CVE-2009-1459

Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code.

Publication date: Tue, 28 Apr 2009 21:30:00 +0000

Cyber News related to CVE-2009-1459

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
11 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
11 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-1459 - Cross-site request forgery (CSRF) vulnerability in razorCMS before 0.4 allows remote attackers to hijack the authentication of administrators for requests that create a web page containing PHP code. ...
6 years ago

CVE-2002-1459 - Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is off, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject. ...
15 years ago

CVE-2010-1459 - The default configuration of ASP.NET in Mono before 2.6.4 has a value of FALSE for the EnableViewStateMac property, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated by the __VIEWSTATE parameter to ...
6 months ago

CVE-2014-7592 - The FOL (aka com.desire2learn.fol.mobile.app.campuslife.directory) application 3.0.729.1459 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information ...
9 years ago

CVE-2001-1459 - OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication Module (PAM) session if commands are executed with no pty, which allows local users to bypass resource limits (rlimits) set in pam.d. ...
6 years ago

CVE-2004-1459 - Cisco Secure Access Control Server (ACS) 3.2, when configured as a Light Extensible Authentication Protocol (LEAP) RADIUS proxy, allows remote attackers to cause a denial of service (device crash) via certain LEAP authentication requests. ...
6 years ago

CVE-2003-1459 - Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ttForum allow remote attackers to execute arbitrary PHP code via the (1) template parameter in News.php or (2) installdir parameter in install.php. ...
6 years ago

CVE-2016-1459 - Cisco IOS 12.4 and 15.0 through 15.5 and IOS XE 3.13 through 3.17 allow remote authenticated users to cause a denial of service (device reload) via crafted attributes in a BGP message, aka Bug ID CSCuz21061. ...
6 years ago

CVE-2015-1459 - Cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator 3.0.0 allows remote attackers to inject arbitrary web script or HTML via the operation parameter to cert/scep/. ...
6 years ago

CVE-2008-1459 - SQL injection vulnerability in the Alberghi (com_alberghi) 2.1.3 and earlier component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. ...
6 years ago

CVE-2005-1459 - Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial ...
6 years ago

CVE-1999-1459 - BMC PATROL Agent before 3.2.07 allows local users to gain root privileges via a symlink attack on a temporary file. ...
6 years ago

CVE-2012-1459 - The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ...
6 years ago

CVE-2014-1459 - SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow ...
5 years ago

CVE-2007-1459 - Multiple PHP remote file inclusion vulnerabilities in WebCreator 0.2.6-rc3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the moddir parameter to (1) content/load.inc.php, (2) config/load.inc.php, (3) http/load.inc.php, ...
5 years ago

CVE-2006-1459 - Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV). ...
5 years ago

CVE-2011-1459 - The WebKit::WebPluginContainerImpl::handleEvent function in Google Chrome before Blink M11 allows an attacker to cause a denial of service (crash) via the htmlpluginelement.cpp plugin. ...
4 years ago

CVE-2018-1459 - IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 is vulnerable to stack based buffer overflow, caused by improper bounds checking which could lead an attacker to execute arbitrary code. IBM X-Force ID: ...
3 years ago

CVE-2017-1459 - IBM Security Access Manager Appliance 8.0.0 and 9.0.0 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. IBM X-Force ID: 128378. ...
3 years ago

CVE-2020-1459 - An information disclosure vulnerability exists on ARM implementations that use speculative execution in control flow via a side-channel analysis, aka "straight-line speculation." ...
5 months ago

CVE-2022-1459 - Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. ...
2 years ago

Latest Cyber News

CVE-2024-35973 - 1 hour ago
CVE-2023-52650 - 1 hour ago
CVE-2024-35922 - 3 hours ago
CVE-2023-52644 - 3 hours ago
CVE-2024-27395 - 4 hours ago
CVE-2024-36020 - 4 hours ago
CVE-2023-52656 - 4 hours ago
CVE-2024-35982 - 4 hours ago
CVE-2024-35997 - 4 hours ago
CVE-2024-35983 - 4 hours ago
CVE-2024-35930 - 4 hours ago
CVE-2024-27416 - 4 hours ago
CVE-2024-27413 - 4 hours ago
CVE-2024-35785 - 4 hours ago
CVE-2024-27388 - 4 hours ago
CVE-2024-27078 - 4 hours ago
CVE-2024-27077 - 4 hours ago
CVE-2024-27076 - 4 hours ago
CVE-2024-27074 - 4 hours ago
CVE-2024-27073 - 4 hours ago

Cyber Trends (last 7 days)

Okta - 6 months ago
23andMe - 6 months ago
Kimsuky - 6 months ago
LogoFAIL - 6 months ago
Gh0st rat - 6 months ago

Trending Cyber News (last 7 days)

CVE-2024-27395 - 4 hours ago
CVE-2024-34400 - 6 hours ago
CVE-2024-21740 - 6 hours ago
CVE-2024-21739 - 6 hours ago
CVE-2024-38516 - 6 hours ago
CVE-2024-37855 - 6 hours ago
CVE-2024-37843 - 6 hours ago
CVE-2024-35526 - 6 hours ago
CVE-2024-21741 - 6 hours ago
CVE-2024-5019 - 6 hours ago
CVE-2024-5018 - 6 hours ago
CVE-2024-5017 - 6 hours ago
CVE-2024-5016 - 6 hours ago
CVE-2024-5015 - 6 hours ago
CVE-2024-5014 - 6 hours ago
CVE-2024-5013 - 6 hours ago
CVE-2024-5012 - 6 hours ago
CVE-2024-37820 - 8 hours ago
CVE-2024-36819 - 8 hours ago
CVE-2024-5990 - 9 hours ago