CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2009-4929

HIGH
7.5
CVSS Severity Score
EPSS Score0.1660%
EPSS Percentile26.72th
Published2010年7月12日
Last Modified2026年4月29日

Vulnerability Description

admin/manage_users.php in TotalCalendar 2.4 does not require administrative authentication, which allows remote attackers to change arbitrary passwords via the newPW1 and newPW2 parameters.

Affected Platforms (CPE)

📦
Sweetphp

Totalcalender

= 2.4

References & Advisories

🔗 http://secunia.com/advisories/34824
🔗 http://www.exploit-db.com/exploits/8496
🔗 http://www.securityfocus.com/bid/34619
🔗 http://secunia.com/advisories/34824
🔗 http://www.exploit-db.com/exploits/8496
🔗 http://www.securityfocus.com/bid/34619

相關漏洞威脅

CVE-2009-414310.0

PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt ...

CVE-2009-142910.0

The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); S...

CVE-2009-427310.0

stap-server in SystemTap before 1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in stap command...

CVE-2009-129110.0

Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterp...