006-4812 instead of this candidate. All references and ...
54 years ago Tenable.com

CVE-2011-4170 - Cross-site scripting (XSS) vulnerability in the theme_adium_append_message function in empathy-theme-adium.c in the Adium theme in libempathy-gtk in Empathy 3.2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a ...
12 years ago

CVE-2021-4170 - calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') ...
2 years ago

CVE-2012-4170 - Buffer overflow in Adobe Photoshop CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted file. ...
11 years ago

CVE-2016-4170 - Cross-site scripting (XSS) vulnerability in Adobe Experience Manager 5.6.1, 6.0, 6.1, and 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago

CVE-2015-4170 - Race condition in the ldsem_cmpxchg function in drivers/tty/tty_ldsem.c in the Linux kernel before 3.13-rc4-next-20131218 allows local users to cause a denial of service (ldsem_down_read and ldsem_down_write deadlock) by establishing a new tty thread ...
7 years ago

CVE-2009-4170 - WP-Cumulus Plug-in 1.20 for WordPress, and possibly other versions, allows remote attackers to obtain sensitive information via a crafted request to wp-cumulus.php, probably without parameters, which reveals the installation path in an error message. ...
6 years ago

CVE-2008-4170 - create_account.php in osCommerce 2.2 RC 2a allows remote attackers to obtain sensitive information via an invalid dob parameter, which reveals the installation path in an error message. ...
6 years ago

CVE-2007-4170 - Multiple PHP remote file inclusion vulnerabilities in AL-Athkar 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) include parameter to (a) Main.php and (b) get.php and the (2) exec parameter to (c) count.php. ...
6 years ago

CVE-2018-4170 - An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "Admin Framework" component. It allows local users to discover a password by listing a process and its arguments during sysadminctl ...
5 years ago

CVE-2014-4170 - A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information. ...
4 years ago

CVE-2020-4170 - IBM Security Guardium Insights 2.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 174406. ...
4 years ago

CVE-2013-4170 - In general, Ember.js escapes or strips any user-supplied content before inserting it in strings that will be sent to innerHTML. However, the `tagName` property of an `Ember.View` was inserted into such a string without being sanitized. This means ...
2 years ago

CVE-2010-4170 - The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file. ...
1 year ago

CVE-2023-4170 - A vulnerability was found in DedeBIZ 6.2.10. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Article Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. ...
1 year ago

CVE-2022-4170 - The rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set. ...
1 year ago

CVE-2017-4170 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-4170 - A vulnerability was found in Tenda 4G300 1.01.42. It has been rated as critical. This issue affects the function sub_429A30. The manipulation of the argument list1 leads to stack-based buffer overflow. The attack may be initiated remotely. The ...
6 months ago

Windows 10 KB5035845 update released with 9 new changes, fixes - Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. After installing this mandatory Windows 10 cumulative update, the March 2024 Patch Tuesday security updates ...
8 months ago Bleepingcomputer.com

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
11 months ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-53094 - 21 hours ago
CVE-2024-52289 - 22 hours ago
CVE-2024-52307 - 22 hours ago
CVE-2024-52309 - 22 hours ago
CVE-2024-52799 - 22 hours ago
CVE-2024-52803 - 22 hours ago
CVE-2024-8525 - 23 hours ago
CVE-2024-8526 - 23 hours ago
CVE-2024-28892 - 1 day ago
CVE-2024-21855 - 1 day ago
CVE-2024-28025 - 1 day ago
CVE-2024-28027 - 1 day ago
CVE-2024-21786 - 1 day ago
CVE-2024-11592 - 1 day ago
CVE-2024-11591 - 1 day ago
CVE-2024-7130 - 1 day ago
CVE-2024-11590 - 1 day ago
CVE-2024-11588 - 1 day ago
CVE-2024-11587 - 1 day ago
CVE-2024-10316 - 1 day ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-11595 - 2 days ago
CVE-2024-45510 - 2 days ago
CVE-2024-45511 - 2 days ago
CVE-2024-48530 - 2 days ago
CVE-2024-48531 - 2 days ago
CVE-2024-48983 - 2 days ago
CVE-2024-48984 - 2 days ago
CVE-2024-51151 - 2 days ago
CVE-2024-51208 - 2 days ago
CVE-2024-52754 - 2 days ago
CVE-2024-52755 - 2 days ago
CVE-2024-52765 - 2 days ago
CVE-2024-52797 - 2 days ago
CVE-2024-8726 - 2 days ago
CVE-2024-10365 - 2 days ago
CVE-2024-52443 - 2 days ago
CVE-2024-52449 - 2 days ago
CVE-2024-10520 - 2 days ago
CVE-2024-11406 - 2 days ago
CVE-2024-10913 - 2 days ago