CVE-2009-4670 (roomphplanning)
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.
Bringing security awareness to the masses
Search this site
Categories
Recommended Sites
Pages
US-CERT Vulnerability Notes
- VU#204055: Blackboard Transact database credentials disclosure
- VU#707943: Microsoft Windows based applications may insecurely load dynamic libraries
- VU#644319: Ghostscript Heap Corruption in TrueType bytecode interpreter
- VU#278785: DevonIT weak authentication and buffer overflow in /usr/bin/tm-console-bin
- VU#320233: Wyse ThinOS LPD service buffer overflow vulnerability
Cyber Security Alerts
Google Search
Blogroll
Under Construction