CVE-2005-4850

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

Publication date: Sat, 31 Dec 2005 11:00:00 +0000

Cyber News related to CVE-2005-4850

CVE-2005-4850 - eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users. ...
5 years ago

CVE-2007-4850 - curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different ...
6 years ago

CVE-2011-4850 - The Control Panel in Parallels Plesk Panel 10.4.4_build20111103.18 does not include the HTTPOnly flag in a Set-Cookie header for a cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to ...
13 years ago

CVE-2010-4850 - Multiple cross-site scripting (XSS) vulnerabilities in Diferior 8.03 allow remote attackers to inject arbitrary web script or HTML via the (1) post_content parameter to post/edit/2/p1.html, related to views/post.php; the (2) slogan parameter to ...
12 years ago

CVE-2014-4850 - SQL injection vulnerability in index.php in FoeCMS allows remote attackers to execute arbitrary SQL commands via the i parameter. ...
10 years ago

CVE-2015-4850 - Unspecified vulnerability in the PeopleSoft Enterprise HCM component in Oracle PeopleSoft Products 9.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Talent Acquisition Management. ...
8 years ago

CVE-2016-4850 - LINE for Windows before 4.8.3 allows man-in-the-middle attackers to execute arbitrary code. ...
7 years ago

CVE-2009-4850 - The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file. ...
1 year ago

CVE-2012-4850 - IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors. ...
7 years ago

CVE-2006-4850 - PHP remote file inclusion vulnerability in system/_b/contentFiles/gBIndex.php in BolinOS 4.5.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gBRootPath parameter. Successful exploitation requires that ...
6 years ago

CVE-2018-4850 - A vulnerability has been identified in SIMATIC S7-400 (incl. F) CPU hardware version 4.0 and below (All versions), SIMATIC S7-400 (incl. F) CPU hardware version 5.0 (All firmware versions < V5.2), SIMATIC S7-400H CPU hardware version 4.5 and below ...
5 years ago

CVE-2020-4850 - IBM Spectrum Scale 1.1.1.0 through 1.1.8.4 Transparent Cloud Tiering could allow a remote attacker to obtain sensitive information, caused by the leftover files after configuration. IBM X-Force ID: 190298. ...
3 years ago

CVE-2022-4850 - Cross-Site Request Forgery (CSRF) in GitHub repository usememos/memos prior to 0.9.1. ...
2 years ago

CVE-2023-4850 - A vulnerability, which was classified as critical, was found in IBOS OA 4.5.5. This affects an unknown part of the file ?rdashboard/position/del. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has ...
1 year ago

CVE-2008-4850 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2008. Notes: none ...
55 years ago Tenable.com

CVE-2017-4850 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2005-0067 - The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as ...
16 years ago

CVE-2005-0065 - The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it ...
16 years ago

CVE-2005-0066 - The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP ...
1 year ago

CVE-2005-0068 - The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) ...
16 years ago

CVE-2005-4531 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3345. Reason: This candidate is a duplicate of CVE-2005-3345. CVE-2005-3345 had already been assigned, but not published, before this candidate was created. Notes: All CVE users ...
55 years ago Tenable.com

CVE-2005-3122 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3424, CVE-2005-3425. Reason: this candidate was intended for one issue, but two different authoritative sources used it for two distinct issues. Notes: All CVE users should ...
55 years ago Tenable.com

CVE-2005-2965 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4802, CVE-2005-4803. Reason: this candidate was intended for one issue, but the description and references inadvertently combined multiple issues. Notes: All CVE users should ...
55 years ago Tenable.com

CVE-2005-2937 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-3663, CVE-2005-3664. Reason: this candidate was intended for one issue, but multiple advisories used this candidate for different issues. Notes: All CVE users should consult ...
55 years ago Tenable.com

CVE-2005-2802 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2872, CVE-2005-2873. Reason: this candidate's description originally combined two separate issues. Notes: All CVE users should consult CVE-2005-2872 and CVE-2005-2873 to ...
55 years ago Tenable.com

Latest Cyber News

CVE-2025-24982 - 5 hours ago
CVE-2025-22475 - 7 hours ago
CVE-2025-1003 - 10 hours ago
CVE-2025-0148 - 11 hours ago
CVE-2025-24957 - 12 hours ago
CVE-2025-24958 - 12 hours ago
CVE-2025-22129 - 12 hours ago
CVE-2025-23210 - 12 hours ago
CVE-2025-24029 - 12 hours ago
CVE-2025-24371 - 12 hours ago
CVE-2025-24901 - 12 hours ago
CVE-2025-24902 - 12 hours ago
CVE-2025-24905 - 12 hours ago
CVE-2025-24906 - 12 hours ago
CVE-2024-35177 - 12 hours ago
CVE-2024-47770 - 12 hours ago
CVE-2025-24960 - 13 hours ago
CVE-2025-24961 - 13 hours ago
CVE-2025-24962 - 13 hours ago
CVE-2025-22918 - 13 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-20141 - 1 day ago
CVE-2024-20142 - 1 day ago
CVE-2024-20147 - 1 day ago
CVE-2025-20631 - 1 day ago
CVE-2025-20632 - 1 day ago
CVE-2025-20633 - 1 day ago
CVE-2025-20634 - 1 day ago
CVE-2025-20635 - 1 day ago
CVE-2025-20636 - 1 day ago
CVE-2025-20637 - 1 day ago
CVE-2025-20638 - 1 day ago
CVE-2025-20639 - 1 day ago
CVE-2025-20640 - 1 day ago
CVE-2025-20641 - 1 day ago
CVE-2025-20642 - 1 day ago
CVE-2025-20643 - 1 day ago
CVE-2025-25062 - 1 day ago
CVE-2025-25063 - 1 day ago
CVE-2024-57966 - 1 day ago
CVE-2024-13347 - 1 day ago