CVE-2009-0658

Public exploit
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
Max CVSS
9.3
EPSS Score
97.28%
Published
2009-02-20
Updated
2019-09-27

CVE-2009-0546

Public exploit
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file.
Max CVSS
9.3
EPSS Score
89.63%
Published
2009-02-12
Updated
2018-10-10

CVE-2009-0545

Public exploit
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
Max CVSS
10.0
EPSS Score
97.08%
Published
2009-02-12
Updated
2018-10-10

CVE-2009-0476

Public exploit
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
84.38%
Published
2009-02-08
Updated
2018-10-11

CVE-2009-0187

Public exploit
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
Max CVSS
9.3
EPSS Score
96.28%
Published
2009-02-26
Updated
2018-10-11

CVE-2009-0184

Public exploit
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
Max CVSS
9.3
EPSS Score
67.18%
Published
2009-02-03
Updated
2018-10-11

CVE-2009-0183

Public exploit
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
Max CVSS
10.0
EPSS Score
84.47%
Published
2009-02-03
Updated
2018-10-11

CVE-2009-0075

Public exploit
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
Max CVSS
9.3
EPSS Score
97.39%
Published
2009-02-10
Updated
2019-02-27

CVE-2008-6132

Public exploit
Eval injection vulnerability in reserve.php in phpScheduleIt 1.2.10 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary PHP code via the start_date parameter.
Max CVSS
6.8
EPSS Score
78.88%
Published
2009-02-13
Updated
2017-09-29

CVE-2008-6082

Public exploit
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
Max CVSS
5.0
EPSS Score
86.61%
Published
2009-02-06
Updated
2017-09-29
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and OOPS) by attempting to mount a crafted ext4 filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause a denial of service (OOPS) by arranging for crafted values to be present in available memory.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-02-27
Updated
2018-10-10
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.
Max CVSS
5.0
EPSS Score
2.84%
Published
2009-02-27
Updated
2018-10-10
Cross-site scripting (XSS) vulnerability in the edit account page in the Web Server in Cisco Unified MeetingPlace Web Conferencing 6.0 before 6.0(517.0) (aka 6.0 MR4) and 7.0 before 7.0(2) (aka 7.0 MR1) allows remote authenticated users to inject arbitrary web script or HTML via the E-mail Address field.
Max CVSS
3.5
EPSS Score
0.12%
Published
2009-02-27
Updated
2017-08-17
The username command in Cisco ACE Application Control Engine Module for Catalyst 6500 Switches and 7600 Routers and Cisco ACE 4710 Application Control Engine Appliance stores a cleartext password by default, which allows context-dependent attackers to obtain sensitive information.
Max CVSS
7.8
EPSS Score
0.12%
Published
2009-02-26
Updated
2009-02-27
SQL injection vulnerability in Login.asp in Craft Silicon Banking@Home 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the LoginName parameter.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-02-25
Updated
2018-10-10
SQL injection vulnerability in login.php in BlueBird Prelease allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-02-25
Updated
2017-09-29
SQL injection vulnerability in login.php in MyNews 0.10 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-02-25
Updated
2017-09-29
SQL injection vulnerability in login.php in Auth Php 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-02-25
Updated
2017-09-29
Multiple cross-site scripting (XSS) vulnerabilities in the web-based installer (config/index.php) in MediaWiki 1.6 before 1.6.12, 1.12 before 1.12.4, and 1.13 before 1.13.4, when the installer is in active use, allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
2.6
EPSS Score
0.31%
Published
2009-02-25
Updated
2009-10-14
Cross-site scripting (XSS) vulnerability in Pebble before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.14%
Published
2009-02-25
Updated
2012-11-08
Directory traversal vulnerability in lib/classes/message_class.php in Papoo CMS 3.6, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the pfadhier parameter. NOTE: some of these details are obtained from third party information.
Max CVSS
5.1
EPSS Score
0.73%
Published
2009-02-25
Updated
2017-09-29
Heap-based buffer overflow in MultimediaPlayer.exe 6.86.240.7 in Nokia PC Suite 6.86.9.3 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.
Max CVSS
9.3
EPSS Score
5.49%
Published
2009-02-25
Updated
2018-10-10
685 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!