CVE-2009-1409

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.

Publication date: Fri, 24 Apr 2009 19:30:00 +0000

Cyber News related to CVE-2009-1409

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2015-1410 -

medium

CVE-2015-1409 ...
54 years ago Tenable.com

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-1409 - SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when "Extended User Fields" is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different ...
7 years ago

CVE-2001-1409 - dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with insecure permissions (666), which allows local users to replace or create files in the root file system. ...
14 years ago

CVE-2012-1409 - Unspecified vulnerability in the Tiny Password (com.tinycouch.android.freepassword) application 1.64 for Android has unknown impact and attack vectors. ...
12 years ago

CVE-2013-1409 - Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/admin-ajax.php. ...
10 years ago

CVE-1999-1409 - The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail. ...
8 years ago

CVE-2004-1409 - Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. ...
8 years ago

CVE-2006-1409 - Buffer overflow in Vavoom 1.19.1 and earlier allows remote attackers to cause a denial of service (application crash) via an invalid comprLength value in a compressed packet. ...
1 year ago

CVE-2003-1409 - TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message. ...
7 years ago

CVE-2016-1409 - The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS XE 2.1 through 3.17S, IOS XR 2.0.0 through 5.3.2, and NX-OS allows remote attackers to cause a denial of service (packet-processing outage) via crafted ND messages, ...
7 years ago

CVE-2011-1409 - Frams's Fast File EXchange (F*EX, aka fex) 20100208, and possibly other versions before 20110610, allows remote attackers to bypass authentication and upload arbitrary files via a request that lacks an authentication ID. ...
7 years ago

CVE-2010-1409 - Incomplete blacklist vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to trigger disclosure of data over IRC via vectors involving an IRC service ...
7 years ago

CVE-2008-1409 - Multiple directory traversal vulnerabilities in the Default theme in Exero CMS 1.0.1 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme parameter to (1) index.php, (2) editpassword.php, ...
7 years ago

CVE-2002-1409 - ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state." ...
7 years ago

CVE-2007-1409 - WordPress allows remote attackers to obtain sensitive information via a direct request for wp-admin/admin-functions.php, which reveals the path in an error message. ...
6 years ago

CVE-2005-1409 - PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion ...
1 year ago

CVE-2018-1409 - IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by ...
5 years ago

CVE-2017-1409 - IBM Security Identity Governance Virtual Appliance 5.2 through 5.2.3.2 discloses sensitive information to unauthorized users. The information can be used to mount further attacks on the system. IBM X-Force ID: 127396. ...
5 years ago

CVE-2014-1409 - MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords ...
4 years ago

CVE-2019-1409 - An information disclosure vulnerability exists when the Windows Remote Procedure Call (RPC) runtime improperly initializes objects in memory, aka 'Windows Remote Procedure Call Information Disclosure Vulnerability'. ...
4 years ago

CVE-2020-1409 - A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. ...
3 years ago

Latest Cyber News

CVE-2024-12884 - 10 hours ago
CVE-2024-51463 - 10 hours ago
CVE-2024-51464 - 10 hours ago
CVE-2024-12883 - 11 hours ago
CVE-2024-12875 - 12 hours ago
CVE-2024-12591 - 14 hours ago
CVE-2024-12408 - 14 hours ago
CVE-2024-12558 - 14 hours ago
CVE-2024-11722 - 14 hours ago
CVE-2024-11688 - 14 hours ago
CVE-2024-10453 - 14 hours ago
CVE-2024-11808 - 15 hours ago
CVE-2024-12588 - 15 hours ago
CVE-2024-9545 - 15 hours ago
CVE-2024-10797 - 15 hours ago
CVE-2024-12262 - 17 hours ago
CVE-2024-12635 - 17 hours ago
CVE-2024-12697 - 17 hours ago
CVE-2024-12721 - 17 hours ago
CVE-2024-12771 - 17 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-12841 - 1 day ago
CVE-2024-37758 - 1 day ago
CVE-2024-55342 - 1 day ago
CVE-2024-12842 - 1 day ago
CVE-2024-12867 - 1 day ago
CVE-2024-55341 - 1 day ago
CVE-2024-56329 - 1 day ago
CVE-2024-56330 - 1 day ago
CVE-2024-56331 - 1 day ago
CVE-2024-56333 - 1 day ago
CVE-2024-12843 - 1 day ago
CVE-2024-12844 - 1 day ago
CVE-2024-40875 - 1 day ago
CVE-2024-55509 - 1 day ago
CVE-2024-56334 - 1 day ago
CVE-2024-56335 - 1 day ago
CVE-2024-56357 - 1 day ago
CVE-2024-56358 - 1 day ago
CVE-2024-56359 - 1 day ago
CVE-2020-13712 - 1 day ago