CVE-2009-3999

Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter.

Publication date: Thu, 21 Jan 2010 04:30:00 +0000

Cyber News related to CVE-2009-3999

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
11 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
11 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-3999 - Stack-based buffer overflow in goform/formExportDataLogs in HP Power Manager before 4.2.10 allows remote attackers to execute arbitrary code via a long fileName parameter. ...
12 years ago

CVE-2007-4743 - The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check ...
4 years ago

CVE-2019-3999 - Improper neutralization of special elements used in an OS command in Druva inSync Windows Client 6.5.0 allows a local, unauthenticated attacker to execute arbitrary operating system commands with SYSTEM privileges. ...
2 years ago

CVE-2010-3999 - gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. ...
13 years ago

CVE-2011-3999 - Cross-site scripting (XSS) vulnerability in the RSS/Atom feed-reader implementation in Iwate Portal Bar allows remote attackers to inject arbitrary web script or HTML via a crafted feed. ...
12 years ago

CVE-2008-3999 - Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, and 10.1.0.5 allows remote authenticated users to affect availability, related to SYS.OLAPIMPL_T. ...
11 years ago

CVE-2015-3999 - Piriform CCleaner 3.26.0.1988 through 5.02.5101 writes the filenames to disk when overwriting files, which allows local users to obtain sensitive information by searching unallocated disk space. ...
9 years ago

CVE-2005-3999 - Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. ...
6 years ago

CVE-2013-3999 - Cross-site scripting (XSS) vulnerability in IBM Social Media Analytics 1.2 before FP1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago

CVE-2001-0750 - Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999. ...
6 years ago

CVE-2012-3999 - Cross-site scripting (XSS) vulnerability in admin/login.php in Sticky Notes 0.3.09062012.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. ...
6 years ago

CVE-2014-3999 - The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN. ...
6 years ago

CVE-2006-3999 - ISS BlackICE PC Protection 3.6.cpj, 3.6.cpiE, and possibly earlier versions do not properly monitor the integrity of the pamversion.dll BlackICE library, which allows local users to subvert BlackICE by replacing pamversion.dll. NOTE: in most cases, ...
5 years ago

CVE-2007-3999 - Stack-based buffer overflow in the svcauth_gss_validate function in lib/rpc/svc_auth_gss.c in the RPCSEC_GSS RPC library (librpcsecgss) in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and some ...
4 years ago

CVE-2016-3999 - Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka bugs 104552 and 104703. ...
4 years ago

CVE-2020-3999 - VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to ...
2 years ago

CVE-2018-3999 - An exploitable stack-based buffer overflow vulnerability exists in the JPEG parser of Atlantis Word Processor, version 3.2.5.0. A specially crafted image embedded within a document can cause a length to be miscalculated and underflow. This length is ...
1 year ago

CVE-2021-3999 - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid ...
1 year ago

CVE-2022-3999 - The DPD Baltic Shipping WordPress plugin before 1.2.57 does not have authorisation and CSRF in an AJAX action, which could allow any authenticated users, such as subscriber to delete arbitrary options from the blog, which could make the blog ...
1 year ago

CVE-2023-3999 - The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2. This makes it possible for authenticated attackers, with ...
10 months ago

CVE-2017-3999 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-40605 - 8 hours ago
CVE-2024-40604 - 8 hours ago
CVE-2024-40603 - 8 hours ago
CVE-2024-40602 - 8 hours ago
CVE-2024-40601 - 8 hours ago
CVE-2024-40600 - 8 hours ago
CVE-2024-40599 - 8 hours ago
CVE-2024-40598 - 8 hours ago
CVE-2024-40596 - 8 hours ago
CVE-2024-40597 - 8 hours ago
CVE-2024-6095 - 14 hours ago
CVE-2024-37554 - 15 hours ago
CVE-2024-37553 - 16 hours ago
CVE-2024-37547 - 17 hours ago
CVE-2024-37546 - 17 hours ago
CVE-2024-37542 - 19 hours ago
CVE-2024-37541 - 19 hours ago
CVE-2024-37539 - 19 hours ago
CVE-2024-39486 - 22 hours ago
CVE-2024-37260 - 22 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-40605 - 8 hours ago
CVE-2024-40604 - 8 hours ago
CVE-2024-40603 - 8 hours ago
CVE-2024-40602 - 8 hours ago
CVE-2024-40601 - 8 hours ago
CVE-2024-40600 - 8 hours ago
CVE-2024-40599 - 8 hours ago
CVE-2024-40598 - 8 hours ago
CVE-2024-40596 - 8 hours ago
CVE-2024-40597 - 8 hours ago
CVE-2024-6095 - 14 hours ago
CVE-2024-37553 - 16 hours ago
CVE-2024-37554 - 15 hours ago
CVE-2024-37547 - 17 hours ago
CVE-2024-37546 - 17 hours ago
CVE-2024-37542 - 19 hours ago
CVE-2024-37541 - 19 hours ago
CVE-2024-37539 - 19 hours ago
CVE-2024-39486 - 22 hours ago
CVE-2024-37260 - 22 hours ago