CVE-2007-4409

Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives.

Publication date: Sun, 19 Aug 2007 02:17:00 +0000

Cyber News related to CVE-2007-4409

CVE-2008-4422 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2008-4409. Reason: This candidate is a duplicate of CVE-2008-4409. Notes: All CVE users should reference CVE-2008-4409 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2015-2503 - Microsoft Access 2007 SP3, Excel 2007 SP3, InfoPath 2007 SP3, OneNote 2007 SP3, PowerPoint 2007 SP3, Project 2007 SP3, Publisher 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2007 IME (Japanese) SP3, Access 2010 SP2, Excel 2010 SP2, InfoPath 2010 ...
6 years ago

CVE-2007-4409 - Race condition in ircu 2.10.12.01 through 2.10.12.05 allows remote attackers to set a new Apass during a netburst by arranging for ops privilege to be granted before the mode arrives. ...
6 years ago

CVE-2008-4409 - libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of ...
7 years ago

CVE-2011-1467 - Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a ...
6 years ago

CVE-2005-4409 - Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. ...
16 years ago

CVE-2009-4409 - The (1) CHAP and (2) MS-CHAP-V2 authentication capabilities in the PPP Access Concentrator (PPPAC) function in Internet Initiative Japan SEIL/B1 firmware 1.00 through 2.52 use the same challenge for each authentication attempt, which allows remote ...
15 years ago

CVE-2006-4409 - The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that ...
13 years ago

CVE-2012-4409 - Stack-based buffer overflow in the check_file_head function in extra.c in mcrypt 2.6.8 and earlier allows user-assisted remote attackers to execute arbitrary code via an encrypted file with a crafted header containing long salt data that is not ...
11 years ago

CVE-2015-4409 - Buffer overflow on Hikvision NVR DS-76xxNI-E1/2 and DS-77xxxNI-E4 devices before 3.4.0 allows remote authenticated users to cause a denial of service (service interruption) via a crafted HTTP request, aka the SDK issue. ...
7 years ago

CVE-2011-4409 - The Ubuntu One Client for Ubuntu 10.04 LTS, 11.04, 11.10, and 12.04 LTS does not properly validate SSL certificates, which allows remote attackers to spoof a server and modify or read sensitive information via a man-in-the-middle (MITM) attack. ...
7 years ago

CVE-2014-4409 - WebKit in Apple iOS before 8 makes it easier for remote attackers to track users during private browsing via a crafted web site that reads HTML5 application-cache data that had been stored during normal browsing. ...
7 years ago

CVE-2010-4409 - Integer overflow in the NumberFormatter::getSymbol (aka numfmt_get_symbol) function in PHP 5.3.3 and earlier allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument. ...
6 years ago

CVE-2018-4409 - A resource exhaustion issue was addressed with improved input validation. This issue affected versions prior to iOS 12.1, tvOS 12.1, Safari 12.0.1, iTunes 12.9.1, iCloud for Windows 7.8. ...
5 years ago

CVE-2019-4409 - HCL Traveler versions 9.x and earlier are susceptible to cross-site scripting attacks. On the Problem Report page of the Traveler servlet pages, there is a field to specify a file attachment to provide additional problem details. An invalid file name ...
5 years ago

CVE-2013-4409 - An eval() vulnerability exists in Python Software Foundation Djblets 0.7.21 and Beanbag Review Board before 1.7.15 when parsing JSON requests. ...
5 years ago

CVE-2020-4409 - IBM Maximo Asset Management 7.6.0 and 7.6.1 could allow a remote attacker to conduct phishing attacks, using a tabnabbing attack. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to ...
4 years ago

CVE-2022-4409 - Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. ...
1 year ago

CVE-2021-4409 - The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it ...
1 year ago

CVE-2023-4409 - A vulnerability, which was classified as critical, has been found in NBS&HappySoftWeChat 1.1.6. Affected by this issue is some unknown functionality. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit ...
1 year ago

CVE-2017-4409 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2024-26875 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

CVE-2024-4409 - The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated ...
8 months ago

CVE-2013-6078 - The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which makes it easier for context-dependent attackers to ...
10 years ago

CVE-2016-0012 - Microsoft Office 2007 SP3, Excel 2007 SP3, PowerPoint 2007 SP3, Visio 2007 SP3, Word 2007 SP3, Office 2010 SP2, Excel 2010 SP2, PowerPoint 2010 SP2, Visio 2010 SP2, Word 2010 SP2, Office 2013 SP1, Excel 2013 SP1, PowerPoint 2013 SP1, Visio 2013 SP1, ...
6 years ago

Latest Cyber News

CVE-2025-24973 - 19 hours ago
CVE-2025-24976 - 19 hours ago
CVE-2025-24807 - 19 hours ago
CVE-2025-24896 - 19 hours ago
CVE-2025-24897 - 19 hours ago
CVE-2025-24900 - 19 hours ago
CVE-2025-22467 - 19 hours ago
CVE-2024-47908 - 19 hours ago
CVE-2024-13813 - 19 hours ago
CVE-2024-13830 - 19 hours ago
CVE-2024-13842 - 19 hours ago
CVE-2024-13843 - 19 hours ago
CVE-2024-10644 - 19 hours ago
CVE-2024-11771 - 19 hours ago
CVE-2024-12058 - 19 hours ago
CVE-2024-12797 - 19 hours ago
CVE-2024-33659 - 20 hours ago
CVE-2025-1231 - 21 hours ago
CVE-2025-26492 - 21 hours ago
CVE-2025-26493 - 21 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-10334 - 1 day ago
CVE-2025-1149 - 1 day ago
CVE-2024-11831 - 1 day ago
CVE-2024-12133 - 1 day ago
CVE-2024-12243 - 1 day ago
CVE-2024-57950 - 1 day ago
CVE-2025-21686 - 1 day ago
CVE-2025-21687 - 1 day ago
CVE-2025-21688 - 1 day ago
CVE-2025-21689 - 1 day ago
CVE-2025-21690 - 1 day ago
CVE-2025-21691 - 1 day ago
CVE-2025-21692 - 1 day ago
CVE-2025-21693 - 1 day ago
CVE-2025-24031 - 1 day ago
CVE-2025-24032 - 1 day ago
CVE-2025-24892 - 1 day ago
CVE-2025-25186 - 1 day ago
CVE-2025-1150 - 1 day ago
CVE-2025-1151 - 1 day ago