CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1CVE-2009-2705 – Computer Associates SiteMinder - Unicode Cross-Site Scripting Protection Security Bypass
https://notcve.org/view.php?id=CVE-2009-2705
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters. CA SiteMinder permite a atacantes remotos evitar las protecciones contra las vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) de las aplicaciones J2EE a traves de una petición que contiene caracteres "overlong Unicode" mal formados en lugar de los caracteres prohibidos. • https://www.exploit-db.com/exploits/33181 http://i8jesus.com/?p=55 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2735 – opennews 1.0 - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2735
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. Vulnerabilidad de inyección SQL en admin.php en sun-jester OpenNews v1.0, cuando está deshabilitado "magic_quotes_gpc", permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro "username". • https://www.exploit-db.com/exploits/9371 http://osvdb.org/56812 http://secunia.com/advisories/36154 http://www.exploit-db.com/exploits/9371 http://www.vupen.com/english/advisories/2009/2168 https://exchange.xforce.ibmcloud.com/vulnerabilities/52289 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 2CVE-2009-2736 – opennews 1.0 - SQL Injection / Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-2736
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action. Vulnerabilidad de inyección de código estático en admin.php en sun-jester OpenNews v1.0 permite a usuarios administradores autenticados remotamente inyectar código PHP de su elección en "config.php" mediante el campo "Overall Width" en una acción "setconfig". • https://www.exploit-db.com/exploits/9371 http://osvdb.org/56813 http://secunia.com/advisories/36154 http://www.exploit-db.com/exploits/9371 http://www.vupen.com/english/advisories/2009/2168 https://exchange.xforce.ibmcloud.com/vulnerabilities/52289 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2009-2704 – Computer Associates SiteMinder - '%00' Cross-Site Scripting Protection Security Bypass
https://notcve.org/view.php?id=CVE-2009-2704
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte). CA SiteMinder permite a atacantes remotos evitar las protecciones contra las vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) de las aplicaciones J2EE a traves de una petición que contiene un %00 (byte "null"). • https://www.exploit-db.com/exploits/33178 http://i8jesus.com/?p=55 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 38EXPL: 0CVE-2009-2416 – mingw32-libxml2: Pointer use-after-free flaws by parsing Notation and Enumeration attribute types
https://notcve.org/view.php?id=CVE-2009-2416
Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, 2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent attackers to cause a denial of service (application crash) via crafted (1) Notation or (2) Enumeration attribute types in an XML file, as demonstrated by the Codenomicon XML fuzzing framework. Múltiples vulnerabilidades de uso anterior a la liberación en libxml2 v2.5.10, v2.6.16, v2.6.26, v2.6.27, y v2.6.32, y libxml v1.8.17, permite a atacantes dependientes de contexto producir una denegación de servicio (caída de aplicación) a través de una ,manipulación de (1) una notación o (2) tipos de atributo de enumeración en un fichero XML como se demostró en Codenomicon XML fuzzing framework. • http://googlechromereleases.blogspot.com/2009/08/stable-update-security-fixes.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html http://lists.apple.com/archives/security-announce/2009/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2010/Jun/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html http://secunia.com/advisories/35036 http://secunia.com/advisories/36207 http://secunia.com/advisories/36338 http://secunia • CWE-416: Use After Free •