CVE-2006-3520

CVE-2006-3520 - PHP remote file inclusion vulnerability in skins/advanced/advanced1.php in Sabdrimer Pro 2.2.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pluginpath[0] parameter. ...
7 years ago

CVE-2008-1438 - Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (disk space exhaustion) via a file with ...
6 years ago

CVE-2008-1437 - Unspecified vulnerability in Microsoft Malware Protection Engine (mpengine.dll) 1.1.3520.0 and 0.1.13.192, as used in multiple Microsoft products, allows context-dependent attackers to cause a denial of service (engine hang and restart) via a crafted ...
6 years ago

CVE-2021-3520 - There's a flaw in lz4. An attacker who submits a crafted file to an application linked with lz4 may be able to trigger an integer overflow, leading to calling of memmove() on a negative size argument, causing an out-of-bounds write and/or a ...
1 year ago

CVE-2005-0612 - Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration. ...
16 years ago

CVE-2009-3520 - Cross-site request forgery (CSRF) vulnerability in the Your_account module in CMSphp 0.21 allows remote attackers to hijack the authentication of administrators for requests that change an administrator password via the pseudo, pwd, and uid ...
1 year ago

CVE-2010-3520 - Unspecified vulnerability in the PeopleSoft Enterprise HCM - GP France component in Oracle PeopleSoft and JDEdwards Suite 8.81 SP1 Bundle #12, 8.9 GP Update 2010-E, 9.0 GP Update 2010-E, and 9.1 GP Update 2010-E allows remote authenticated users to ...
14 years ago

CVE-2013-3520 - VMware vCenter Chargeback Manager (aka CBM) before 2.5.1 does not proper handle uploads, which allows remote attackers to execute arbitrary code via unspecified vectors. ...
12 years ago

CVE-2005-3520 - Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in ...
7 years ago

CVE-2011-3520 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.49, 8.50, and 8.51 allows remote authenticated users to affect integrity via unknown vectors related to Personalization. ...
7 years ago

CVE-2016-3520 - Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality via vectors related to AOL Diagnostic tests. ...
7 years ago

CVE-2007-3520 - SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter. ...
7 years ago

CVE-2008-3520 - Multiple integer overflows in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via a crafted image file, related to integer multiplication for memory allocation. ...
7 years ago

CVE-2020-3520 - A vulnerability in Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, local attacker to obtain confidential information from an affected device. The vulnerability is due to insufficient protection of confidential ...
4 years ago

CVE-2014-3520 - OpenStack Identity (Keystone) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2 allows remote authenticated trustees to gain access to an unauthorized project for which the trustor has certain roles via the project ID in a V2 API trust ...
2 years ago

CVE-2017-3520 - Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Fluid Core). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated ...
5 years ago

CVE-2012-3520 - The Netlink implementation in the Linux kernel before 3.2.30 does not properly handle messages that lack SCM_CREDENTIALS data, which might allow local users to spoof Netlink communication via a crafted message, as demonstrated by a message to (1) ...
2 years ago

CVE-2016-1559 - D-Link DAP-1353 H/W vers. B1 3.15 and earlier, D-Link DAP-2553 H/W ver. A1 1.31 and earlier, and D-Link DAP-3520 H/W ver. A1 1.16 and earlier reveal wireless passwords and administrative usernames and passwords over SNMP. ...
2 years ago

CVE-2022-3520 - Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.0765. ...
2 years ago

CVE-2023-3520 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6. ...
1 year ago

CVE-2024-28436 - Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the ...
1 year ago

CVE-2024-53160 - In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() ...
5 months ago Tenable.com

CVE-2024-3520 - The Country State City Dropdown CF7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tc_csca_patch_settings function in all versions up to, and including, 2.7.1. This makes it possible ...
10 months ago

CVE-2025-3520 - The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level ...
2 months ago

CVE-2024-56635 - In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() ...
5 months ago Tenable.com