CyberSecurityBoard
Sponsor Register Login

CVE-2025-4889

A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Publication date: Sun, 18 May 2025 17:31:00 +0000


Cyber News related to CVE-2025-4889

CVE-2025-4889 - A vulnerability has been found in code-projects Tourism Management System 1.0 and classified as critical. This vulnerability affects the function AddUser of the component User Registration. The manipulation of the argument username/password leads to ...
1 month ago
CVE-2013-4889 - Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) ...
11 years ago
CVE-2005-4889 - lib/fsm.c in RPM before 4.4.3 does not properly reset the metadata of an executable file during deletion of the file in an RPM package removal, which might allow local users to gain privileges by creating a hard link to a vulnerable (1) setuid or (2) ...
7 years ago
CVE-2012-4891 - Cross-site scripting (XSS) vulnerability in fw/index2.do in ManageEngine Firewall Analyzer 7.2 allows remote attackers to inject arbitrary web script or HTML via the url parameter, a different vector than CVE-2012-4889. NOTE: the provenance of this ...
7 years ago
CVE-2007-4889 - The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997. ...
6 years ago
CVE-2006-4889 - Multiple PHP remote file inclusion vulnerabilities in Telekorn SignKorn Guestbook (SL) 1.3 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the dir_path parameter in (1) index.php, (2) ...
6 years ago
CVE-2010-4889 - Unspecified vulnerability in the Tiny Market (hm_tinymarket) extension 0.5.4 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors. ...
13 years ago
CVE-2014-4889 - The Diabetic Diet Guide (aka com.wDiabeticDietGuide) application 2.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted ...
10 years ago
CVE-2016-4889 - ZOHO ManageEngine ServiceDesk Plus before 9.0 allows remote authenticated guest users to have unspecified impact by leveraging failure to restrict access to unknown functions. ...
8 years ago
CVE-2012-4889 - Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Firewall Analyzer 7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) subTab or (2) tab parameter to createAnomaly.do; (3) url, (4) subTab, or (5) tab ...
7 years ago
CVE-2009-4889 - SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter. ...
7 years ago
CVE-2008-4889 - SQL injection vulnerability in index.php in deV!L'z Clanportal (DZCP) 1.4.9.6 and earlier allows remote attackers to execute arbitrary SQL commands via the users parameter in an addbuddy operation in a buddys action. ...
7 years ago
CVE-2011-4889 - The javax.naming.directory.AttributeInUseException class in the Virtual Member Manager in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.43, 7.0 before 7.0.0.21, and 8.0 before 8.0.0.2 does not properly update passwords on a configuration ...
7 years ago
CVE-2018-4889 - An issue was discovered in Adobe Acrobat Reader 2018.009.20050 and earlier versions, 2017.011.30070 and earlier versions, 2015.006.30394 and earlier versions. This vulnerability occurs as a result of computation that reads data that is past the end ...
7 years ago
CVE-2020-4889 - IBM Spectrum Scale 5.0.0 through 5.0.5.4 and 5.1.0 could allow a local user to poison log files which could impact support and development efforts. IBM X-Force ID: 190971. ...
4 years ago
CVE-2022-4889 - A vulnerability classified as critical was found in visegripped Stracker. Affected by this vulnerability is the function getHistory of the file doc_root/public_html/stracker/api.php. The manipulation of the argument symbol/startDate/endDate leads to ...
1 year ago
CVE-2015-4889 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2015. Notes: none ...
55 years ago Tenable.com
CVE-2017-4889 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-4889 - A code injection vulnerability exists in the berriai/litellm application, version 1.34.6, due to the use of unvalidated input in the eval function within the secret management system. This vulnerability requires a valid Google KMS configuration file ...
1 year ago Tenable.com
CVE-2023-4889 - The Shareaholic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'shareaholic' shortcode in versions up to, and including, 9.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This ...
10 months ago
CVE-2019-4889 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none ...
1 year ago
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
3 months ago Cybersecuritynews.com CVE-2024-5594
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
4 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
2 months ago Bleepingcomputer.com CVE-2025-30456
CVE-2025-37859 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)