CVE-2005-1999
published 2005-06-15CVE-2005-1999: Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP415medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EPSS
1.27%
66.2th percentile
Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action (viewall.php).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php_arena | pafiledb | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
GPL IMAP login buffer overflow attempt
suricata·2010-09-23
CVE-1999-0005 GPL IMAP login buffer overflow attempt
GPL IMAP login buffer overflow attempt
Rule: alert tcp $EXTERNAL_NET any -> $HOME_NET 143 (msg:"GPL IMAP login buffer overflow attempt"; flow:established,to_server; content:"LOGIN"; isdataat:100,relative; pcre:"/\sLOGIN\s[^\n]{100}/smi"; reference:bugtraq,13727; reference:bugtraq,502; reference:cve,1999-0005; reference:cve,1999-1557; reference:cve,2005-1255; reference:nessus,10123; reference:cve,2007-2795; reference:nessus,10125; classtype:attempted-user; sid:2101842; rev:16; metadata:created_at 2010_09_23, cve CVE_1999_0005, confidence High, signature_severity Major, updated_at 2019_07_26;)
No public exploits indexed.
Bugzilla
CVE-2005-2458 gzip/zlib flaws (ipf)
bugzilla·2005-08-11·CVSS 5.0
CVE-2005-2458 [MEDIUM] CVE-2005-2458 gzip/zlib flaws (ipf)
CVE-2005-2458 gzip/zlib flaws (ipf)
+++ This bug was initially created as a clone of Bug #165679 +++
Tim Yamin from Gentoo noticed that some older security related bugs in the
decompression code had not been fixed in the kernel. This is fairly minor as
there are few places where the kernel decompresses arbitrary data. However it
could be a problem for things like zisofs (if someone mounts a malicious
filesystem), perhaps cslip or ppp too).
CAN-2005-2458
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
impact=low,source=vendorsec,public=19990625
CAN-2005-2459
http://bugs.gentoo.org/show_bug.cgi?id=94584
impact=low,source=vendorsec,public=20050531
Fix for 2.6 is here, pretty much identical for 2.4:
http://linux.bkbits.net:8080/linux-2.6/cset@42f3f4e9KIoV6pLtA430xgwjKh2V
Bugzilla
CVE-2005-2458 gzip/zlib flaws
bugzilla·2005-08-11·CVSS 5.0
CVE-2005-2458 [MEDIUM] CVE-2005-2458 gzip/zlib flaws
CVE-2005-2458 gzip/zlib flaws
+++ This bug was initially created as a clone of Bug #165679 +++
Tim Yamin from Gentoo noticed that some older security related bugs in the
decompression code had not been fixed in the kernel. This is fairly minor as
there are few places where the kernel decompresses arbitrary data. However it
could be a problem for things like zisofs (if someone mounts a malicious
filesystem), perhaps cslip or ppp too).
CAN-2005-2458
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
impact=low,source=vendorsec,public=19990625
CAN-2005-2459
http://bugs.gentoo.org/show_bug.cgi?id=94584
impact=low,source=vendorsec,public=20050531
Fix for 2.6 is here, pretty much identical for 2.4:
http://linux.bkbits.net:8080/linux-2.6/cset@42f3f4e9KIoV6pLtA430xgwjKh2V7g
D
Bugzilla
CVE-2005-2458 gzip/zlib flaws
bugzilla·2005-08-11·CVSS 5.0
CVE-2005-2458 [MEDIUM] CVE-2005-2458 gzip/zlib flaws
CVE-2005-2458 gzip/zlib flaws
Tim Yamin from Gentoo noticed that some older security related bugs in the
decompression code had not been fixed in the kernel. This is fairly minor as
there are few places where the kernel decompresses arbitrary data. However it
could be a problem for things like zisofs (if someone mounts a malicious
filesystem), perhaps cslip or ppp too).
CAN-2005-2458
http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html
impact=low,source=vendorsec,public=19990625
CAN-2005-2459
http://bugs.gentoo.org/show_bug.cgi?id=94584
impact=low,source=vendorsec,public=20050531
Fix for 2.6 is here, pretty much identical for 2.4:
http://linux.bkbits.net:8080/linux-2.6/cset@42f3f4e9KIoV6pLtA430xgwjKh2V7g
Discussion:
Sergey Vlasov has done some analysis on these issues an
http://marc.info/?l=bugtraq&m=111885787217807&w=2http://www.gulftech.org/?node=research&article_id=00082-06142005http://www.phparena.net/http://www.phparena.net/pafiledb_patch/http://marc.info/?l=bugtraq&m=111885787217807&w=2http://www.gulftech.org/?node=research&article_id=00082-06142005http://www.phparena.net/http://www.phparena.net/pafiledb_patch/
2005-06-15
Published