CyberSecurityBoard
Sponsor Register Login

CVE-2009-0303

Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa.

Publication date: Wed, 28 Jan 2009 02:30:00 +0000


Cyber News related to CVE-2009-0303

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago
CVE-2009-0303 - Cross-site scripting (XSS) vulnerability in Web Help Desk before 9.1.18 allows remote attackers to inject arbitrary web script or HTML via vectors related to "encoded JavaScript" and Helpdesk.woa. ...
15 years ago
CVE-2013-7344 - Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue was SPLIT from CVE-2013-0303 due to different ...
10 years ago
CVE-2013-0303 - Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this entry has been SPLIT due to different affected ...
10 years ago
CVE-2015-0306 - Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and ...
7 years ago
CVE-2015-0303 - Adobe Flash Player before 13.0.0.260 and 14.x through 16.x before 16.0.0.257 on Windows and OS X and before 11.2.202.429 on Linux, Adobe AIR before 16.0.0.245 on Windows and OS X and before 16.0.0.272 on Android, Adobe AIR SDK before 16.0.0.272, and ...
7 years ago
CVE-2014-0303 - Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2014-0302 - Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2001-0303 - tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to determine the physical path of the server via a URL that requests a non-existent file. ...
16 years ago
CVE-2006-0303 - Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. ...
16 years ago
CVE-2000-0303 - Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack. ...
16 years ago
CVE-2008-0303 - The FTP print feature in multiple Canon printers, including imageRUNNER and imagePRESS, allow remote attackers to use the server as an inadvertent proxy via a modified PORT command, aka FTP bounce. ...
15 years ago
CVE-2007-0303 - Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs." ...
13 years ago
CVE-2012-0303 - Multiple cross-site request forgery (CSRF) vulnerabilities in Brightmail Control Center in Symantec Message Filter 6.3 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) execute application commands or (2) ...
12 years ago
CVE-2002-0303 - GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. ...
8 years ago
CVE-2003-0303 - SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers to modify arbitrary ticket number descriptions via the sg parameter. ...
8 years ago
CVE-2004-0303 - OWLS 1.0 allows remote attackers to retrieve arbitrary files via absolute pathnames in (1) the file parameter in /glossaries/index.php, (2) the filename parameter in /readings/index.php, or (3) the filename parameter in ...
7 years ago
CVE-2005-0303 - Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error ...
7 years ago
CVE-2010-0303 - mystring.c in hybserv in IRCD-Hybrid (aka Hybrid2 IRC Services) 1.9.2 through 1.9.4 allows remote attackers to cause a denial of service (daemon crash) via a ":help \t" private message to the MemoServ service. ...
7 years ago
CVE-2016-0303 - Cross-site scripting (XSS) vulnerability in IBM Tivoli Integrated Portal 2.2.0.0 through 2.2.0.15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago
CVE-2019-0303 - SAP BusinessObjects Business Intelligence Platform (Administration Console), versions 4.2, 4.3, module BILogon/appService.jsp is reflecting requested parameter errMsg into response content without sanitation. This could be used by an attacker to ...
5 years ago
CVE-2017-0303 - In F5 BIG-IP LTM, AAM, AFM, Analytics, APM, ASM, DNS, GTM, Link Controller, PEM and Websafe software version 13.0.0, 12.0.0 to 12.1.2 and 11.5.1 to 11.6.1, under limited circumstances connections handled by a Virtual Server with an associated SOCKS ...
5 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)