Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 485

Warning: Undefined variable $scrape_url_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 525

Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CVE-2009-20001

An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access to a user's cookie to login as them.

Publication date: Mon, 08 Mar 2021 02:15:00 +0000

Cyber News related to CVE-2009-20001

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2022-40735 - The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive, because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used ...
1 year ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2009-20001 - An issue was discovered in MantisBT before 2.24.5. It associates a unique cookie string with each user. This string is not reset upon logout (i.e., the user session is still considered valid and active), allowing an attacker who somehow gained access ...
4 years ago

CVE-2022-42906 - powerline-gitstatus (aka Powerline Gitstatus) before 1.3.2 allows arbitrary code execution. git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. When using ...
2 years ago

VMWare Patches Two Critical Vulnerabilities - How to Stay Secure - VMWare, one of the leading providers in virtualization solutions, recently released patches for two critical vulnerabilities. The vulnerabilities, identified as CVE-2023-10000 and CVE-2023-20001, have been determined to have severe security ...
2 years ago Thehackernews.com

CVE-2012-20001 - PrestaShop before 1.5.2 allows XSS via the "<object data'data:text/html" substring in the message field. ...
3 years ago

CVE-2002-20001 - The Diffie-Hellman Key Agreement Protocol allows remote attackers (from the client side) to send arbitrary numbers that are actually not public keys, and trigger expensive server-side DHE modular-exponentiation calculations, aka a D(HE)at or ...
1 year ago

CVE-2018-20001 - In Libav 12.3, there is a floating point exception in the range_decode_culshift function (called from range_decode_bits) in libavcodec/apedec.c that will lead to remote denial of service via crafted input. ...
6 years ago

CVE-2016-20001 - The REST/JSON project 7.x-1.x for Drupal allows node access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy. ...
4 years ago

CVE-2017-20001 - The AES encryption project 7.x and 8.x for Drupal does not sufficiently prevent attackers from decrypting data, aka SA-CONTRIB-2017-027. NOTE: This project is not covered by Drupal's security advisory policy. ...
4 years ago

CVE-2013-20001 - An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses via the sharenfs feature, there is a silent failure to parse the IPv6 address data, and access is allowed to everyone. IPv6 restrictions from the ...
1 year ago

CVE-2015-20001 - In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory ...
4 years ago

CVE-2019-20001 - An issue was discovered in RICOH Streamline NX Client Tool and RICOH Streamline NX PC Client that allows attackers to escalate local privileges. ...
4 years ago

CVE-2021-20001 - It was discovered, that debian-edu-config, a set of configuration files used for the Debian Edu blend, before 2.12.16 configured insecure permissions for the user web shares (~/public_html), which could result in privilege escalation. ...
3 years ago

CVE-2007-20001 - A flaw was found in StarWind iSCSI target. An attacker could script standard iSCSI Initiator operation(s) to exhaust the StarWind service socket, which could lead to denial of service. This affects iSCSI SAN (Windows Native) Version 3.2.2 build ...
3 years ago

CVE-2006-20001 - A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. ...
1 year ago

CVE-2024-20001 - In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ...
1 year ago

CVE-2003-20001 - An issue was discovered on Mitel ICP VoIP 3100 devices. When a remote user attempts to log in via TELNET during the login wait time and an external call comes in, the system incorrectly divulges information about the call and any SMDR records ...
5 months ago

CVE-2025-20001 - An out-of-bounds read vulnerability exists in High-Logic FontCreator 15.0.0.3015. A specially crafted font file can trigger this vulnerability which can lead to disclosure of sensitive information. An attacker needs to trick the user into opening the ...
3 months ago

CVE-2022-20001 - fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When ...
1 year ago

CVE-2008-20001 - activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in ...
1 week ago

CVE-2009-4778 - Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow ...
15 years ago