CVE-2009-1278

Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php.

Publication date: Thu, 09 Apr 2009 21:27:00 +0000


Cyber News related to CVE-2009-1278

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2007-1278 - Unspecified vulnerability in the IIS connector in Adobe JRun 4.0 Updater 6, and ColdFusion MX 6.1 and 7.0 Enterprise, when using Microsoft IIS 6, allows remote attackers to cause a denial of service via unspecified vectors, involving the request of a ...
5 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2024-49934 - In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See ...
2 months ago Tenable.com
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago
CVE-2009-1278 - Static code injection vulnerability in forms/ajax/configure.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to inject arbitrary PHP code into config.php via the configure action to index.php. ...
7 years ago
CVE-2019-1215 - An elevation of privilege vulnerability exists in the way that ws2ifsl.sys (Winsock) handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1253, CVE-2019-1278, CVE-2019-1303. ...
4 years ago
CVE-2019-1253 - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of ...
4 years ago
CVE-2019-1303 - An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of ...
4 years ago
CVE-2019-1278 - An elevation of privilege vulnerability exists in the way that the unistore.dll handles objects in memory, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1253, CVE-2019-1303. ...
4 years ago
CVE-2020-1257 - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from ...
3 years ago
CVE-2020-1293 - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from ...
3 years ago
CVE-2020-1278 - An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from ...
3 years ago
CVE-2013-1278 - Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
2 months ago
CVE-2013-1279 - Race condition in the kernel in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT allows local users to gain ...
4 years ago
CVE-2003-1278 - Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into IMG tags. ...
16 years ago
CVE-2001-1278 - Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags. ...
16 years ago
CVE-2002-1278 - The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open ...
16 years ago
CVE-2016-1278 - Juniper Junos OS before 12.1X46-D50 on SRX Series devices reverts to "safe mode" authentication and allows root CLI logins without a password after a failed upgrade to 12.1X46, which might allow local users to gain privileges by leveraging ...
8 years ago
CVE-2017-1278 - IBM DOORS Next Generation (DNG/RRC) 4.0, 5.0 and 6.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting ...
7 years ago
CVE-2004-1278 - Buffer overflow in the switch_voice function in parse.c for jcabc2ps 20040902 allows remote attackers to execute arbitrary code via a crafted ABC file. ...
7 years ago
CVE-1999-1278 - nlog CGI scripts do not properly filter shell metacharacters from the IP address argument, which could allow remote attackers to execute certain commands via (1) nlog-smb.pl or (2) rpc-nlog.pl. ...
7 years ago
CVE-2010-1278 - Buffer overflow in the Atlcom.get_atlcom ActiveX control in gp.ocx in Adobe Download Manager, as used in Adobe Reader and Acrobat 8.x before 8.2 and 9.x before 9.3, allows remote attackers to execute arbitrary code via unspecified parameters. ...
6 years ago
CVE-2008-1278 - The RemotelyAnywhere.exe service in the Remotely Anywhere Server and Workstation 8.0.668 and earlier allows remote attackers to cause a denial of service (crash) via an invalid Accept-Charset header, which triggers a NULL pointer dereference. NOTE: ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)