Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter.
Publication date: Fri, 08 Jan 2010 02:30:00 +0000
Cyber News related to CVE-2009-3742
CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago
CVE-2009-3742 - Cross-site scripting (XSS) vulnerability in Liferay Portal before 5.3.0 allows remote attackers to inject arbitrary web script or HTML via the p_p_id parameter. ...
7 years ago
CVE-2018-3742 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3745. Reason: This candidate is a reservation duplicate of CVE-2018-3745. Notes: All CVE users should reference CVE-2018-3745 instead of this candidate. All references and ...
1 year ago
CVE-2010-3742 - Multiple PHP remote file inclusion vulnerabilities in themes/default/index.php in Free Simple CMS 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the (1) meta or (2) phpincdir parameter, a different issue than CVE-2010-3307. ...
14 years ago
CVE-2020-3742 - Adobe Acrobat and Reader versions, 2019.021.20061 and earlier, 2017.011.30156 and earlier, 2017.011.30156 and earlier, and 2015.006.30508 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution . ...
3 years ago
CVE-2006-3742 - The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. ...
16 years ago
CVE-2005-3742 - Cross-site scripting (XSS) vulnerability in popup.php in Advanced Poll 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the poll_ident parameter. ...
14 years ago
CVE-2011-3742 - HelpCenter Live 2.1.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by modules/HelpCenter/index.php and certain other files. ...
13 years ago
CVE-2013-3742 - Cross-site scripting (XSS) vulnerability in view_create.php (aka the Create View page) in phpMyAdmin 4.x before 4.0.3 allows remote authenticated users to inject arbitrary web script or HTML via an invalid SQL CREATE VIEW statement with a crafted ...
11 years ago
CVE-2014-3742 - The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors. ...
11 years ago
CVE-2016-3742 - decoder/ih264d_process_intra_mb.c in mediaserver in Android 6.x before 2016-07-01 mishandles intra mode, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal ...
8 years ago
CVE-2017-3742 - In Lenovo Connect2 versions earlier than 4.2.5.4885 for Windows and 4.2.5.3071 for Android, when an ad-hoc connection is made between two systems for the purpose of sharing files, the password for this ad-hoc connection will be stored in a ...
7 years ago
CVE-2007-3742 - WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, does not properly handle the interaction between International Domain Name (IDN) support and Unicode fonts, which allows remote attackers to create a URL containing ...
7 years ago
CVE-2008-3742 - Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated. ...
7 years ago
CVE-2012-3742 - Safari in Apple iOS before 6 does not properly restrict use of an unspecified Unicode character that looks similar to the https lock indicator, which allows remote attackers to spoof https connections by placing this character in the TITLE element of ...
7 years ago
CVE-2015-3742 - WebKit, as used in Apple iOS before 8.4.1 and Safari before 6.2.8, 7.x before 7.1.8, and 8.x before 8.0.8, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web ...
6 years ago
CVE-2019-3742 - Dell/Alienware Digital Delivery versions prior to 3.5.2013 contain a privilege escalation vulnerability. A local non-privileged malicious user could exploit a named pipe that performs binary deserialization via a process hollowing technique to inject ...
2 years ago
CVE-2022-3742 - A potential vulnerability was discovered in LCFC BIOS for some Lenovo consumer notebook models that could allow a local attacker with elevated privileges to execute arbitrary code due to improper buffer validation. ...
1 year ago
CVE-2023-3742 - Insufficient policy enforcement in ADB in Google Chrome on ChromeOS prior to 114.0.5735.90 allowed a local attacker to bypass device policy restrictions via physical access to the device. (Chromium security severity: High) ...
1 year ago Tenable.com
CVE-2024-3742 - Electrolink transmitters store credentials in clear-text. Use of these credentials could allow an attacker to access the system. ...
1 year ago
CVE-2021-3742 - A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0. The vulnerability allows an attacker to upload an SVG file containing a malicious SSRF payload. When the SVG file is used ...
7 months ago Tenable.com
CVE-2025-3742 - The Responsive Lightbox & Gallery WordPress plugin before 2.5.1 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored ...
1 month ago