CVE-2005-0885
published 2005-05-02CVE-2005-0885: Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2)…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.81%
76.0th percentile
Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xmb_forum | xmb | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2004-0885 mod_ssl SSLCipherSuite bypass
bugzilla·2008-01-29·CVSS 7.5
CVE-2004-0885 [HIGH] CVE-2004-0885 mod_ssl SSLCipherSuite bypass
CVE-2004-0885 mod_ssl SSLCipherSuite bypass
Common Vulnerabilities and Exposures assigned an identifier CVE-2004-0885 to the following vulnerability:
The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the
"
SSLCipherSuite
"
directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
References:
http://www.apacheweek.com/features/security-20
http://issues.apache.org/bugzilla/show_bug.cgi?id=31505
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX
Bugzilla
CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
bugzilla·2005-10-25·CVSS 7.5
CVE-2004-0488 [HIGH] CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
CVE-2004-0488 mod_ssl flaws (CVE-2004-0885 CVE-2005-2700)
Multiple flaws in Stronghold 4.0 mod_ssl
A stack buffer overflow in mod_ssl. If FakeBasicAuth had been enabled, a
carefully crafted client certificate sent to mod_ssl can cause a stack
overflow. In order to exploit this issue, the malicious certificate would
have to be signed by a Certificate Authority which mod_ssl is configured to
trust. (CVE-2004-0488)
The mod_ssl module, when using the "SSLCipherSuite" directive in directory
or location context, allowed remote clients to bypass intended restrictions
by using any cipher suite that is allowed by the virtual host
configuration. (CVE-2004-0885)
A flaw in mod_ssl triggered if a virtual host was configured using
"SSLVerifyClient optional" and a directive "SSLVerifyClient required"
2005-05-02
Published