CVE-2022-1509

Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context.

Publication date: Thu, 28 Apr 2022 15:15:00 +0000

Cyber News related to CVE-2022-1509

CVE-2021-28813 - A vulnerability involving insecure storage of sensitive information has been reported to affect QSW-M2116P-2T2S and QNAP switches running QuNetSwitch. If exploited, this vulnerability allows remote attackers to read sensitive information by accessing ...
3 years ago

CVE-2022-1509 - Sed Injection Vulnerability in GitHub repository hestiacp/hestiacp prior to 1.5.12. An authenticated remote attacker with low privileges can execute arbitrary code under root context. ...
1 year ago

CVE-2006-0942 - SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509. ...
16 years ago

CVE-2002-1509 - A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming ...
16 years ago

CVE-2013-1509 - Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites. ...
11 years ago

CVE-1999-1509 - Directory traversal vulnerability in Etype Eserv 2.50 web server allows a remote attacker to read any file in the file system via a .. (dot dot) in a URL. ...
8 years ago

CVE-2004-1509 - validate.php in WebCalendar allows remote attackers to gain sensitive information via an invalid encoded_login parameter, which reveals the full path in an error message. ...
7 years ago

CVE-2005-1509 - SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago

CVE-2003-1509 - Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2.0, and RealOne Player 6.0.11.818 through RealOne Player 6.0.11.853 allows remote attackers to execute arbitrary script in the local security zone by embedding script in a temp file ...
7 years ago

CVE-2012-1509 - Buffer overflow in the XPDM display driver in VMware View before 4.6.1 allows guest OS users to gain guest OS privileges via unspecified vectors. ...
7 years ago

CVE-2008-1509 - SQL injection vulnerability in index.php in XLPortal 2.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the query parameter. ...
7 years ago

CVE-2009-1509 - SQL injection vulnerability in ajaxp_backend.php in MyioSoft AjaxPortal 3.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. ...
7 years ago

CVE-2001-1509 - geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges. ...
7 years ago

CVE-2006-1509 - /sbin/passwd in HP-UX B.11.00, B.11.11, and B.11.23 before 20060326 "does not recover gracefully from some error conditions," which allows local users to cause a denial of service. This vulnerability affects all versions of HP-UX B.11.00, ...
7 years ago

CVE-2011-1509 - The encryptPassword function in Login.js in ManageEngine ServiceDesk Plus (SDP) 8012 and earlier uses a Caesar cipher for encryption of passwords in cookies, which makes it easier for remote attackers to obtain sensitive information by sniffing the ...
6 years ago

CVE-2010-1509 - IrfanView before 4.27 does not properly handle an unspecified integer variable during processing of PSD images, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted image file ...
6 years ago

CVE-2007-1509 - Directory traversal vulnerability in enkrypt.php in Sascha Schroeder krypt (aka Holtstraeter Rot 13) allows remote attackers to read arbitrary files via a .. (dot dot) in the datei parameter. ...
6 years ago

CVE-2013-4841 - Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ...
5 years ago

CVE-2017-1509 - IBM Jazz Foundation products could allow an authenticated user to obtain sensitive information from a stack trace that could be used to aid future attacks. IBM X-Force ID: 129719. ...
5 years ago

CVE-2018-1509 - IBM Security Guardium EcoSystem 10.5 does not validate, or incorrectly validates, a certificate.This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. The software might connect to a malicious host ...
5 years ago

CVE-2014-1509 - Buffer overflow in the _cairo_truetype_index_to_ucs4 function in cairo, as used in Mozilla Firefox before 28.0, Firefox ESR 24.x before 24.4, Thunderbird before 24.4, and SeaMonkey before 2.25, allows remote attackers to execute arbitrary code via a ...
4 years ago

CVE-2020-1509 - An elevation of privilege vulnerability exists in the Local Security Authority Subsystem Service (LSASS) when an authenticated attacker sends a specially crafted authentication request, aka 'Local Security Authority Subsystem Service Elevation of ...
3 years ago

CVE-2021-1509 - Multiple vulnerabilities in Cisco SD-WAN vEdge Software could allow an attacker to execute arbitrary code as the root user or cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the ...
2 years ago

CVE-2023-1509 - The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmace_manager_server function called via the wp_ajax_gmace_manager AJAX action. This ...
1 year ago

31 Alarming Identity Theft Statistics for 2024 - Identity theft is a prevalent issue that affects millions of people annually. Although the numbers are startling, we've selected the 31 most concerning identity theft statistics to help you understand how to secure your identity. In 2022, the FTC ...
1 year ago Pandasecurity.com

Latest Cyber News

Hackers Inject FrigidStealer Malware on Your macOS Via Fake Browser Updates - 6 minutes ago
New Fake Browser Updates Deploy NetSupport RAT Malware on Your Windows - 49 minutes ago
BlackLock Emerging As a Major Player In RaaS With Variants for Windows, VMWare ESXi, & Linux Environments - 1 hour ago
New FrigidStealer infostealer infects Macs via fake browser updates - 1 hour ago
Australian fertility services giant Genea hit by security breach - 1 hour ago
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - 2 hours ago
Patch Now: Palo Alto Flaw Exploited in the Wild - 2 hours ago
Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News - 3 hours ago
INE Security's Cybersecurity and IT Training Enhances Career Stability in Tech - 3 hours ago
Palo Alto Networks tags new firewall bug as exploited in attacks - 3 hours ago
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - 4 hours ago
The Board's Role in Cyber-Risk Management in OT Environments - 4 hours ago
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - 4 hours ago
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - 4 hours ago
Lee Enterprises Says Ransomware Attack Compromises 'Critical' Systems - 5 hours ago
Hackers Turning Stolen Payment Card Data into Apple & Google Wallets - 5 hours ago
Threat Actors Using $10 Infostealer Malware To Breach Critical US Security - 5 hours ago
South Korea Confirm DeepSeek Sending Data Chinese ByteDance Servers - 5 hours ago
Raymond IT Systems Hit by Cyber Attack - Investigation In progress - 5 hours ago
Sanctioned entities fueled $16 billion in cryptocurrency activity last year, report says | The Record from Recorded Future News - 6 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Hackers Inject FrigidStealer Malware on Your macOS Via Fake Browser Updates - 6 minutes ago
New Fake Browser Updates Deploy NetSupport RAT Malware on Your Windows - 49 minutes ago
BlackLock Emerging As a Major Player In RaaS With Variants for Windows, VMWare ESXi, & Linux Environments - 1 hour ago
Australian fertility services giant Genea hit by security breach - 1 hour ago
New FrigidStealer infostealer infects Macs via fake browser updates - 1 hour ago
Patch Now: Palo Alto Flaw Exploited in the Wild - 2 hours ago
North Korean Hackers Using Dropbox & PowerShell Scripts To Infiltrate Organizations - 2 hours ago
Thailand to take in 7,000 rescued from illegal cyber scam hubs in Myanmar | The Record from Recorded Future News - 3 hours ago
The Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground - 4 hours ago
Palo Alto Networks tags new firewall bug as exploited in attacks - 3 hours ago
INE Security's Cybersecurity and IT Training Enhances Career Stability in Tech - 3 hours ago
The Board's Role in Cyber-Risk Management in OT Environments - 4 hours ago
Russian state hackers spy on Ukrainian military through Signal app | The Record from Recorded Future News - 4 hours ago
Palo Alto Networks Warns Hackers Combining Vulnerabilities to Compromise Firewalls - 4 hours ago
Lee Enterprises Says Ransomware Attack Compromises 'Critical' Systems - 5 hours ago
Threat Actors Using $10 Infostealer Malware To Breach Critical US Security - 5 hours ago
Hackers Turning Stolen Payment Card Data into Apple & Google Wallets - 5 hours ago
South Korea Confirm DeepSeek Sending Data Chinese ByteDance Servers - 5 hours ago
Raymond IT Systems Hit by Cyber Attack - Investigation In progress - 5 hours ago
Sanctioned entities fueled $16 billion in cryptocurrency activity last year, report says | The Record from Recorded Future News - 6 hours ago