CVE-2025-0409

A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

This Cyber News was published on www.tenable.com. Publication date: Mon, 13 Jan 2025 13:11:03 +0000

Cyber News related to CVE-2025-0409

Microsoft releases first Windows Server 2025 preview build - Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. This build is the first pushed for the next Windows Server Long-Term Servicing Channel Preview, which ...
11 months ago Bleepingcomputer.com

CVE-2025-0409 - A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument ...
1 day ago Tenable.com

CVE-2021-0409 - In flv extractor, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ...
3 years ago

CVE-1999-0409 - Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access. ...
16 years ago

CVE-2000-0409 - Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate. ...
16 years ago

CVE-2005-0409 - CitrusDB 0.3.6 and earlier does not verify authorization for the (1) importcc.php and (2) uploadcc.php, which allows remote attackers to upload credit card data and obtain sensitive information such as the pathnames for temporary files that store ...
16 years ago

CVE-2010-0409 - Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode ...
14 years ago

CVE-2007-0409 - BEA WebLogic 7.0 through 7.0 SP6, 8.1 through 8.1 SP4, and 9.0 initial release does not encrypt passwords stored in the JDBCDataSourceFactory MBean Properties, which allows local administrative users to read the cleartext password. ...
13 years ago

CVE-2012-0409 - Multiple buffer overflows in EMC AutoStart 5.3.x and 5.4.x before 5.4.3 allow remote attackers to cause a denial of service (agent crash) or possibly execute arbitrary code via crafted packets. ...
12 years ago

CVE-2016-0409 - Unspecified vulnerability in the PeopleSoft Enterprise HCM Global Payroll Switzerland component in Oracle PeopleSoft Products 9.1 and 9.2 allows remote authenticated users to affect confidentiality via vectors related to Security. ...
8 years ago

CVE-2002-0409 - orderdetails.aspx, as made available to Microsoft .NET developers as example code and demonstrated on www.ibuyspystore.com, allows remote attackers to view the orders of other users by modifying the OrderID parameter. ...
8 years ago

CVE-2003-0409 - Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP (1) POST or (2) HEAD request. ...
8 years ago

CVE-2015-0409 - Unspecified vulnerability in Oracle MySQL Server 5.6.21 and earlier allows remote authenticated users to affect availability via unknown vectors related to Optimizer. ...
7 years ago

CVE-2001-0409 - vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. ...
7 years ago

CVE-2004-0409 - Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 to 2.0.8, with socks5 traversal enabled, allows remote attackers to execute arbitrary code. ...
7 years ago

CVE-2009-0409 - SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. ...
6 years ago

CVE-2008-0409 - Cross-site scripting (XSS) vulnerability in HTTP File Server (HFS) before 2.2c allows remote attackers to inject arbitrary web script or HTML via the userinfo subcomponent of a URL. ...
6 years ago

CVE-2006-0409 - Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. ...
6 years ago

CVE-2017-0409 - A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code ...
5 years ago

CVE-2020-0409 - In create of FileMap.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: ...
3 years ago

CVE-2022-0409 - Unrestricted Upload of File with Dangerous Type in Packagist showdoc/showdoc prior to 2.10.2. ...
2 years ago

CVE-2013-0409 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, 6 through Update 38, and 5.0 through Update 38 allows remote attackers to affect confidentiality via vectors related to JMX. ...
2 years ago

CVE-2014-0409 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2014. Notes: none ...
55 years ago Tenable.com

CVE-2024-0409 - A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX ...
7 months ago

CVE-2018-0409 - A vulnerability in the XCP Router service of the Cisco Unified Communications Manager IM & Presence Service (CUCM IM&P) and the Cisco TelePresence Video Communication Server (VCS) and Expressway could allow an unauthenticated, remote attacker ...
4 years ago

Latest Cyber News

CVE-2024-52938 - 1 day ago
CVE-2024-52937 - 1 day ago
CVE-2024-47894 - 1 day ago
CVE-2024-47895 - 1 day ago
CVE-2024-47897 - 1 day ago
CVE-2024-52935 - 1 day ago
CVE-2024-52936 - 1 day ago
CVE-2024-51728 - 1 day ago
CVE-2024-12274 - 1 day ago
CVE-2024-12566 - 1 day ago
CVE-2024-12567 - 1 day ago
CVE-2024-12568 - 1 day ago
CVE-2024-11636 - 1 day ago
CVE-2025-0412 - 1 day ago
CVE-2025-0409 - 1 day ago
CVE-2025-0410 - 1 day ago
CVE-2025-0406 - 1 day ago
CVE-2025-0407 - 1 day ago
CVE-2025-0408 - 1 day ago
CVE-2025-0404 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-0397 - 1 day ago
CVE-2024-51456 - 1 day ago
CVE-2025-0398 - 1 day ago
CVE-2024-42179 - 1 day ago
CVE-2024-42180 - 1 day ago
CVE-2024-42181 - 1 day ago
CVE-2025-0399 - 1 day ago
CVE-2025-0400 - 1 day ago
CVE-2025-0401 - 1 day ago
CVE-2025-0402 - 1 day ago
CVE-2025-0403 - 1 day ago
CVE-2025-0404 - 1 day ago
CVE-2025-0405 - 1 day ago
CVE-2025-0406 - 1 day ago
CVE-2025-0407 - 1 day ago
CVE-2025-0408 - 1 day ago
CVE-2025-0409 - 1 day ago
CVE-2025-0410 - 1 day ago
CVE-2025-0412 - 1 day ago
CVE-2024-11636 - 1 day ago