CVE-2009-1670
published 2009-05-18CVE-2009-1670: user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE…
PriorityP345high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.87%
93.2th percentile
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tcpdb | tcpdb | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g5m3-763q-hx98: user/index
ghsa_unreviewed·2022-05-02
CVE-2009-1670 [HIGH] CWE-287 GHSA-g5m3-763q-hx98: user/index
user/index.php in TCPDB 3.8 does not require administrative authentication, which allows remote attackers to add admin accounts via unspecified vectors. NOTE: some of these details are obtained from third party information.
Red Hat
kernel: nfsv4: kernel panic in nfs4_proc_lock()
vendor_redhat·2008-10-22·CVSS 7.8
CVE-2009-3726 [HIGH] CWE-662 kernel: nfsv4: kernel panic in nfs4_proc_lock()
kernel: nfsv4: kernel panic in nfs4_proc_lock()
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Statement: The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not have support for NFSv4, and therefore is not affected by this issue. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0474.html, https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/54282http://secunia.com/advisories/34966http://www.securityfocus.com/bid/34866https://exchange.xforce.ibmcloud.com/vulnerabilities/50371https://www.exploit-db.com/exploits/8626http://osvdb.org/54282http://secunia.com/advisories/34966http://www.securityfocus.com/bid/34866https://exchange.xforce.ibmcloud.com/vulnerabilities/50371https://www.exploit-db.com/exploits/8626
2009-05-18
Published