SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Publication date: Tue, 16 Mar 2010 02:30:00 +0000
Cyber News related to CVE-2009-4702
CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago
CVE-2009-4702 - SQL injection vulnerability in the Tour Extension (pm_tour) extension before 0.0.13 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
14 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago
CVE-2005-4702 - SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter. NOTE: the provenance of this information is unknown; the details are obtained ...
16 years ago
CVE-2014-4701 - The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702. ...
8 years ago
CVE-2014-4702 - The check_icmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701. ...
8 years ago
CVE-2011-4702 - The Nimbuzz (com.nimbuzz) application 2.0.8 and 2.0.10 for Android does not properly protect data, which allows remote attackers to read or modify a contact list via a crafted application. ...
12 years ago
CVE-2012-4702 - 360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video content or scheduling, via an SSH session. ...
11 years ago
CVE-2013-4702 - Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbitrary files via vectors involving a (1) Operation, ...
11 years ago
CVE-2007-4702 - The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to ...
7 years ago
CVE-2010-4702 - SQL injection vulnerability in JRadio (com_jradio) component before 1.5.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
7 years ago
CVE-2008-4702 - Multiple directory traversal vulnerabilities in PhpWebGallery 1.3.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) user[language] and (2) user[template] parameters to (a) init.inc.php, and (b) the ...
7 years ago
CVE-2006-4702 - Buffer overflow in the Windows Media Format Runtime in Microsoft Windows Media Player (WMP) 6.4 and Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file. ...
6 years ago
CVE-2016-4702 - Audio in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. ...
5 years ago
CVE-2020-4702 - IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials ...
4 years ago
CVE-2019-4702 - IBM Security Guardium Data Encryption (GDE) 3.0.0.2 specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. ...
3 years ago
CVE-2022-4702 - The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_fix_royal_compatibility' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with ...
1 year ago
CVE-2018-4702 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago
CVE-2023-4702 - Authentication Bypass Using an Alternate Path or Channel vulnerability in Yepas Digital Yepas allows Authentication Bypass.This issue affects Digital Yepas: before 1.0.1. ...
1 year ago
CVE-2017-4702 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com
CVE-2024-4702 - The Mega Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. ...
7 months ago
CVE-2009-0795 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult ...
54 years ago Tenable.com
CVE-2009-4778 - Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow ...
14 years ago