CVE-2009-4934

Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter.

Publication date: Mon, 12 Jul 2010 18:27:00 +0000

Cyber News related to CVE-2009-4934

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
11 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
11 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-4934 - Cross-site scripting (XSS) vulnerability in index.php in Online Photo Pro 2.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter. ...
13 years ago

CVE-2015-4935 - Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, ...
7 years ago

CVE-2015-4933 - Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4934, ...
7 years ago

CVE-2015-4932 - Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4933, CVE-2015-4934, ...
7 years ago

CVE-2015-4934 - Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4931, CVE-2015-4932, CVE-2015-4933, ...
7 years ago

CVE-2015-4931 - Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12.1 allows remote attackers to execute arbitrary code via a crafted packet, a different vulnerability than CVE-2015-4932, CVE-2015-4933, CVE-2015-4934, ...
7 years ago

CVE-2011-4934 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2012-0820. Reason: This candidate is a reservation duplicate of CVE-2012-0820. Notes: All CVE users should reference CVE-2012-0820 instead of this candidate. All references and ...
54 years ago Tenable.com

CVE-2007-4935 - Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) admin.php, (2) custom_pages.php, (3) draft.php, (4) faq.php, (5) leagues.php, ...
13 years ago

CVE-2010-4934 - SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
12 years ago

CVE-2012-4934 - TomatoCart 1.1.7, when the PayPal Express Checkout module is enabled in sandbox mode, allows remote authenticated users to bypass intended payment requirements by modifying a certain redirection URL. ...
6 years ago

CVE-2013-4934 - The netmon_open function in wiretap/netmon.c in the Netmon file parser in Wireshark 1.8.x before 1.8.9 and 1.10.x before 1.10.1 does not initialize certain structure members, which allows remote attackers to cause a denial of service (application ...
6 years ago

CVE-2007-4934 - Multiple PHP remote file inclusion vulnerabilities in phpFFL 1.24 allow remote attackers to execute arbitrary PHP code via a URL in the PHPFFL_FILE_ROOT parameter to (1) program_files/livedraft/livedraft.php or (2) program_files/livedraft/admin.php. ...
6 years ago

CVE-2017-4934 - VMware Workstation (12.x before 12.5.8) and Fusion (8.x before 8.5.9) contain a heap buffer-overflow vulnerability in VMNAT device. This issue may allow a guest to execute code on the host. ...
6 years ago

CVE-2008-4934 - The hfsplus_block_allocate function in fs/hfsplus/bitmap.c in the Linux kernel before 2.6.28-rc1 does not check a certain return value from the read_mapping_page function before calling kmap, which allows attackers to cause a denial of service ...
6 months ago

CVE-2020-4934 - IBM Content Navigator 3.0.CD could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ...
3 years ago

CVE-2018-4934 - Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure. ...
1 year ago

CVE-2022-4934 - A post-auth command injection vulnerability in the exception wizard of Sophos Web Appliance older than version 4.3.10.4 allows administrators to execute arbitrary code. ...
1 year ago

CVE-2023-4934 - Authorization Bypass Through User-Controlled Key vulnerability in Usta AYBS allows Authentication Abuse, Authentication Bypass.This issue affects AYBS: before 1.0.3. ...
9 months ago

CVE-2016-4934 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
54 years ago Tenable.com

CVE-2024-4934 - The Quiz and Survey Master (QSM) WordPress plugin before 9.0.2 does not validate and escape some of its Quiz fields before outputting them back in a page/post where the Quiz is embed, which could allow users with the contributor role and above to ...
4 days ago

CVE-2009-0795 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-6505 - 1 hour ago
CVE-2024-6426 - 1 hour ago
CVE-2024-39022 - 3 hours ago
CVE-2024-39020 - 3 hours ago
CVE-2024-39019 - 3 hours ago
CVE-2024-34361 - 3 hours ago
CVE-2024-39696 - 3 hours ago
CVE-2024-39691 - 3 hours ago
CVE-2024-39689 - 3 hours ago
CVE-2024-39023 - 3 hours ago
CVE-2024-39021 - 3 hours ago
CVE-2024-39475 - 3 hours ago
CVE-2024-39687 - 4 hours ago
CVE-2024-39321 - 4 hours ago
CVE-2024-39174 - 4 hours ago
CVE-2024-37903 - 4 hours ago
CVE-2020-36825 - 4 hours ago
CVE-2024-28593 - 4 hours ago
CVE-2024-2567 - 4 hours ago
CVE-2024-23492 - 4 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-39687 - 4 hours ago
CVE-2024-39321 - 4 hours ago
CVE-2024-39174 - 4 hours ago
CVE-2024-37903 - 4 hours ago
CVE-2024-39022 - 3 hours ago
CVE-2024-39020 - 3 hours ago
CVE-2024-39019 - 3 hours ago
CVE-2024-34361 - 3 hours ago
CVE-2024-39696 - 3 hours ago
CVE-2024-39691 - 3 hours ago
CVE-2024-39689 - 3 hours ago
CVE-2024-39023 - 3 hours ago
CVE-2024-39021 - 3 hours ago
CVE-2024-39210 - 5 hours ago
CVE-2024-37768 - 5 hours ago
CVE-2024-29319 - 5 hours ago
CVE-2024-29318 - 5 hours ago
CVE-2024-23997 - 5 hours ago
CVE-2024-37769 - 5 hours ago
CVE-2024-23998 - 5 hours ago