CyberSecurityBoard
Sponsor Register Login

CVE-2009-2116

Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter.

Publication date: Fri, 19 Jun 2009 02:30:00 +0000


Cyber News related to CVE-2009-2116

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago
CVE-2009-2116 - Directory traversal vulnerability in admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to list directory contents via a .. (dot dot) in the dir parameter. ...
6 years ago
CVE-2005-2116 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1921. Reason: This candidate is a duplicate of CVE-2005-1921. Notes: All CVE users should reference CVE-2005-1921 instead of this candidate. All references and descriptions in ...
54 years ago Tenable.com
CVE-2011-2111 - IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2115 and CVE-2011-2116. ...
13 years ago
CVE-2011-2116 - IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-2111 and CVE-2011-2115. ...
13 years ago
CVE-2011-2115 - IML32.dll in Adobe Shockwave Player before 11.6.0.626 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted tSAC chunk, which triggers a heap-based buffer overflow, a different vulnerability ...
13 years ago
CVE-2013-2116 - The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for ...
1 year ago
CVE-2002-2116 - Netgear RM-356 and RT-338 series SOHO routers allow remote attackers to cause a denial of service (crash) via a UDP port scan, as demonstrated using nmap. ...
16 years ago
CVE-2012-2116 - Cross-site request forgery (CSRF) vulnerability in the Commerce Reorder module before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that add items to the shopping cart. ...
12 years ago
CVE-2014-2609 - The Java Glassfish Admin Console in HP Executive Scorecard 9.40 and 9.41 does not require authentication, which allows remote attackers to execute arbitrary code via a session on TCP port 10001, aka ZDI-CAN-2116. ...
10 years ago
CVE-2014-2116 - Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject web pages and modify dynamic content via unspecified parameters, aka Bug ID CSCun37882. ...
9 years ago
CVE-2015-2116 - Unspecified vulnerability in HP Storage Data Protector 7.x before 7.03 build 107 allows remote authenticated users to execute arbitrary code or cause a denial of service via unknown vectors. ...
7 years ago
CVE-2016-2116 - Memory leak in the jas_iccprof_createfrombuf function in JasPer 1.900.1 and earlier allows remote attackers to cause a denial of service (memory consumption) via a crafted ICC color profile in a JPEG 2000 image file. ...
6 years ago
CVE-2004-2116 - Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. ...
6 years ago
CVE-2008-2116 - Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) te and (2) dir parameters in a tempedit action. ...
6 years ago
CVE-2007-2116 - Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows ...
6 years ago
CVE-2006-2116 - planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. ...
6 years ago
CVE-2019-2116 - In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for ...
5 years ago
CVE-2010-2116 - The web interface in McAfee Email Gateway (formerly IronMail) 6.7.1 allows remote authenticated users, with only Read privileges, to gain Write privileges to modify configuration via the save action in a direct request to ...
4 years ago
CVE-2017-2116 - Cybozu Office 10.0.0 to 10.5.0 allows remote authenticated attackers to bypass access restriction to delete "customapp" templates via unspecified vectors. ...
4 years ago
CVE-2021-2116 - Vulnerability in the Oracle Application Express Opportunity Tracker component of Oracle Database Server. The supported version that is affected is Prior to 20.2. Easily exploitable vulnerability allows low privileged attacker having Valid User ...
3 years ago
CVE-2022-2116 - The Contact Form DB WordPress plugin before 1.8.0 does not sanitise and escape some parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)