CyberSecurityBoard
Sponsor Register Login

CVE-2025-4465

A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Publication date: Fri, 09 May 2025 05:31:00 +0000


Cyber News related to CVE-2025-4465

CVE-2025-39993 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago
CVE-2025-4465 - A vulnerability was found in itsourcecode Gym Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_schedule. The manipulation of the argument member_id leads to sql ...
10 months ago
CVE-2005-4465 - The Internet Key Exchange version 1 (IKEv1) implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ...
15 years ago
CVE-2009-3495 - SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. ...
16 years ago
CVE-2012-4465 - Heap-based buffer overflow in the substr function in parsing.c in cgit 0.9.0.3 and earlier allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via an empty username in the "Author" field ...
13 years ago
CVE-2013-4465 - Unrestricted file upload vulnerability in the avatar upload functionality in Simple Machines Forum before 2.0.6 and 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it ...
12 years ago
CVE-2015-4465 - Cross-site scripting (XSS) vulnerability in the zM Ajax Login & Register plugin before 1.1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
10 years ago
CVE-2016-4465 - The URLValidator class in Apache Struts 2 2.3.20 through 2.3.28.1 and 2.5.x before 2.5.1 allows remote attackers to cause a denial of service via a null value for a URL field. ...
2 years ago
CVE-2009-4465 - DeluxeBB 1.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and configuration information, log data, and gain administrative access via a direct request to scripts in (1) ...
8 years ago
CVE-2011-4465 - Cross-site scripting (XSS) vulnerability in IBM Lotus Mobile Connect (LMC) 6.1.4 allows remote attackers to inject arbitrary web script or HTML via vectors related to a hidden redirect URL. ...
8 years ago
CVE-2008-4465 - SQL injection vulnerability in view_mags.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. ...
8 years ago
CVE-2006-4465 - ** DISPUTED ** Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute ...
7 years ago
CVE-2007-4465 - Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using ...
7 years ago
CVE-2010-4465 - Unspecified vulnerability in the Java Runtime Environment (JRE) in Oracle Java SE and Java for Business 6 Update 23 and earlier, 5.0 Update 27 and earlier, and 1.4.2_29 and earlier allows remote untrusted Java Web Start applications and untrusted ...
7 years ago
CVE-2014-4465 - WebKit in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1 allows remote attackers to bypass the Same Origin Policy via crafted Cascading Style Sheets (CSS) token sequences within an SVG file in the SRC attribute of an IMG element. ...
7 years ago
CVE-2018-4465 - A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2. ...
6 years ago
CVE-2020-4465 - IBM MQ, IBM MQ Appliance, and IBM MQ for HPE NonStop 8.0, 9.1 CD, and 9.1 LTS is vulnerable to a buffer overflow vulnerability due to an error within the channel processing code. A remote attacker could overflow the buffer using an older client and ...
5 years ago
CVE-2019-4465 - IBM Cloud Pak System 2.3 and 2.3.0.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 163774. ...
5 years ago
CVE-2022-4465 - The WP Video Lightbox WordPress plugin before 1.9.7 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site ...
3 years ago
CVE-2017-4465 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
56 years ago Tenable.com
CVE-2023-4465 - A vulnerability, which was classified as problematic, was found in Poly CCX 400, CCX 600, Trio 8800 and Trio C60. Affected is an unknown function of the component Configuration File Import. The manipulation of the argument ...
2 years ago
CVE-2021-4465 - ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 contain a remote denial-of-service vulnerability. The device can be shut down or rebooted by an unauthenticated attacker ...
3 months ago
CVE-2024-4465 - An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific ...
1 year ago Tenable.com
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
11 months ago Cybersecuritynews.com CVE-2024-5594
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
7 months ago Krebsonsecurity.com CVE-2025-53770

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)