CVE-2009-4940

SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action.

Publication date: Thu, 22 Jul 2010 10:40:00 +0000

Cyber News related to CVE-2009-4940

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2012-2639 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2011-4940. Reason: This candidate is a reservation duplicate of CVE-2011-4940. Notes: All CVE users should reference CVE-2011-4940 instead of this candidate. All references and ...
55 years ago Tenable.com

CVE-2024-26633 - In the Linux kernel, the following vulnerability has been resolved: ...
10 months ago

CVE-2024-26804 - In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 ...
9 months ago Tenable.com

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
55 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
5 years ago

CVE-2009-3201 - Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a denial of service (application crash) via a MIDI file (.mid) with a malformed header, which triggers a buffer overflow, a different vulnerability than ...
7 years ago

CVE-2009-4940 - SQL injection vulnerability in index.php in Zeus Cart 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the maincatid parameter in a showmaincatlanding action. ...
7 years ago

CVE-2013-4940 - Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote ...
4 years ago

CVE-2017-4940 - The ESXi Host Client in VMware ESXi (6.5 before ESXi650-201712103-SG, 5.5 before ESXi600-201711103-SG and 5.5 before ESXi550-201709102-SG) contains a vulnerability that may allow for stored cross-site scripting (XSS). An attacker can exploit this ...
3 years ago

CVE-2012-4940 - Multiple directory traversal vulnerabilities in the View Log Files component in Axigen Free Mail Server allow remote attackers to read or delete arbitrary files via a .. (dot dot) in (1) the fileName parameter in a download action to ...
11 years ago

CVE-2014-4940 - Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/treemap.php or (2) charts/zoomabletreemap.php. ...
10 years ago

CVE-2015-4940 - Apache Ambari before 2.1, as used in IBM Infosphere BigInsights 4.x before 4.1, stores a cleartext BigSheets password in a configuration file, which allows local users to obtain sensitive information by reading this file. ...
8 years ago

CVE-2008-4940 - xmlfile.py in aptoncd 0.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/aptoncd temporary file. ...
7 years ago

CVE-2010-4940 - SQL injection vulnerability in index.php in WAnewsletter 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago

CVE-2007-4940 - Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application ...
6 years ago

CVE-2018-4940 - Adobe ColdFusion Update 5 and earlier versions, ColdFusion 11 Update 13 and earlier versions have an exploitable Cross-Site Scripting vulnerability. Successful exploitation could lead to information disclosure. ...
4 years ago

CVE-2006-4940 - login/forgot_password.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information (e-mail addresses and Moodle account names) via a find action. ...
4 years ago

CVE-2011-4940 - The list_directory function in Lib/SimpleHTTPServer.py in SimpleHTTPServer in Python before 2.5.6c1, 2.6.x before 2.6.7 rc2, and 2.7.x before 2.7.2 does not place a charset parameter in the Content-Type HTTP header, which makes it easier for remote ...
1 year ago

CVE-2022-4940 - The WCFM Membership plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 2.10.0 due to missing capability checks on various AJAX actions. This makes it possible for unauthenticated ...
1 year ago

CVE-2023-4940 - The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobe_bulkoperations_swap function. This makes it possible for unauthenticated ...
1 year ago

CVE-2016-4940 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
55 years ago Tenable.com

CVE-2024-4940 - An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), ...
7 months ago

CVE-2024-26863 - In the Linux kernel, the following vulnerability has been resolved: ...
9 months ago

Latest Cyber News

CVE-2025-0974 - 1 day ago
CVE-2025-0973 - 1 day ago
CVE-2025-0972 - 1 day ago
CVE-2025-0971 - 1 day ago
CVE-2025-0970 - 1 day ago
CVE-2025-0967 - 1 day ago
CVE-2025-0961 - 2 days ago
CVE-2025-0950 - 2 days ago
CVE-2025-0949 - 2 days ago
CVE-2025-0948 - 2 days ago
CVE-2025-0947 - 2 days ago
CVE-2025-0946 - 2 days ago
CVE-2025-0945 - 2 days ago
CVE-2025-0944 - 2 days ago
CVE-2024-13775 - 2 days ago
CVE-2024-13612 - 2 days ago
CVE-2025-0943 - 2 days ago
CVE-2024-13429 - 2 days ago
CVE-2024-13372 - 2 days ago
CVE-2024-13425 - 2 days ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-0967 - 1 day ago
CVE-2025-0970 - 1 day ago
CVE-2025-0971 - 1 day ago
CVE-2025-0972 - 1 day ago
CVE-2025-0973 - 1 day ago
CVE-2025-0974 - 1 day ago
CVE-2024-11780 - 3 days ago
CVE-2024-12171 - 3 days ago
CVE-2024-12184 - 3 days ago
CVE-2024-12620 - 3 days ago
CVE-2024-13343 - 3 days ago
CVE-2024-13547 - 3 days ago
CVE-2024-13651 - 3 days ago
CVE-2024-51534 - 3 days ago
CVE-2024-53296 - 3 days ago
CVE-2024-53295 - 2 days ago
CVE-2024-12041 - 2 days ago
CVE-2024-12768 - 2 days ago
CVE-2024-13096 - 2 days ago
CVE-2024-13097 - 2 days ago