CVE-2005-1062
published 2005-05-02CVE-2005-1062: The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers…
PriorityP428high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
2.56%
83.1th percentile
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.
Affected
34 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | kerio_mailserver | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | personal_firewall | — | — |
| kerio | winroute_firewall | — | — |
| kerio | winroute_firewall | — | — |
| kerio | winroute_firewall | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv4.3MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-p2g2-c24h-84cp: The administration protocol for Kerio WinRoute Firewall 6
ghsa_unreviewed·2022-05-01
CVE-2005-1062 [HIGH] GHSA-p2g2-c24h-84cp: The administration protocol for Kerio WinRoute Firewall 6
The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.
OSV
CVE-2005-4831: viewcvs in ViewCVS 0
osv·2005-12-31·CVSS 4.3
CVE-2005-4831 CVE-2005-4831: viewcvs in ViewCVS 0
viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062. NOTE: it was later reported that 0.9.4 is also affected.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2005-3353 PHP exif data DoS
bugzilla·2005-11-07·CVSS 5.0
CVE-2005-3353 [MEDIUM] CVE-2005-3353 PHP exif data DoS
CVE-2005-3353 PHP exif data DoS
PHP exif data DoS
An error in the way php processes exif image data has been found.
This flaw will cause PHP to enter an infinite loop when
exif_read_data() against the malicious image. The PHP process will
continue to consume computing resources until the PHP process is
killed.
http://bugs.php.net/bug.php?id=34704
When run through httpd, the PHP process will eventually timeout and be
killed. This is only a temporary DoS when PHP is run from httpd..
This issue also affects FC3
Discussion:
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
Bugzilla
CVE-2005-3388 PHP phpinfo() XSS attack
bugzilla·2005-11-01·CVSS 4.3
CVE-2005-3388 [MEDIUM] CVE-2005-3388 PHP phpinfo() XSS attack
CVE-2005-3388 PHP phpinfo() XSS attack
+++ This bug was initially created as a clone of Bug #172212 +++
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up
to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web
script or HTML via a crafted URL with a "stacked array assignment."
http://www.hardened-php.net/advisory_182005.77.html
This issue should also affect FC3
Discussion:
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
---
FEDORA-2020-fb144e7de5 has been submitted as an update to Fedora 32. https://bodhi.fedoraproject.org/updates/FEDORA-2020-fb144e7de5
---
FEDORA-2020-fb144e7de5 has been pushed to the Fedora 32 testing repository.
In short time you'll be able to install the update with the following command:
`sudo dnf upgrade --enabl
Bugzilla
CVE-2005-3390 PHP register globals arbitrary code execution
bugzilla·2005-11-01·CVSS 7.5
CVE-2005-3390 [HIGH] CVE-2005-3390 PHP register globals arbitrary code execution
CVE-2005-3390 PHP register globals arbitrary code execution
+++ This bug was initially created as a clone of Bug #172207 +++
The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5,
when register_globals is enabled, allows remote attackers to modify the
GLOBALS array and bypass security protections of PHP applications via a
multipart/form-data POST request with a "GLOBALS" fileupload field.
http://www.hardened-php.net/advisory_202005.79.html
This issue should also affect FC3
Discussion:
*** Bug 172200 has been marked as a duplicate of this bug. ***
---
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
Bugzilla
CVE-2005-3389 PHP parse_str can enable register_globals
bugzilla·2005-11-01·CVSS 5.0
CVE-2005-3389 [MEDIUM] CVE-2005-3389 PHP parse_str can enable register_globals
CVE-2005-3389 PHP parse_str can enable register_globals
+++ This bug was initially created as a clone of Bug #172209 +++
The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called
with only one parameter, allows remote attackers to disable the
register_globals directive via inputs that cause a request to be terminated
due to the memory_limit setting, which causes PHP to set an internal flag that
enables register_globals and allows attackers to exploit vulnerabilities in
PHP applications that would otherwise be protected.
http://www.hardened-php.net/advisory_192005.78.html
This issue also affects FC3
Discussion:
Fixed in FEDORA-2005-1062/FEDORA-2005-1061.
2005-05-02
Published