CVE-2005-0888
published 2005-05-02CVE-2005-0888: Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.21%
64.6th percentile
Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dcl | — | — |
| michael_dean | double_choco_latte | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat10.0CRITICAL
vendor_debian4.3LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vc4f-x28m-p38x: Multiple cross-site scripting (XSS) vulnerabilities in functions
ghsa_unreviewed·2022-05-01
CVE-2005-0888 [MEDIUM] GHSA-vc4f-x28m-p38x: Multiple cross-site scripting (XSS) vulnerabilities in functions
Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.
Red Hat
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
vendor_redhat·2008-04-01·CVSS 10.0
CVE-2008-1374 [CRITICAL] cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.
Debian
CVE-2005-0888: dcl - Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Dou...
vendor_debian·2005·CVSS 4.3
CVE-2005-0888 [MEDIUM] CVE-2005-0888: dcl - Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Dou...
Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Red Hat
security flaw
vendor_redhat·2004-10-20·CVSS 10.0
CVE-2005-0206 [CRITICAL] security flaw
security flaw
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-0206 security flaw
bugzilla·2018-08-16·CVSS 10.0
CVE-2005-0206 [CRITICAL] CVE-2005-0206 security flaw
CVE-2005-0206 security flaw
Flaw bug created to hold information about an old flaw we knew something about. For more details see the MITRE CVE description.
Discussion:
MITRE description:
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
Bugzilla
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
bugzilla·2008-03-20·CVSS 10.0
CVE-2008-1374 [CRITICAL] CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
CVE-2008-1374 cups: incomplete fix for CVE-2004-0888 / CVE-2005-0206
It was discovered that patch applied to cups packages as shipped in Red Hat
Enterprise Linux 3 and 4 to address security issues in xpdf code known as
CVE-2004-0888 / CVE-2005-0206 was incomplete.
On certain platforms, malicious pdf file could still cause a crash or possibly
cause code execution when it's processed by pdftops filter.
This issue affects 64-bit platforms. cups packages in Red Hat Enterprise Linux
5 are not affected by this problem.
Discussion:
This issue was addressed in:
Red Hat Enterprise Linux:
http://rhn.redhat.com/errata/RHSA-2008-0206.html
Bugzilla
CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)
bugzilla·2005-02-08
[MEDIUM] CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)
CAN-2004-0888 xpdf issues affect cups (CAN-2005-0206)
*** This bug has been split off bug 135378 ***
This issue affects RHEL4 as well.
------- Original comment by Mark J. Cox (Security Response Team) on 2004.10.12
07:50 -------
CUPS contains a stripped down version of xpdf. Recent issues have
been found in xpdf 2 that can result in integer overflows causing bad
memory allocation or out of bounds writes. It's not expected these
can cause arbitrary code execution, more likely to be DoS crashers.
Embargoed until October 20th 1400UTC
Patch to follow
CVE names to follow
Discussion:
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to
http://secunia.com/advisories/14688http://securitytracker.com/id?1013559http://sourceforge.net/project/shownotes.php?release_id=315160https://exchange.xforce.ibmcloud.com/vulnerabilities/19805http://secunia.com/advisories/14688http://securitytracker.com/id?1013559http://sourceforge.net/project/shownotes.php?release_id=315160https://exchange.xforce.ibmcloud.com/vulnerabilities/19805
2005-05-02
Published