CyberSecurityBoard
Sponsor Register Login

CVE-2009-4772

Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive information via unknown vectors.

Publication date: Tue, 20 Apr 2010 19:30:00 +0000


Cyber News related to CVE-2009-4772

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
13 years ago
CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
13 years ago
CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
56 years ago Tenable.com
CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
6 years ago
CVE-2009-4772 - Unspecified vulnerability in the PayPal Website Payments Standard functionality in the Ubercart module 5.x before 5.x-1.9 and 6.x before 6.x-2.1 for Drupal, when a custom checkout completion message is enabled, allows attackers to obtain sensitive ...
8 years ago
CVE-2005-4772 - liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability ...
17 years ago
CVE-2010-4772 - Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. ...
14 years ago
CVE-2011-4772 - The 360 KouXin (com.qihoo360.kouxin) application 1.5.3 for Android does not properly protect data, which allows remote attackers to read or modify SMS messages and a contact list via a crafted application. ...
13 years ago
CVE-2012-4772 - SQL injection vulnerability in register/ in Subrion CMS before 2.2.3 allows remote attackers to execute arbitrary SQL commands via the plan_id parameter. ...
8 years ago
CVE-2008-4772 - SQL injection vulnerability in main/main.php in QuestCMS allows remote attackers to execute arbitrary SQL commands via the obj parameter. ...
8 years ago
CVE-2015-4772 - Unspecified vulnerability in Oracle MySQL Server 5.6.24 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server : Partition. ...
8 years ago
CVE-2006-4772 - HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc. ...
7 years ago
CVE-2016-4772 - The kernel in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to cause a denial of service (unintended lock) via unspecified vectors. ...
6 years ago
CVE-2007-4772 - The regular expression parser in TCL before 8.4.17, as used in PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, and 7.4 before 7.4.19, allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted ...
6 years ago
CVE-2020-4772 - An XML External Entity Injection (XXE) vulnerability may impact IBM Curam Social Program Management 7.0.9 and 7.0.10. A remote attacker could exploit this vulnerability to expose sensitive information, denial of service, server side request forgery ...
5 years ago
CVE-2022-4772 - A vulnerability was found in Widoco and classified as critical. Affected by this issue is the function unZipIt of the file src/main/java/widoco/WidocoUtils.java. The manipulation leads to path traversal. It is possible to launch the attack on the ...
3 years ago
CVE-2013-4772 - D-Link DIR-505L SharePort Mobile Companion 1.01 and DIR-826L Wireless N600 Cloud Router 1.02 allows remote attackers to bypass authentication via a direct request when an authorized session is active. ...
2 years ago
CVE-2023-4772 - The Newsletter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'newsletter_form' shortcode in versions up to, and including, 7.8.9 due to insufficient input sanitization and output escaping on user supplied ...
2 years ago
CVE-2018-4772 - ** REJECT ** This candidate is unused by its CNA. ...
2 years ago
CVE-2017-4772 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
56 years ago Tenable.com
CVE-2024-4772 - An HTTP digest authentication nonce value was generated using `rand()` which could lead to predictable values. This vulnerability affects Firefox < 126. ...
1 year ago Tenable.com
CVE-2024-49950 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 ...
1 year ago Tenable.com
CVE-2019-4772 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none ...
2 years ago
CVE-2025-4772 - A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/department.php. The manipulation of the argument department leads to ...
9 months ago
CVE-2009-4778 - Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow ...
15 years ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)