CVE-2009-1466

Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file.

Publication date: Thu, 14 May 2009 22:30:00 +0000

Cyber News related to CVE-2009-1466

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-1466 - Application Access Server (A-A-S) 2.0.48 stores (1) passwords and (2) the port keyword in cleartext in aas.ini, which allows local users to obtain sensitive information by reading this file. ...
6 years ago

CVE-2019-1467 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1466. ...
5 years ago

CVE-2019-1466 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1465, CVE-2019-1467. ...
4 years ago

CVE-2019-1465 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1466, CVE-2019-1467. ...
4 years ago

CVE-2007-1466 - Integer overflow in the WP6GeneralTextPacket::_readContents function in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary ...
6 years ago

CVE-2007-2290 - Multiple PHP remote file inclusion vulnerabilities in B2 Weblog and News Publishing Tool 0.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the b2inc parameter to (1) b2archives.php, (2) b2categories.php, or (3) b2mail.php. ...
6 years ago

CVE-2024-1466 - The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘slider_style’ attribute of the Posts Multislider widget in all versions up to, and including, 8.3.4 due to insufficient input sanitization ...
8 months ago Tenable.com

CVE-2007-0002 - Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect ...
6 years ago

CVE-1999-1466 - Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote attackers to bypass access control lists when extended IP access lists are used on certain interfaces, the IP route cache is enabled, and the access list uses the ...
16 years ago

CVE-2002-1466 - CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows remote attackers to execute arbitrary PHP code via the b2inc variable. ...
16 years ago

CVE-2003-1466 - Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php. ...
16 years ago

CVE-2001-1466 - Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the SSH-1 protocol, allows remote attackers to execute arbitrary code via a long (1) username or (2) password. ...
7 years ago

CVE-2004-1466 - The set_time_limit function in Gallery before 1.4.4_p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using save_photos.php, which allows remote attackers to upload and execute execute arbitrary ...
7 years ago

CVE-2006-1466 - Xcode Tools before 2.3 for Mac OS X 10.4, when running the WebObjects plugin, allows remote attackers to access or modify WebObjects projects through a network service. ...
7 years ago

CVE-2008-1466 - Multiple PHP remote file inclusion vulnerabilities in W-Agora 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the bn_dir_default parameter to (1) add_user.php, (2) create_forum.php, (3) create_user.php, (4) delete_notes.php, (5) ...
7 years ago

CVE-2016-1466 - Cisco Unified Communications Manager IM and Presence Service 9.1(1) SU6, 9.1(1) SU6a, 9.1(1) SU7, 10.5(2) SU2, 10.5(2) SU2a, 11.0(1) SU1, and 11.5(1) allows remote attackers to cause a denial of service (sipd process restart) via crafted headers in a ...
7 years ago

CVE-2010-1466 - Directory traversal vulnerability in scr/soustab.php in openUrgence Vaccin 1.03 allows remote attackers to read arbitrary files via the dsn[phptype] parameter. ...
7 years ago

CVE-2012-1466 - The Traffic Grapher Server for NetMechanica NetDecision before 4.6.1 allows remote attackers to obtain the source code of NtDecision script files with a .nd extension via an invalid version number in an HTTP request, as demonstrated using default.nd. ...
7 years ago

CVE-2013-1466 - Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2) address1, (3) address2, (4) calendar_type, (5) city, (6) ...
7 years ago

CVE-2014-1466 - SQL injection vulnerability in CSP MySQL User Manager 2.3 allows remote attackers to execute arbitrary SQL commands via the login field of the login page. ...
7 years ago

CVE-2005-1466 - Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors. ...
7 years ago

Latest Cyber News

CVE-2024-11858 - 1 hour ago
CVE-2024-7701 - 4 hours ago
CVE-2024-56082 - 10 hours ago
CVE-2024-56074 - 11 hours ago
CVE-2024-55969 - 11 hours ago
CVE-2024-56072 - 12 hours ago
CVE-2024-56073 - 12 hours ago
CVE-2024-55970 - 12 hours ago
CVE-2024-31892 - 1 day ago
CVE-2024-31891 - 1 day ago
CVE-2024-11721 - 1 day ago
CVE-2024-11720 - 1 day ago
CVE-2024-12446 - 1 day ago
CVE-2024-12628 - 1 day ago
CVE-2024-11711 - 1 day ago
CVE-2024-11712 - 1 day ago
CVE-2024-11713 - 1 day ago
CVE-2024-11714 - 1 day ago
CVE-2024-11715 - 1 day ago
CVE-2024-11710 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-55970 - 12 hours ago
CVE-2024-56072 - 12 hours ago
CVE-2024-56073 - 12 hours ago
CVE-2024-55969 - 11 hours ago
CVE-2024-56074 - 11 hours ago
CVE-2024-56082 - 10 hours ago
CVE-2024-7701 - 4 hours ago
CVE-2024-11858 - 1 hour ago
CVE-2022-43472 - 2 days ago
CVE-2022-44578 - 2 days ago
CVE-2022-45806 - 2 days ago
CVE-2022-45819 - 2 days ago
CVE-2022-45826 - 2 days ago
CVE-2022-45840 - 2 days ago
CVE-2022-45841 - 2 days ago
CVE-2022-46795 - 2 days ago
CVE-2022-46796 - 2 days ago
CVE-2022-46807 - 2 days ago
CVE-2022-46811 - 2 days ago
CVE-2022-46838 - 2 days ago