CVE-2009-2925

Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.

Publication date: Fri, 21 Aug 2009 16:30:00 +0000

Cyber News related to CVE-2009-2925

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2009-4380 - Multiple SQL injection vulnerabilities in Valarsoft Webmatic before 3.0.3 allow remote attackers to execute arbitrary SQL commands via unspecified vectors, a different issue than CVE-2008-2925. ...
15 years ago

CVE-2009-2925 - Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. ...
7 years ago

CVE-2020-2925 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Supported versions that are affected are 8.0.19 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols ...
3 years ago

CVE-2014-2925 - Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrary web script or HTML via the current_page parameter ...
8 years ago

CVE-2006-2925 - Cross-site scripting (XSS) vulnerability in the web interface in Ingate Firewall before 4.4.1 and SIParator before 4.4.1 allows remote attackers to inject arbitrary web script or HTML, and steal cookies, via unspecified vectors related to "XSS ...
7 years ago

CVE-2008-2925 - SQL injection vulnerability in Webmatic before 2.8 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
7 years ago

CVE-2010-2925 - SQL injection vulnerability in index.php in Freeway CMS 1.4.3.210 allows remote attackers to execute arbitrary SQL commands via the ecPath parameter. ...
7 years ago

CVE-2012-2925 - SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action. ...
7 years ago

CVE-2016-2925 - Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.x through 7.0.0.2 CF30, 8.0.0.x through 8.0.0.1 CF21, and 8.5.0 before CF10 allows remote authenticated users to inject ...
7 years ago

CVE-2013-2925 - Use-after-free vulnerability in core/xml/XMLHttpRequest.cpp in Blink, as used in Google Chrome before 30.0.1599.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger multiple ...
7 years ago

CVE-2015-2925 - The prepend_path function in fs/dcache.c in the Linux kernel before 4.2.4 does not properly handle rename actions inside a bind mount, which allows local users to bypass an intended container protection mechanism by renaming a directory, related to a ...
7 years ago

CVE-2005-2925 - runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin. ...
6 years ago

CVE-2007-2925 - The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache. ...
6 years ago

CVE-2018-2925 - Vulnerability in the BI Publisher component of Oracle Fusion Middleware (subcomponent: Web Server). Supported versions that are affected are 11.1.1.7.0, 11.1.1.9.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged ...
5 years ago

CVE-2019-2925 - Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Worklist). Supported versions that are affected are 12.1.3 and 12.2.3-12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via ...
5 years ago

CVE-2011-2925 - Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct ...
3 years ago

CVE-2022-2925 - Cross-site Scripting (XSS) - Stored in GitHub repository appwrite/appwrite prior to 1.0.0-RC1. ...
2 years ago

CVE-2017-2925 - Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability in the JPEG XR codec. Successful exploitation could lead to arbitrary code execution. ...
2 years ago

CVE-2023-2925 - A vulnerability, which was classified as problematic, was found in Webkul krayin crm 1.2.4. This affects an unknown part of the file /admin/contacts/organizations/edit/2 of the component Edit Person Page. The manipulation of the argument Organization ...
1 year ago

CVE-2024-2925 - The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 2.8.0.5 due to insufficient input sanitization and output escaping on ...
10 months ago Tenable.com

CVE-2009-0795 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult ...
55 years ago Tenable.com

Latest Cyber News

CVE-2025-25246 - 20 hours ago
CVE-2025-1022 - 20 hours ago
CVE-2025-1025 - 20 hours ago
CVE-2025-1026 - 20 hours ago
CVE-2025-1028 - 21 hours ago
CVE-2025-23114 - 23 hours ago
CVE-2024-53966 - 1 day ago
CVE-2025-0413 - 1 day ago
CVE-2024-53962 - 1 day ago
CVE-2024-53963 - 1 day ago
CVE-2024-53964 - 1 day ago
CVE-2024-53965 - 1 day ago
CVE-2023-39943 - 1 day ago
CVE-2023-40222 - 1 day ago
CVE-2024-11467 - 1 day ago
CVE-2024-11468 - 1 day ago
CVE-2024-48445 - 1 day ago
CVE-2024-8125 - 1 day ago
CVE-2024-13722 - 1 day ago
CVE-2024-13723 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-13114 - 1 day ago
CVE-2024-13115 - 1 day ago
CVE-2024-13325 - 1 day ago
CVE-2024-13326 - 1 day ago
CVE-2024-13327 - 1 day ago
CVE-2024-13328 - 1 day ago
CVE-2024-13329 - 1 day ago
CVE-2024-13330 - 1 day ago
CVE-2024-13331 - 1 day ago
CVE-2024-13332 - 1 day ago
CVE-2025-0368 - 1 day ago
CVE-2025-0466 - 1 day ago
CVE-2024-12597 - 1 day ago
CVE-2024-13607 - 1 day ago
CVE-2024-10237 - 1 day ago
CVE-2024-10238 - 1 day ago
CVE-2024-10239 - 1 day ago
CVE-2024-12046 - 1 day ago
CVE-2024-13514 - 1 day ago
CVE-2025-20881 - 1 day ago