CVE Daily
← All years

Uncategorized 2009

Page 3/15.

CVEs without a recognized CWE (not present in the CWE map or marked as N/A).

CVSS ≥ 0.0
2009-10-29
Critical

CVE-2009-3376

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which a…

CVSS: 9.3CWE: CWE-16
Read more
Medium

CVE-2009-3375

content/html/document/src/nsHTMLDocument.cpp in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allows user-assisted remote attackers to bypass the Same Origin Policy and read an arbitrary…

CVSS: 4.3CWE: CWE-264
Read more
High

CVE-2009-3374

The XPCVariant::VariantDataToJS function in the XPCOM implementation in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 does not enforce intended restrictions on interaction between chrome…

CVSS: 7.5CWE: CWE-264
Read more
Critical

CVE-2009-3372

Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC)…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2009-3371

Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript w…

CVSS: 10.0CWE: CWE-399
Read more
Medium

CVE-2009-3370

Mozilla Firefox before 3.0.15, and 3.5.x before 3.5.4, allows remote attackers to read form history by forging mouse and keyboard events that leverage the auto-fill feature to populate form fields, i…

CVSS: 5.0CWE: N/A
Read more
2009-10-28
Medium

CVE-2009-3641

Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-3639

The mod_tls module in ProFTPD before 1.3.2b, and 1.3.3 before 1.3.3rc2, when the dNSNameRequired TLS option is enabled, does not properly handle a '\0' character in a domain name in the Subject Alter…

CVSS: 5.8CWE: CWE-310
Read more
Critical

CVE-2009-3819

Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2009-3818

Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.

CVSS: 10.0CWE: N/A
Read more
2009-10-27
Critical

CVE-2009-3808

MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2009-3805

gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.

CVSS: 4.3CWE: N/A
Read more
2009-10-23
Medium

CVE-2009-3766

mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-…

CVSS: 6.8CWE: CWE-310
Read more
Medium

CVE-2009-3765

mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows ma…

CVSS: 6.8CWE: CWE-310
Read more
Medium

CVE-2009-3622

Algorithmic complexity vulnerability in wp-trackback.php in WordPress before 2.8.5 allows remote attackers to cause a denial of service (CPU consumption and server hang) via a long title parameter in…

CVSS: 4.3CWE: CWE-310
Read more
2009-10-22
Low

CVE-2009-3409

Unspecified vulnerability in the PeopleSoft Enterprise HCM (TAM) component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 9.0 Bundle 10 allows remote authenticated users to affect confi…

CVSS: 3.6CWE: N/A
Read more
Medium

CVE-2009-3408

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10 allows remote attackers to affect confidentiality, integrity, and availability via unkn…

CVSS: 5.1CWE: N/A
Read more
Medium

CVE-2009-3407

Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.2.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors, a different vulnerability than CV…

CVSS: 4.3CWE: N/A
Read more
Low

CVE-2009-3406

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.2.1 allows remote authenticated users to affect confidentiality via unkno…

CVSS: 2.7CWE: N/A
Read more
Medium

CVE-2009-3405

Unspecified vulnerability in the JD Edwards Tools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.98.1.4 allows remote authenticated users to affect integrity and availabilit…

CVSS: 4.1CWE: N/A
Read more
Medium

CVE-2009-3404

Unspecified vulnerability in the PeopleSoft PeopleTools & Enterprise Portal component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.23 allows remote authenticated users to affect…

CVSS: 4.0CWE: N/A
Read more
Critical

CVE-2009-3403

Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unkno…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2009-3402

Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality via unkno…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2009-3401

Unspecified vulnerability in the Oracle Applications Technology Stack component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows local users to affect confidentiality via unknown vecto…

CVSS: 1.7CWE: N/A
Read more
Medium

CVE-2009-3400

Unspecified vulnerability in the Oracle Advanced Benefits component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.1 allows remote authenticated users to affect confidentiality and integrity…

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2009-3399

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-3397

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 12.0.6 and 12.1.1 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-3396

Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-3395

Unspecified vulnerability in the AutoVue component in Oracle E-Business Suite 19.3.2 allows remote attackers to affect availability via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-3393

Unspecified vulnerability in the Oracle Application Object Library component in Oracle E-Business Suite 11.5.10.2 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-3392

Unspecified vulnerability in the Agile Engineering Data Management (EDM) component in Oracle E-Business Suite 6.1.0.0 allows remote attackers to affect confidentiality, integrity, and availability vi…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2009-2002

Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-2001

Unspecified vulnerability in the PL/SQL component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2009-2000

Unspecified vulnerability in the Authentication component in Oracle Database 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-1999

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in unspecified Oracle Application Server versions allows remote attackers to affect integrity via unknown vectors.

CVSS: 4.3CWE: N/A
Read more
Medium

CVE-2009-1998

Unspecified vulnerability in the Oracle Communications Order and Service Management component in Oracle Industry Applications 2.8.0, 6.2.0, 6.3.0, and 6.3.1 allows remote authenticated users to affec…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2009-1997

Unspecified vulnerability in the Authentication component in Oracle Database 10.2.0.3 and 11.1.0.7 allows remote attackers to affect confidentiality via unknown vectors.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-1995

Unspecified vulnerability in the Advanced Queuing component in Oracle Database 10.2.0.4 and 11.1.0.7 allows remote authenticated users to affect confidentiality and integrity, related to SYS.DBMS_AQ_…

CVSS: 4.9CWE: N/A
Read more
Medium

CVE-2009-1994

Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 allows remote authenticated users to affect confidentiality, integrity, and availability, related to MDSYS.PRVT_C…

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2009-1993

Unspecified vulnerability in the Application Express component in Oracle Database 3.0.1 allows remote authenticated users to affect confidentiality and integrity, related to FLOWS_030000.WWV_EXECUTE_…

CVSS: 5.5CWE: N/A
Read more
Critical

CVE-2009-1992

Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vec…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2009-1991

Unspecified vulnerability in the Oracle Text component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related…

CVSS: 3.6CWE: N/A
Read more
Low

CVE-2009-1990

Unspecified vulnerability in the Business Intelligence Enterprise Edition component in Oracle Application Server 10.1.3.4.1 allows local users to affect confidentiality via unknown vectors.

CVSS: 1.7CWE: N/A
Read more
Critical

CVE-2009-1985

Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and avail…

CVSS: 10.0CWE: N/A
Read more
Critical

CVE-2009-1979

Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown v…

CVSS: 10.0CWE: N/A
Read more
Low

CVE-2009-1972

Unspecified vulnerability in the Auditing component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote authenticated users to affect integrity, related to DBMS_SYS_…

CVSS: 2.1CWE: N/A
Read more
Low

CVE-2009-1971

Unspecified vulnerability in the Data Pump component in Oracle Database 10.1.0.5, 10.2.0.3, and 11.1.0.7 allows remote authenticated users to affect integrity via unknown vectors.

CVSS: 3.5CWE: N/A
Read more
Medium

CVE-2009-1965

Unspecified vulnerability in the Net Foundation Layer component in Oracle Database 9.2.0.8 and 10.1.0.5 allows remote attackers to affect confidentiality, integrity, and availability via unknown vect…

CVSS: 5.4CWE: N/A
Read more
Medium

CVE-2009-1964

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity via unknown vectors.

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2009-1018

Unspecified vulnerability in the Workspace Manager component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality and integrity, related to SYS.LTRIC (WMSYS.LTRIC).

CVSS: 5.5CWE: N/A
Read more
Medium

CVE-2009-1007

Unspecified vulnerability in the Data Mining component in Oracle Database 10.2.0.4 allows remote authenticated users to affect confidentiality, integrity, and availability, related to SYS.DMP_SYS.

