CVE-2009-4620

SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php.

Publication date: Tue, 19 Jan 2010 02:30:00 +0000

Cyber News related to CVE-2009-4620

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
11 years ago

CVE-2023-22396 - An Uncontrolled Resource Consumption vulnerability in TCP processing on the Routing Engine (RE) of Juniper Networks Junos OS allows an unauthenticated network-based attacker to send crafted TCP packets destined to the device, resulting in an MBUF ...
1 year ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
11 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-4620 - SQL injection vulnerability in the Joomloc (com_joomloc) component 1.0 for Joomla allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task to index.php. ...
6 years ago

CVE-2003-0749 - Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to insert arbitrary web script and steal cookies via the ~service parameter. ...
15 years ago

CVE-2013-4620 - Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter. ...
10 years ago

CVE-2011-4620 - Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a ...
7 years ago

CVE-2003-0747 - wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to obtain potentially sensitive information such as directory structure and operating system via incorrect parameters (1) ~service, (2) ~templatelanguage, (3) ...
6 years ago

CVE-2003-0748 - Directory traversal vulnerability in wgate.dll for SAP Internet Transaction Server (ITS) 4620.2.0.323011 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in the ~theme parameter and a ~template parameter with a ...
6 years ago

CVE-2016-4620 - The Sandbox Profiles component in Apple iOS before 10 does not properly restrict access to directory metadata for SMS draft directories, which allows attackers to discover text-message recipients via a crafted app. ...
6 years ago

CVE-2012-4620 - Cisco IOS 12.2 and 15.0 through 15.2 on Cisco 10000 series routers, when a tunnel interface exists, allows remote attackers to cause a denial of service (interface queue wedge) via tunneled (1) GRE/IP, (2) IPIP, or (3) IPv6 in IPv4 packets, aka Bug ...
6 years ago

CVE-2014-4620 - The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, which allows local users to obtain sensitive ...
6 years ago

CVE-2008-4620 - SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php. ...
6 years ago

CVE-2006-4620 - The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the ...
5 years ago

CVE-2005-4620 - Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have ...
5 years ago

CVE-2015-4620 - name.c in named in ISC BIND 9.7.x through 9.9.x before 9.9.7-P1 and 9.10.x before 9.10.2-P2, when configured as a recursive resolver with DNSSEC validation, allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon ...
5 years ago

CVE-2019-4620 - IBM MQ Appliance 8.0 and 9.0 LTS could allow a local attacker to bypass security restrictions caused by improper validation of environment variables. IBM X-Force ID: 168863. ...
4 years ago

CVE-2020-4620 - IBM Data Risk Manager (iDNA) 2.0.6 could allow a remote authenticated attacker to upload arbitrary files, caused by the improper validation of file extensions. By sending a specially-crafted HTTP request, a remote attacker could exploit this ...
3 years ago

CVE-2007-4620 - Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager ...
3 years ago

CVE-2018-4620 - ** REJECT ** This candidate is unused by its CNA. ...
9 months ago

CVE-2023-4620 - The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators ...
8 months ago

CVE-2017-4620 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-4620 - The ARForms - Premium WordPress Form Builder Plugin WordPress plugin before 6.6 allows unauthenticated users to modify uploaded files in such a way that PHP code can be uploaded when an upload file input is included on a form ...
3 weeks ago

Latest Cyber News

CVE-2024-6440 - 2 hours ago
CVE-2024-6439 - 2 hours ago
CVE-2024-6438 - 2 hours ago
CVE-2024-6264 - 2 hours ago
CVE-2024-6099 - 2 hours ago
CVE-2024-6088 - 2 hours ago
CVE-2024-4268 - 2 hours ago
CVE-2024-34593 - 3 hours ago
CVE-2024-20897 - 3 hours ago
CVE-2024-20888 - 3 hours ago
CVE-2024-20894 - 3 hours ago
CVE-2024-6012 - 3 hours ago
CVE-2024-6011 - 3 hours ago
CVE-2024-34601 - 3 hours ago
CVE-2024-34600 - 3 hours ago
CVE-2024-34599 - 3 hours ago
CVE-2024-34597 - 3 hours ago
CVE-2024-34596 - 3 hours ago
CVE-2024-34595 - 3 hours ago
CVE-2024-34594 - 3 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-21466 - 22 hours ago
CVE-2024-34593 - 3 hours ago
CVE-2024-20897 - 3 hours ago
CVE-2024-20888 - 3 hours ago
CVE-2024-20894 - 3 hours ago
CVE-2024-6012 - 3 hours ago
CVE-2024-6011 - 3 hours ago
CVE-2024-34601 - 3 hours ago
CVE-2024-34600 - 3 hours ago
CVE-2024-34599 - 3 hours ago
CVE-2024-34597 - 3 hours ago
CVE-2024-34596 - 3 hours ago
CVE-2024-34595 - 3 hours ago
CVE-2024-34594 - 3 hours ago
CVE-2024-34592 - 3 hours ago
CVE-2024-34591 - 3 hours ago
CVE-2024-34590 - 3 hours ago
CVE-2024-34589 - 3 hours ago
CVE-2024-34588 - 3 hours ago
CVE-2024-34587 - 3 hours ago