CyberSecurityBoard
Sponsor Register Login

CVE-2024-4309

SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id1, /user/credit-debit_transaction.php?id1,/user/view_transaction. php?id1 and /user/viewloantrans.php?id1, id parameter) and retrieve the information stored in the database.

Publication date: Mon, 29 Apr 2024 18:15:00 +0000


Cyber News related to CVE-2024-4309

AWS LetsEncrypt Lambda: Custom TLS Provider - DZone - Trying to renew ... INFO[0000] Checking certificate for domain 'hackernoon.referrs.me' with arn 'arn:aws:acm:us-east-2:004867756392:certificate/72f872fd-e577-43f4-ae38-6833962630af' INFO[0000] Certificate status is 'ISSUED' INFO[0000] Certificate in ...
5 months ago Feeds.dzone.com
Vulnerability Summary for the Week of March 11, 2024 - Published 2024-03-15 CVSS Score not yet calculated Source & Patch Info CVE-2021-47111416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - Product linux - linux Description In the ...
1 year ago Cisa.gov
Vulnerability Summary for the Week of March 4, 2024 - Published 2024-03-06 CVSS Score not yet calculated Source & Patch Info CVE-2023-52584416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67416baaa9-dc9f-4396-8d5f-8c081fb06d67 PrimaryVendor - ...
1 year ago Cisa.gov
CVE-2024-4309 - SQL injection vulnerability in HubBank affecting version 1.0.2. This vulnerability could allow an attacker to send a specially crafted SQL query to the database through different endpoints (/user/transaction.php?id1, ...
11 months ago
CVE-2024-37051 - GitHub access token could be exposed to third-party sites in JetBrains IDEs after version 2023.1 and less than: IntelliJ IDEA 2023.1.7, 2023.2.7, 2023.3.7, 2024.1.3, 2024.2 EAP3; Aqua 2024.1.2; CLion 2023.1.7, 2023.2.4, 2023.3.5, 2024.1.3, 2024.2 ...
9 months ago Tenable.com
CVE-2009-1887 - agent/snmp_agent.c in snmpd in net-snmp 5.0.9 in Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP GETBULK request that triggers a divide-by-zero error. NOTE: this vulnerability ...
2 years ago
CVE-2007-4309 - IBM Lotus Notes 5.x through 7.0.2 allows user-assisted remote authenticated administrators to obtain a cleartext notes.id password by setting the notes.ini (1) KFM_ShowEntropy and (2) Debug_Outfile debug variables, a different vulnerability than ...
16 years ago
CVE-2010-4309 - Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4308. ...
13 years ago
CVE-2010-4308 - Adobe Shockwave Player before 11.6.1.629 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-4309. ...
13 years ago
CVE-2014-4309 - Multiple cross-site scripting (XSS) vulnerabilities in Openfiler 2.99 allow remote attackers to inject arbitrary web script or HTML via the (1) TinkerAjax parameter to uptime.html, or remote authenticated users to inject arbitrary web script or HTML ...
10 years ago
CVE-2005-4309 - SQL injection vulnerability in ezUpload Pro 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified search module parameters. ...
7 years ago
CVE-2009-4309 - Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 ...
1 year ago
CVE-2006-4309 - VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions. ...
6 years ago
CVE-2018-4309 - A cross-site scripting issue existed in Safari. This issue was addressed with improved URL validation. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7. ...
5 years ago
CVE-2020-4309 - IBM Content Navigator 3.0CD could disclose sensitive information to an unauthenticated user which could be used to aid in further attacks against the system. IBM X-Force ID: 177080. ...
5 years ago
CVE-2016-4309 - Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter. <a ...
4 years ago
CVE-2022-47523 - Zoho ManageEngine Access Manager Plus before 4309, Password Manager Pro before 12210, and PAM360 before 5801 are vulnerable to SQL Injection. ...
2 years ago
CVE-2022-4309 - The Subscribe2 WordPress plugin before 10.38 does not have CSRF check when deleting users, which could allow attackers to make a logged in admin delete arbitrary users by knowing their email via a CSRF attack. ...
2 years ago
CVE-2019-4309 - IBM Security Guardium Big Data Intelligence (SonarG) 4.0 uses hard coded credentials which could allow a local user to obtain highly sensitive information. IBM X-Force ID: 161035. ...
2 years ago
CVE-2008-4309 - Integer overflow in the netsnmp_create_subtree_cache function in agent/snmp_agent.c in net-snmp 5.4 before 5.4.2.1, 5.3 before 5.3.2.3, and 5.2 before 5.2.5.1 allows remote attackers to cause a denial of service (crash) via a crafted SNMP GETBULK ...
2 years ago
CVE-2011-4309 - Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to bypass intended access restrictions and perform global searches by leveraging the guest role and making a direct request to a URL. ...
2 years ago
CVE-2023-2291 - Static credentials exist in the PostgreSQL data used in ManageEngine Access Manager Plus (AMP) build 4309, ManageEngine Password Manager Pro, and ManageEngine PAM360. These credentials could allow a malicious actor to modify configuration data that ...
1 year ago
CVE-2023-4309 - Election Services Co. (ESC) Internet Election Service is vulnerable to SQL injection in multiple pages and parameters. These vulnerabilities allow an unauthenticated, remote attacker to read or modify data for any elections that share the same ...
1 year ago
CVE-2021-4309 - A vulnerability, which was classified as problematic, has been found in 01-Scripts 01ACP. This issue affects some unknown processing. The manipulation of the argument $_SERVER['SCRIPT_NAME'] leads to cross site scripting. The attack may be ...
1 year ago
CVE-2013-4309 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)