CVSS: 6.5CWE: N/A
Read more
Medium

CVE-2009-3749

The Web Administrator service (STEMWADM.EXE) in Websense Personal Email Manager 7.1 before Hotfix 4 and Email Security 7.1 before Hotfix 4 allows remote attackers to cause a denial of service (crash)…

CVSS: 5.0CWE: N/A
Read more
Low

CVE-2009-3746

XScreenSaver in Sun Solaris 10, when the accessibility feature is enabled, allows physically proximate attackers to obtain sensitive information by reading popup windows, which are displayed even whe…

CVSS: 1.9CWE: CWE-16
Read more
High

CVE-2009-2943

The postgresql-ocaml bindings 1.5.4, 1.7.0, and 1.12.1 for PostgreSQL libpq do not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues inv…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2009-2942

The mysql-ocaml bindings 1.0.4 for MySQL do not properly support the mysql_real_escape_string function, which might allow remote attackers to leverage escaping issues involving multibyte character en…

CVSS: 7.5CWE: N/A
Read more
High

CVE-2009-2940

The pygresql module 3.8.1 and 4.0 for Python does not properly support the PQescapeStringConn function, which might allow remote attackers to leverage escaping issues involving multibyte character en…

CVSS: 7.5CWE: N/A
Read more
Low

CVE-2009-2911

SystemTap 1.0, when the --unprivileged option is used, does not properly restrict certain data sizes, which allows local users to (1) cause a denial of service or gain privileges via a print operatio…

CVSS: 1.9CWE: CWE-264
Read more
Medium

CVE-2009-3744

rep_serv.exe 6.3.1.3 in the server in EMC RepliStor allows remote attackers to cause a denial of service via a crafted packet to TCP port 7144.

CVSS: 5.0CWE: N/A
Read more
2009-10-21
Medium

CVE-2009-3609

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers t…

CVSS: 4.3CWE: CWE-189
Read more
Critical

CVE-2009-3608

Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow re…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-3607

Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-3606

Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted P…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-3604

The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2009-3603

Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that…

CVSS: 9.3CWE: CWE-189
Read more
2009-10-20
Medium

CVE-2009-3615

The OSCAR protocol plugin in libpurple in Pidgin before 2.6.3 and Adium before 1.3.7 allows remote attackers to cause a denial of service (application crash) via crafted contact-list data for (1) ICQ…

CVSS: 5.0CWE: CWE-399
Read more
High

CVE-2009-3296

Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buff…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2009-2909

Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a c…

CVSS: 4.9CWE: CWE-189
Read more
2009-10-19
Medium

CVE-2009-3462

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "f…

CVSS: 5.1CWE: N/A
Read more
Critical

CVE-2009-3461

Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.

CVSS: 9.3CWE: CWE-264
Read more
Critical

CVE-2009-3460

Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vec…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2009-2996

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vec…

CVSS: 9.3CWE: CWE-399
Read more
Medium

CVE-2009-2995

Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors.

CVSS: 4.3CWE: CWE-189
Read more
Critical

CVE-2009-2991

Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2009-2990

Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-2989

Integer overflow in Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2009-2987

Unspecified vulnerability in an ActiveX control in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Windows allows remote attackers to cause a denial of service via…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2009-2985

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vec…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2009-2984

Unspecified vulnerability in the image decoder in Adobe Acrobat 9.x before 9.2, and possibly 7.x through 7.1.4 and 8.x through 8.1.7, allows attackers to cause a denial of service or possibly execute…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2009-2983

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspe…

CVSS: 9.3CWE: CWE-399
Read more
Critical

CVE-2009-2982

An unspecified certificate in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow remote attackers to conduct a "social engineering attack" via unkno…

CVSS: 9.3CWE: CWE-310
Read more
Critical

CVE-2009-2980

Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified ve…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2009-2979

Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2009-3613

The swiotlb functionality in the r8169 driver in drivers/net/r8169.c in the Linux kernel before 2.6.27.22 allows remote attackers to cause a denial of service (IOMMU space exhaustion and system crash…

