CVE-2009-0377
published 2009-02-02CVE-2009-0377: SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands…
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.99%
58.0th percentile
SQL injection vulnerability in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mpid parameter in a sign action to index.php, a different vector than CVE-2008-3132.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomla | com_beamospetition | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-0793 lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles
bugzilla·2009-03-26·CVSS 4.3
CVE-2009-0793 [MEDIUM] CVE-2009-0793 lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles
CVE-2009-0793 lcms: Null pointer dereference (DoS) by handling transformations of monochrome profiles
A null pointer dereference flaw was found in LittleCMS by handling
transformations of monochrome profiles. An attacker could use this
flaw to create a specially-crafted image, which could cause an
application using LittleCMS to crash, leading to a denial of service.
Discussion:
This issue has been addressed in the java-1.6.0-openjdk in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
---
java-1.6.0-openjdk-1.6.0.0-0.25.b09.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
---
java-1.6.0-openjdk-1.6.0.0-15.b14.fc10 has been pushed to the Fedo
Bugzilla
CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
bugzilla·2009-03-13·CVSS 5.0
CVE-2009-1101 [MEDIUM] CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
CVE-2009-1101 OpenJDK JAX-WS service endpoint remote Denial-of-Service (6630639)
Unspecified vulnerability in the lightweight HTTP server
implementation in Java SE Development Kit (JDK) and Java Runtime
Environment (JRE) 6 Update 12 and earlier allows remote attackers to
cause a denial of service (probably resource consumption) for a JAX-WS
service endpoint via a connection without any data, which triggers a
file descriptor "leak."
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
---
This i
Bugzilla
CVE-2009-1097 OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
bugzilla·2009-03-13·CVSS 9.3
CVE-2009-1097 [CRITICAL] CVE-2009-1097 OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
CVE-2009-1097 OpenJDK: PNG and GIF processing buffer overflow vulnerabilities (6804996, 6804997)
Multiple buffer overflows in Java SE Development Kit (JDK) and Java
Runtime Environment (JRE) 6 Update 12 and earlier allow remote
attackers to access files or execute arbitrary code via a crafted (1)
PNG image, aka CR 6804996, and (2) GIF image, aka CR 6804997.
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
---
This issue has been addressed in following products:
Extras for RHEL 4
Extras for
Bugzilla
CVE-2009-1102 OpenJDK code generation vulnerability (6636360)
bugzilla·2009-03-13·CVSS 6.4
CVE-2009-1102 [MEDIUM] CVE-2009-1102 OpenJDK code generation vulnerability (6636360)
CVE-2009-1102 OpenJDK code generation vulnerability (6636360)
Unspecified vulnerability in the Virtual Machine in Java SE
Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12
and earlier allows remote attackers to access files and execute
arbitrary code via unknown vectors related to "code generation."
Discussion:
This issue has been addressed in following products:
Extras for RHEL 4
Extras for Red Hat Enterprise Linux 5
Via RHSA-2009:0392 https://rhn.redhat.com/errata/RHSA-2009-0392.html
---
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2009:0377 https://rhn.redhat.com/errata/RHSA-2009-0377.html
2009-02-02
Published