CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2009(Overflow)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-4501 119 DoS Overflow 2009-12-31 2010-01-01
5.0
None Remote Low Not required None None Partial
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
2 CVE-2009-4500 119 DoS Overflow 2009-12-31 2010-01-12
5.0
None Remote Low Not required None None Partial
The process_trap function in trapper/trapper.c in Zabbix Server before 1.6.6 allows remote attackers to cause a denial of service (crash) via a crafted request with data that lacks an expected : (colon) separator, which triggers a NULL pointer dereference.
3 CVE-2009-4484 119 1 DoS Exec Code Overflow Mem. Corr. 2009-12-30 2010-03-26
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
4 CVE-2009-4482 119 Exec Code Overflow 2009-12-30 2010-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by the vd_tversity module in VulnDisco Pack Professional 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
5 CVE-2009-4480 119 Exec Code Overflow 2009-12-30 2009-12-31
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
6 CVE-2009-4476 119 Exec Code Overflow 2009-12-30 2010-01-06
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information.
7 CVE-2009-4462 119 Exec Code Overflow 2009-12-30 2011-02-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
8 CVE-2009-4420 119 DoS Overflow 2009-12-24 2009-12-31
7.8
None Remote Low Not required None None Complete
Buffer overflow in the bd daemon in F5 Networks BIG-IP Application Security Manager (ASM) 9.4.4 through 9.4.7 and 10.0.0 through 10.0.1, and Protocol Security Manager (PSM) 9.4.5 through 9.4.7 and 10.0.0 through 10.0.1, allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: some of these details are obtained from third party information.
9 CVE-2009-4413 189 1 DoS Overflow 2009-12-24 2010-02-26
5.0
None Remote Low Not required None None Partial
The httpClientDiscardBody function in client.c in Polipo 0.9.8, 0.9.12, 1.0.4, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a request with a large Content-Length value, which triggers an integer overflow, a signed-to-unsigned conversion error with a negative value, and a segmentation fault.
10 CVE-2009-4376 119 DoS Exec Code Overflow 2009-12-21 2013-11-02
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
11 CVE-2009-4362 119 DoS Overflow +Priv 2009-12-21 2009-12-22
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in qosmod in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via long string arguments. NOTE: some of these details are obtained from third party information.
12 CVE-2009-4361 119 DoS Overflow +Priv 2009-12-21 2009-12-22
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in qoslist in IBM AIX 6.1 allow local users to cause a denial of service (application crash) or possibly gain privileges via a long string argument. NOTE: some of these details are obtained from third party information.
13 CVE-2009-4356 189 1 Exec Code Overflow 2009-12-18 2012-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.
14 CVE-2009-4313 119 DoS Exec Code Overflow 2009-12-12 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
ir32_32.dll 3.24.15.3 in the Indeo32 codec in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to cause a denial of service (heap corruption) or execute arbitrary code via malformed data in a stream in a media file, as demonstrated by an AVI file.
15 CVE-2009-4310 119 Exec Code Overflow 2009-12-12 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via crafted compressed video data in an IV41 stream in a media file, leading to many loop iterations, as demonstrated by data in an AVI file.
16 CVE-2009-4309 119 Exec Code Overflow 2009-12-12 2011-07-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Intel Indeo41 codec for Windows Media Player in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a large size value in a movi record in an IV41 stream in a media file, as demonstrated by an AVI file.
17 CVE-2009-4292 119 Exec Code Overflow 2009-12-10 2010-12-22
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the URL filtering function in Internet Initiative Japan SEIL/X1, SEIL/X2, and SEIL/B1 firmware 2.40 through 2.51 allows remote attackers to execute arbitrary code via unspecified vectors.
18 CVE-2009-4270 119 DoS Exec Code Overflow 2009-12-21 2010-09-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported for debug logging code in gdevcups.c in the CUPS output driver.
19 CVE-2009-4265 119 Exec Code Overflow 2009-12-10 2009-12-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Ideal Administration 2009 9.7.1, and possibly other versions, allows remote attackers to execute arbitrary code via a long Computer value in an .ipj project file.
20 CVE-2009-4251 119 Exec Code Overflow 2009-12-09 2009-12-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Jasc Paint Shop Pro 8.10 (aka Corel Paint Shop Pro) allows user-assisted remote attackers to execute arbitrary code via a crafted PNG file. NOTE: this might be the same issue as CVE-2007-2366.
21 CVE-2009-4240 119 Overflow 2009-12-09 2010-12-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in unspecified setuid executables in the DataStage subsystem in IBM InfoSphere Information Server 8.1 before FP1 have unknown impact and attack vectors.
22 CVE-2009-4230 119 Exec Code Overflow 2009-12-08 2011-01-04
7.5
None Remote Low Not required Partial Partial Partial
Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the (1) RGN::run, (2) JTLS::run, or (3) SHD::run function. NOTE: some of these details are obtained from third party information.
23 CVE-2009-4227 119 Exec Code Overflow 2009-12-08 2011-01-20
6.8
None Remote Medium Not required Partial Partial Partial
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code via a long string in a malformed .fig file that uses the 1.3 file format. NOTE: some of these details are obtained from third party information.
