CyberSecurityBoard
Sponsor Register Login

CVE-2005-3519

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.

Publication date: Sun, 06 Nov 2005 17:03:00 +0000


Cyber News related to CVE-2005-3519

CVE-2005-3519 - Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the ...
7 years ago
CERT-UA warns of malware campaign conducted by threat actor UAC-0006 - Threat actors may have exploited a zero-day in older iPhones, Apple warns. Microsoft fixed two zero-day bugs exploited in malware attacks. Threat actors actively exploit JetBrains TeamCity flaws to deliver malware. Recent DarkGate campaign exploited ...
1 year ago Securityaffairs.com CVE-2023-49103 CVE-2023-46747 CVE-2023-46748 CVE-2023-4966 CVE-2023-3519
CVE-2008-3519 - The default configuration of the JBossAs component in Red Hat JBoss Enterprise Application Platform (aka JBossEAP or EAP), possibly 4.2 before CP04 and 4.3 before CP02, when a production environment is enabled, sets the DownloadServerClasses property ...
7 years ago
Silk Typhoon hackers now target IT supply chains to breach networks - Microsoft warns that Chinese cyber-espionage threat group 'Silk Typhoon' has shifted its tactics, now targeting remote management tools and cloud services in supply chain attacks that give them access to downstream customers. Microsoft reports that ...
2 months ago Bleepingcomputer.com CVE-2024-3400
CVE-2021-3519 - A vulnerability was reported in some Lenovo Desktop models that could allow unauthorized access to the boot menu, when the "BIOS Password At Boot Device List" BIOS setting is Yes. ...
3 years ago
CVE-2009-3519 - Multiple memory leaks in the IP module in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_109, allow local users to cause a denial of service (memory consumption) via vectors related to (1) M_DATA, (2) M_PROTO, (3) M_PCPROTO, and ...
3 years ago
CVE-2010-3519 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.28 and 8.50.12 allows remote authenticated users to affect integrity via unknown vectors. ...
14 years ago
CVE-2011-3519 - Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 12.1.2 and 12.1.3 allows remote authenticated users to affect confidentiality, related to REST Services. ...
12 years ago
CVE-2012-3519 - routerlist.c in Tor before 0.2.2.38 uses a different amount of time for relay-list iteration depending on which relay is chosen, which might allow remote attackers to obtain sensitive information about relay selection via a timing side-channel ...
11 years ago
CVE-2013-3519 - lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows guest OS is used, allows guest OS users to gain guest ...
11 years ago
CVE-2016-3519 - Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via vectors related to PC / Get Shortcut. ...
7 years ago
CVE-2007-3519 - SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2014-3519 - The open_by_handle_at function in vzkernel before 042stab090.5 in the OpenVZ modification for the Linux kernel 2.6.32, when using simfs, might allow local container users with CAP_DAC_READ_SEARCH capability to bypass an intended container protection ...
7 years ago
CVE-2006-3519 - Multiple cross-site scripting (XSS) vulnerabilities in The Banner Engine (tbe) 4.0 allow remote attackers to execute arbitrary web script or HTML via the (1) text parameter in a search action to (a) top.php, and the (2) adminpass or (3) adminlogin ...
6 years ago
CVE-2017-3519 - Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Security). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated ...
5 years ago
CVE-2020-3519 - A vulnerability in a specific REST API method of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to conduct a path traversal attack on an affected device. The vulnerability is due to insufficient ...
4 years ago
CVE-2022-3519 - A vulnerability classified as problematic was found in SourceCodester Sanitization Management System 1.0. Affected by this vulnerability is an unknown functionality of the component Quote Requests Tab. The manipulation of the argument Manage Remarks ...
2 years ago
CVE-2024-26935 - In the Linux kernel, the following vulnerability has been resolved: ...
11 months ago
CVE-2024-3519 - The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the lang parameter in all versions up to, and including, 3.15 due to insufficient input sanitization and output escaping. This makes it possible for ...
1 year ago
CVE-2023-3519 - Unauthenticated remote code execution ...
3 months ago
CVE-2025-3519 - An authorization bypass in Unblu Spark allows a participant of a conversation to replace an existing, uploaded file. ...
1 month ago
CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago
CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago
CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago
CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)