CyberSec.Space Logo
Back to CVE Browser

CVE-2005-2286

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile12.17th
PublishedJul 18, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

WebEOC before 6.0.2 does not properly check user authorization, which allows remote attackers to gain privileges via a direct request to a resource.

Affected Platforms (CPE)

πŸ“¦
Esi Products

Webeoc

<= 6.0.1

References & Advisories

πŸ”— http://www.kb.cert.org/vuls/id/258834
πŸ”— http://www.kb.cert.org/vuls/id/JGEI-6BWLWG
πŸ”— http://www.kb.cert.org/vuls/id/258834
πŸ”— http://www.kb.cert.org/vuls/id/JGEI-6BWLWG

Related Vulnerabilities

CVE-2005-22847.5

Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow remote attackers to modify SQL statements via unknown attack v...

CVE-2005-22817.5

WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which makes it easier for attackers to crack passwords.

CVE-2005-40295.0

WebEOC before 6.0.2 allows remote attackers to obtain valid usernames via the HTML source of the WebEOC login webpage, which could...

CVE-2005-22855.0

WebEOC before 6.0.2 stores sensitive information in locations such as URIs, web pages, and configuration files, which allows remot...