CVE-2009-0334
published 2009-01-29CVE-2009-0334: SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.99%
58.2th percentile
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the day parameter in an archive action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| katywhitton | blogit_! | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-0114 flash-plugin: Adobe Flash Player settings manager display page update
bugzilla·2009-02-24·CVSS 5.8
CVE-2009-0114 [MEDIUM] CVE-2009-0114 flash-plugin: Adobe Flash Player settings manager display page update
CVE-2009-0114 flash-plugin: Adobe Flash Player settings manager display page update
An update to the Flash Player settings manager display page on Adobe.com
has been deployed to avoid a potential Clickjacking issue variant for
Flash Player. The Settings Manager is a special control panel that runs
on your local computer but is displayed within and accessed from the
Adobe website.
Discussion:
This issue now public:
http://www.adobe.com/support/security/bulletins/apsb09-01.html
---
This was fixed via:
http://rhn.redhat.com/errata/RHSA-2009-0334.html
in Red Hat Enterprise Linux 3 and 4.
Bugzilla
CVE-2009-0519 flash-plugin: Input validation flaw (DoS)
bugzilla·2009-02-24·CVSS 9.3
CVE-2009-0519 [CRITICAL] CVE-2009-0519 flash-plugin: Input validation flaw (DoS)
CVE-2009-0519 flash-plugin: Input validation flaw (DoS)
An input validation flaw was found in the Adobe Flash Player for Linux 10.0.12.36, that could allow the attacker to cause a denial of service.
Discussion:
This issue now public:
http://www.adobe.com/support/security/bulletins/apsb09-01.html
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2009-0332.html
http://rhn.redhat.com/errata/RHSA-2009-0334.html
Bugzilla
CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.
bugzilla·2009-02-24·CVSS 9.3
CVE-2009-0520 [CRITICAL] CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.
CVE-2009-0520 flash-plugin: Buffer overflow (arbitrary code execution) via crafted SWF file.
A buffer overflow flaw was found in the Adobe Flash Player for Linux 10.0.12.36
that could allow attacker to execute arbitrary code on the user's
system when crafted SWF file was opened by a victim.
Discussion:
This issue now public:
http://www.adobe.com/support/security/bulletins/apsb09-01.html
---
This issue was addressed in:
Red Hat Enterprise Linux Extras:
http://rhn.redhat.com/errata/RHSA-2009-0332.html
http://rhn.redhat.com/errata/RHSA-2009-0334.html
http://secunia.com/advisories/33572http://www.securityfocus.com/bid/33325https://exchange.xforce.ibmcloud.com/vulnerabilities/48074https://www.exploit-db.com/exploits/7806http://secunia.com/advisories/33572http://www.securityfocus.com/bid/33325https://exchange.xforce.ibmcloud.com/vulnerabilities/48074https://www.exploit-db.com/exploits/7806
2009-01-29
Published