CVE-2009-0739
published 2009-02-25CVE-2009-0739: SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.08%
61.0th percentile
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| frankmancuso | mynews | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hj7x-q95g-w7pw: SQL injection vulnerability in login
ghsa_unreviewed·2022-05-02
CVE-2009-0739 [HIGH] CWE-89 GHSA-hj7x-q95g-w7pw: SQL injection vulnerability in login
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Red Hat
texlive: Integer overflow by processing special commands
vendor_redhat·2010-05-03·CVSS 6.8
CVE-2010-1440 [MEDIUM] CWE-190 texlive: Integer overflow by processing special commands
texlive: Integer overflow by processing special commands
Multiple integer overflows in dvipsk/dospecial.c in dvips in TeX Live 2009 and earlier, and teTeX, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a special command in a DVI file, related to the (1) predospecial and (2) bbdospecial functions, a different vulnerability than CVE-2010-0739.
No detection rules found.
No writeups or analysis indexed.
2009-02-25
Published