CVE-2009-3514
published 2009-10-01CVE-2009-3514: Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow…
PriorityP336medium6.5CVSS 2.0
AVNACLAuSCPIPAP
EXPLOIT
EPSS
0.84%
53.2th percentile
Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2009-1415 gnutls: Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1]
bugzilla·2009-04-30·CVSS 4.3
CVE-2009-1415 [MEDIUM] CVE-2009-1415 gnutls: Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1]
CVE-2009-1415 gnutls: Double free and free of invalid pointer on certain errors [GNUTLS-SA-2009-1]
Quoting upstream security advisory:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3515
Miroslav Kratochvil reported that he was able to crash libgnutls
when experimenting with (corrupt) DSA keys. The client crashes when
verifying invalid DSA signatures provided by the remote server when
using a DSA ciphersuite. The code that crashes is also used for
verifying DSA signatures in X.509 Certificates, and for verifying
RSA/DSA signatures in OpenPGP keys.
Only GnuTLS 2.6.x is affected. GnuTLS 2.4.x and earlier did not
contain the buggy code.
Fixed upstream in 2.6.6:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
Discussion:
This issue did not affect ver
Bugzilla
CVE-2009-1416 gnutls: All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2]
bugzilla·2009-04-30·CVSS 7.5
CVE-2009-1416 [HIGH] CVE-2009-1416 gnutls: All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2]
CVE-2009-1416 gnutls: All DSA keys generated using GnuTLS 2.6.x are corrupt [GNUTLS-SA-2009-2]
Quoting upstream security advisory:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3516
When investigating the DSA problems reported by Miroslav Kratochvil,
Simon Josefsson discovered that all DSA keys generated by
GnuTLS 2.6.x are corrupt. Rather than generating a DSA key, GnuTLS
will generate a RSA key and store it in a DSA structure.
GnuTLS 2.4.x and earlier did not contain the buggy code.
Fixed upstream in 2.6.6:
http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3514
Discussion:
This issue did not affect versions of gnutls shipped in Red Hat Enterprise Linux 4 and 5, and Fedora up to version 10, as they are based on upstream versions prior to 2.6. gnutls 2
2009-10-01
Published