24 CVE-2009-4225 119 1 Exec Code Overflow 2009-12-08 2011-01-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the PestPatrol ActiveX control (ppctl.dll) 5.6.7.9 in CA eTrust PestPatrol allows remote attackers to execute arbitrary code via a long argument to the Initialize method.
25 CVE-2009-4219 119 Exec Code Overflow 2009-12-07 2009-12-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information.
26 CVE-2009-4201 119 Exec Code Overflow 2009-12-04 2009-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field.
27 CVE-2009-4195 119 Exec Code Overflow 2009-12-04 2010-01-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
28 CVE-2009-4186 119 1 DoS Overflow 2009-12-03 2009-12-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property.
29 CVE-2009-4181 119 Exec Code Overflow 2009-12-10 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ovwebsnmpsrv.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via vectors involving the sel and arg parameters to jovgraph.exe.
30 CVE-2009-4180 119 Exec Code Overflow 2009-12-10 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.
31 CVE-2009-4179 119 Exec Code Overflow 2009-12-10 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ovalarm.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Accept-Language header in an OVABverbose action.
32 CVE-2009-4178 119 Exec Code Overflow 2009-12-10 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in OvWebHelp.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Topic parameter.
33 CVE-2009-4177 119 Exec Code Overflow 2009-12-10 2009-12-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in webappmon.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long HTTP Host header.
34 CVE-2009-4176 119 Exec Code Overflow 2009-12-10 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in ovsessionmgr.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter to ovlogin.exe.
35 CVE-2009-4171 119 DoS Overflow 2009-12-02 2009-12-04
4.3
None Remote Medium Not required None None Partial
An ActiveX control in YahooBridgeLib.dll for Yahoo! Messenger 9.0.0.2162, and possibly other 9.0 versions, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) by calling the RegisterMe method with a long argument.
36 CVE-2009-4124 119 Exec Code Overflow 2009-12-11 2009-12-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the rb_str_justify function in string.c in Ruby 1.9.1 before 1.9.1-p376 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving (1) String#ljust, (2) String#center, or (3) String#rjust. NOTE: some of these details are obtained from third party information.
37 CVE-2009-4117 119 DoS Exec Code Overflow 2009-11-30 2012-10-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in pdf_shade4.c in MuPDF before commit 20091125231942, as used in SumatraPDF before 1.0.1, allow remote attackers to cause a denial of service and possibly execute arbitrary code via a /Decode array for certain types of shading that are not properly handled by the (1) pdf_loadtype4shade, (2) pdf_loadtype5shade, (3) pdf_loadtype6shade, and (4) pdf_loadtype7shade functions. NOTE: some of these details are obtained from third party information.
38 CVE-2009-4108 119 DoS Overflow 2009-11-29 2009-12-01
4.0
None Remote Low Single system None None Partial
XM Easy Personal FTP Server 5.8.0 allows remote authenticated users to cause a denial of service (crash) by uploading or creating a large number of files or directories, then performing a LIST command.
39 CVE-2009-4107 119 1 Exec Code Overflow 2009-11-29 2009-11-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string.
40 CVE-2009-4103 119 DoS Exec Code Overflow 2009-11-29 2009-11-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
41 CVE-2009-4097 119 2 Exec Code Overflow 2009-11-29 2009-12-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information.
42 CVE-2009-4049 119 DoS Overflow +Priv Mem. Corr. 2009-11-23 2009-11-24
7.2
None Local Low Not required Complete Complete Complete
Heap-based buffer overflow in aswRdr.sys (aka the TDI RDR driver) in avast! Home and Professional 4.8.1356.0 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted arguments to IOCTL 0x80002024.
43 CVE-2009-4035 94 Exec Code Overflow 2009-12-21 2010-08-21
9.3
None Remote Medium Not required Complete Complete Complete
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
44 CVE-2009-4020 119 Overflow 2009-12-04 2012-03-19
7.8
None Remote Low Not required None None Complete
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
45 CVE-2009-4006 119 Exec Code Overflow 2009-11-20 2010-08-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string.
46 CVE-2009-4005 119 Overflow 2009-11-19 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
47 CVE-2009-4004 119 DoS Overflow +Priv Mem. Corr. 2009-11-19 2012-03-19
7.2
None Local Low Not required Complete Complete Complete
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks.
48 CVE-2009-3997 189 Exec Code Overflow 2009-12-18 2012-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57 might allow remote attackers to execute arbitrary code via an Oktalyzer file that triggers a heap-based buffer overflow.
49 CVE-2009-3996 119 Exec Code Overflow 2009-12-18 2011-01-06
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via an Ultratracker file.
50 CVE-2009-3995 119 Exec Code Overflow 2009-12-18 2010-08-20
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in IN_MOD.DLL (aka the Module Decoder Plug-in) in Winamp before 5.57, and libmikmod 3.1.12, might allow remote attackers to execute arbitrary code via (1) crafted samples or (2) crafted instrument definitions in an Impulse Tracker file. NOTE: some of these details are obtained from third party information.
Total number of vulnerabilities : 700   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.