CVSS: 7.8CWE: CWE-399
Read more
Medium

CVE-2006-6404

INNOVATION Data Processing FDR/UPSTREAM 3.3.0 (GA Oct 2003) allows remote attackers to cause a denial of service (service outage) via a sequence of TCP SYN packets to many ports, as demonstrated usin…

CVSS: 5.0CWE: N/A
Read more
2009-10-16
Medium

CVE-2009-3704

ZoIPer 2.22, and possibly other versions before 2.24 Library 5324, allows remote attackers to cause a denial of service (crash) via a SIP INVITE request with an empty Call-Info header.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-3716

Unrestricted file upload vulnerability in admin.php in MCshoutbox 1.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it v…

CVSS: 6.5CWE: CWE-264
Read more
Critical

CVE-2009-3710

RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.

CVSS: 10.0CWE: CWE-255
Read more
Medium

CVE-2009-3706

Unspecified vulnerability in the ZFS filesystem in Sun Solaris 10, and OpenSolaris snv_100 through snv_117, allows local users to bypass intended limitations of the file_chown_self privilege via cert…

CVSS: 4.4CWE: N/A
Read more
High

CVE-2009-3282

Integer overflow in the vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 allows host OS users to cause a denial of service to the host OS via unspecified vectors.

CVSS: 7.8CWE: CWE-189
Read more
High

CVE-2009-3281

The vmx86 kernel extension in VMware Fusion before 2.0.6 build 196839 does not use correct file permissions, which allows host OS users to gain privileges on the host OS via unspecified vectors.

CVSS: 7.2CWE: CWE-264
Read more
High

CVE-2009-2874

The TimesTenD process in Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4) allows remote attackers to cause a denial of service (process crash) via a large number of TCP connection…

CVSS: 7.8CWE: N/A
Read more
2009-10-14
Medium

CVE-2009-3698

An unspecified function in the Dalvik API in Android 1.5 and earlier allows remote attackers to cause a denial of service (system process restart) via a crafted application, possibly a related issue…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2009-3126

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2009-2999

The com.android.phone process in Android 1.5 CRBxx allows remote attackers to cause a denial of service (application restart and network disconnection) via an SMS message containing a malformed WAP P…

CVSS: 4.3CWE: N/A
Read more
High

CVE-2009-2526

Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 do not properly validate fields in SMBv2 packets, which allows remote attackers to cause a denial of service (infinite loop and…

CVSS: 7.8CWE: CWE-399
Read more
High

CVE-2009-2524

Integer underflow in the NTLM authentication feature in the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, a…

CVSS: 7.8CWE: CWE-189
Read more
Critical

CVE-2009-2518

Integer overflow in GDI+ in Microsoft Office XP SP3 allows remote attackers to execute arbitrary code via an Office document with a bitmap (aka BMP) image that triggers memory corruption, aka "Office…

CVSS: 9.3CWE: CWE-189
Read more
Medium

CVE-2009-2517

The kernel in Microsoft Windows Server 2003 SP2 does not properly handle unspecified exceptions when an error condition occurs, which allows local users to cause a denial of service (reboot) via a cr…

CVSS: 4.9CWE: CWE-399
Read more
High

CVE-2009-2515

Integer underflow in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows local users to gain privileges via a craf…

CVSS: 7.2CWE: CWE-189
Read more
High

CVE-2009-2511

Integer overflow in the CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, an…

CVSS: 7.5CWE: CWE-189
Read more
Medium

CVE-2009-2510

The CryptoAPI component in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7, as used…

CVSS: 6.8CWE: CWE-310
Read more
Critical

CVE-2009-2507

A certain ActiveX control in the Indexing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly process URLs, which allows remote attackers to execute arbitrary…

CVSS: 9.3CWE: N/A
Read more
Critical

CVE-2009-2504

Multiple integer overflows in unspecified APIs in GDI+ in Microsoft .NET Framework 1.1 SP1, .NET Framework 2.0 SP1 and SP2, Windows XP SP2 and SP3, Windows Server 2003 SP2, Vista Gold and SP1, Server…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-2500

Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Office Project 2002 SP1, Visio 2002 SP…

CVSS: 9.3CWE: CWE-189
Read more
Critical

CVE-2009-0090

Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrar…

CVSS: 9.3CWE: CWE-264
Read more
2009-10-13
Medium

CVE-2009-3695

Algorithmic complexity vulnerability in the forms library in Django 1.0 before 1.0.4 and 1.1 before 1.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a crafted (1) Emai…

CVSS: 5.0CWE: N/A
Read more
High

CVE-2009-3692

Unspecified vulnerability in the VBoxNetAdpCtl configuration tool in Sun VirtualBox 3.0.x before 3.0.8 on Solaris x86, Linux, and Mac OS X allows local users to gain privileges via unknown vectors.

CVSS: 7.2CWE: N/A
Read more
Critical

CVE-2009-3691

Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with…

CVSS: 9.3CWE: CWE-189
Read more
High

CVE-2009-3602

Unbound before 1.3.4 does not properly verify signatures for NSEC3 records, which allows remote attackers to cause secure delegations to be downgraded via DNS spoofing or other DNS-related attacks in…

CVSS: 7.5CWE: CWE-310
Read more
Medium

CVE-2009-3588

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust…

CVSS: 4.3CWE: N/A
Read more
Critical

CVE-2009-3587

Unspecified vulnerability in the arclib component in the Anti-Virus engine in CA Anti-Virus for the Enterprise (formerly eTrust Antivirus) 7.1 through r8.1; Anti-Virus 2007 (v8) through 2009; eTrust…

CVSS: 9.3CWE: N/A
Read more
Medium

CVE-2009-2908

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified v…

CVSS: 4.9CWE: N/A
Read more
2009-10-11
Medium

CVE-2009-3662

FileCopa FTP Server 5.01 allows remote attackers to cause a denial of service (server hang) via a large number of crafted NOOP commands.

CVSS: 5.0CWE: N/A
Read more
2009-10-09
Medium

CVE-2009-3655

Rhino Software Serv-U 7.0.0.1 through 8.2.0.3 allows remote attackers to cause a denial of service (server crash) via unspecified vectors related to the "SITE SET TRANSFERPROGRESS ON" FTP command.

CVSS: 5.0CWE: N/A
Read more
Medium

CVE-2009-3654

Unspecified vulnerability in Boost before 6.x-1.03, a module for Drupal, allows remote attackers to create new webroot directories via unknown attack vectors.

CVSS: 6.4CWE: N/A
Read more
Medium

CVE-2009-3643

Dxmsoft XM Easy Personal FTP Server 5.8.0 allows remote attackers to cause a denial of service via a long argument to the (1) LIST and (2) NLST commands, a differnt issue than CVE-2008-5626 and CVE-2…

CVSS: 5.0CWE: N/A
Read more
2009-10-08
High

CVE-2009-3596

JoxTechnology Ajox Poll does not properly restrict access to admin/managepoll.php, which allows remote attackers to bypass authentication and gain administrative access via a direct request.

CVSS: 7.5CWE: CWE-264
Read more
Medium

CVE-2009-3589

incron 0.5.5 does not initialize supplementary groups when running a process from a user's incrontabs, which causes the process to be run with the incrond supplementary groups and allows local users…

CVSS: 4.6CWE: CWE-264
Read more
2009-10-07
Critical

CVE-2009-3575

Buffer overflow in DHTRoutingTableDeserializer.cc in aria2 0.15.3, 1.2.0, and other versions allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unkno…

CVSS: 10.0CWE: N/A
Read more
2009-10-06
Critical

CVE-2009-3573

Multiple insecure method vulnerabilities in the PDIControl.PDI.1 ActiveX control (PDIControl.dll) 2.2.3160.0 in EMC Captiva PixTools Distributed Imaging 2.2 allow remote attackers to create or overwr…

CVSS: 9.3CWE: N/A
Read more
>