CyberSecurityBoard
Sponsor Register Login

CVE-2009-3966

Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.

Publication date: Thu, 19 Nov 2009 05:30:00 +0000


Cyber News related to CVE-2009-3966

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago
CVE-2009-3966 - Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true. ...
7 years ago
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide - Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region. Researchers from Mandiant report that four ...
1 year ago Bleepingcomputer.com CVE-2023-4966 CVE-2023-3966
CVE-2007-3966 - SQL injection vulnerability in Munch Pro allows remote attackers to execute arbitrary SQL commands via the login field to /admin, a different vulnerability than CVE-2006-5880. ...
6 years ago
CVE-2005-3966 - Cross-site scripting (XSS) vulnerability in search.jsp in Java Search Engine (JSE) 0.9.34 allows remote attackers to inject arbitrary web script or HTML via the q parameter. ...
14 years ago
CVE-2015-3966 - The IPsec SA establishment process on Innominate mGuard devices with firmware 8.x before 8.1.7 allows remote authenticated users to cause a denial of service (VPN service restart) by leveraging a peer relationship to send a crafted configuration with ...
9 years ago
CVE-2012-3966 - Mozilla Firefox before 15.0, Firefox ESR 10.x before 10.0.7, Thunderbird before 15.0, Thunderbird ESR 10.x before 10.0.7, and SeaMonkey before 2.12 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via ...
7 years ago
CVE-2014-3966 - Cross-site scripting (XSS) vulnerability in Special:PasswordReset in MediaWiki before 1.19.16, 1.21.x before 1.21.10, and 1.22.x before 1.22.7, when wgRawHtml is enabled, allows remote attackers to inject arbitrary web script or HTML via an invalid ...
7 years ago
CVE-2006-3966 - PHP remote file inclusion vulnerability in /lib/tree/layersmenu.inc.php in the PHP Layers Menu 2.3.5 package for MyNewsGroups :) 0.6b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter. ...
6 years ago
CVE-2010-3966 - Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that ...
6 years ago
CVE-2008-3966 - Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) before 1.4.1 allow remote attackers to inject arbitrary web script or HTML via (1) a certain referrer field in usercp2.php, (2) a certain location field in ...
16 years ago
CVE-2019-3966 - In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. ...
5 years ago
CVE-2017-3966 - Exploitation of session variables, resource IDs and other trusted credentials vulnerability in the web interface in McAfee Network Security Management (NSM) before 8.2.7.42.2 allows remote attackers to exploit or harm a user's browser via reusing ...
5 years ago
CVE-2011-3966 - Use-after-free vulnerability in Google Chrome before 17.0.963.46 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to error handling for Cascading Style Sheets (CSS) token-sequence ...
4 years ago
CVE-2020-3966 - VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB ...
4 years ago
CVE-2022-3966 - A vulnerability, which was classified as critical, has been found in Ultimate Member Plugin up to 2.5.0. This issue affects the function load_template of the file includes/core/class-shortcodes.php of the component Template Handler. The manipulation ...
2 years ago
CVE-2021-3966 - usb device bluetooth class includes a buffer overflow related to implementation of net_buf_add_mem. ...
2 years ago
CVE-2018-3966 - An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in ...
2 years ago
CVE-2023-3966 - A flaw was found in Open vSwitch where multiple versions are vulnerable to crafted Geneve packets, which may result in a denial of service and invalid memory accesses. Triggering this issue requires that hardware offloading via the netlink path is ...
1 year ago Tenable.com
CVE-2024-3966 - The Pray For Me WordPress plugin through 1.0.4 does not sanitise and escape some parameters, which could unauthenticated visitors to perform Cross-Site Scripting attacks that trigger when an admin visits the Prayer Requests in the WP Admin ...
5 months ago
CVE-2025-3966 - A vulnerability was found in itwanger paicoding 1.0.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/home?userId=1&homeSelectType=read of the component Browsing History Handler. The ...
20 hours ago
CVE-2024-35976 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)