CVE-2006-4905

CVE-2006-4905 - PHP remote file inclusion vulnerability in index.php in Artmedic Links 5.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, which is processed by the readfile function. ...
6 years ago

CVE-2008-4905 - Typo 5.1.3 and earlier uses a hard-coded salt for calculating password hashes, which makes it easier for attackers to guess passwords via a brute force attack. ...
16 years ago

CVE-2009-4905 - Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Acc Statistics 1.1 allow remote attackers to hijack the authentication of administrators for requests that change (1) passwords, (2) usernames, and (3) e-mail addresses. ...
14 years ago

CVE-2011-4905 - Apache ActiveMQ before 5.6.0 allows remote attackers to cause a denial of service (file-descriptor exhaustion and broker crash or hang) by sending many openwire failover:tcp:// connection requests. ...
13 years ago

CVE-2010-4905 - SQL injection vulnerability in article_details.php in Softbiz Article Directory Script allows remote attackers to execute arbitrary SQL commands via the sbiz_id parameter. ...
13 years ago

CVE-2012-4905 - Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." ...
12 years ago

CVE-2014-4905 - The Clean Internet Browser (aka com.cleantab.browsesecure) application 1.36 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ...
10 years ago

CVE-2015-4905 - Unspecified vulnerability in Oracle MySQL Server 5.6.23 and earlier allows remote authenticated users to affect availability via vectors related to Server : DML. ...
8 years ago

CVE-2016-4905 - SQL injection vulnerability in the WP-OliveCart versions prior to 3.1.3 and WP-OliveCartPro versions prior to 3.1.8 allows attackers with administrator rights to execute arbitrary SQL commands via unspecified vectors. ...
8 years ago

CVE-2007-4905 - Unrestricted file upload vulnerability in mod/contak.php in AuraCMS 2.1 allows remote attackers to upload and execute arbitrary PHP files via the image parameter, which places a file under files/. ...
7 years ago

CVE-2018-4905 - An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end ...
7 years ago

CVE-2018-18766 - An elevation of privilege vulnerability exists in the Call Dispatcher in Provisio SiteKiosk before 9.7.4905. ...
5 years ago

CVE-2020-4905 - IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4 could allow an remote attacker to obtain sensitive information, caused by a man in the middle attack. By SSL striping, an attacker could exploit this vulnerability to ...
3 years ago

CVE-2017-4905 - VMware ESXi 6.5 without patch ESXi650-201703410-SG, 6.0 U3 without patch ESXi600-201703401-SG, 6.0 U2 without patch ESXi600-201703403-SG, 6.0 U1 without patch ESXi600-201703402-SG, 5.5 without patch ESXi550-201703401-SG; Workstation Pro / Player 12.x ...
3 years ago

CVE-2023-4905 - Inappropriate implementation in Prompts in Google Chrome prior to 117.0.5938.62 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Medium) ...
1 year ago

CVE-2022-4905 - A vulnerability was found in UDX Stateless Media Plugin 3.1.1 on WordPress. It has been declared as problematic. This vulnerability affects the function setup_wizard_interface of the file lib/classes/class-settings.php. The manipulation of the ...
1 year ago

CVE-2024-4905 - A vulnerability classified as critical has been found in Kashipara College Management System 1.0. Affected is an unknown function of the file view_students_each_detail.php. The manipulation of the argument id leads to sql injection. It is possible to ...
1 year ago

CVE-2019-4905 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none ...
1 year ago

CVE-2025-4905 - A vulnerability was found in iop-apl-uw basestation3 up to 3.0.4 and classified as problematic. This issue affects the function load_qc_pickl of the file basestation3/QC.py. The manipulation of the argument qc_file leads to deserialization. An attack ...
3 weeks ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago