main/rtp.c in Asterisk Open Source 1.6.1 before 1.6.1.2 allows remote attackers to cause a denial of service (crash) via an RTP text frame without a certain delimiter, which triggers a NULL pointer dereference and the subsequent calculation of an invalid pointer.
Max CVSS
5.0
EPSS Score
9.19%
Published
2009-07-30
Updated
2017-08-17

CVE-2009-2650

Public exploit
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
Max CVSS
9.3
EPSS Score
96.39%
Published
2009-07-30
Updated
2017-09-19
The IATA (ata) driver in FreeBSD 6.0 and 8.0, when read access to /dev is available, allows local users to cause a denial of service (kernel panic) via a certain IOCTL request with a large count, which triggers a malloc call with a large value.
Max CVSS
4.7
EPSS Score
0.04%
Published
2009-07-30
Updated
2017-10-19
FlashDen Guestbook allows remote attackers to obtain configuration information via a direct request to amfphp/phpinfo.php, which calls the phpinfo function.
Max CVSS
5.0
EPSS Score
0.31%
Published
2009-07-30
Updated
2017-08-17
Unspecified vulnerability in Kaspersky Anti-Virus 2010 and Kaspersky Internet Security 2010 before Critical Fix 9.0.0.463 allows remote attackers to disable the Kaspersky application via unknown attack vectors unrelated to "an external script."
Max CVSS
5.0
EPSS Score
1.82%
Published
2009-07-30
Updated
2017-08-17
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.6 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
Max CVSS
9.3
EPSS Score
0.09%
Published
2009-07-30
Updated
2009-08-06
Race condition in the Solaris Auditing subsystem in Sun Solaris 9 and 10 and OpenSolaris before snv_121, when extended file attributes are used, allows local users to cause a denial of service (panic) via vectors related to "pathnames for invalid fds."
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-07-29
Updated
2017-09-19
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 5.0 and BlackBerry Professional Software 4.1.4 allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246 and CVE-2009-0219.
Max CVSS
9.3
EPSS Score
4.82%
Published
2009-07-28
Updated
2017-08-17
index.php in Desi Short URL Script 1.0 allows remote attackers to bypass authentication by setting the logged cookie to 1 and the uid cookie to an integer value, as demonstrated by a value of 13.
Max CVSS
7.5
EPSS Score
0.93%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in app_and_readme/navigator/index.php in School Data Navigator allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.
Max CVSS
6.8
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
Multiple SQL injection vulnerabilities in cgi/admin.cgi in Interlogy Profile Manager Basic allow remote attackers to execute arbitrary SQL commands via a pmadm cookie in (1) an edittemp action or (2) a users action.
Max CVSS
7.5
EPSS Score
0.16%
Published
2009-07-28
Updated
2018-01-11
SQL injection vulnerability in admin.php in MRCGIGUY The Ticket System 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewticket action.
Max CVSS
7.5
EPSS Score
0.11%
Published
2009-07-28
Updated
2017-09-19
SQL injection vulnerability in the AkoBook (com_akobook) component 2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gbid parameter in a reply action to index.php.
Max CVSS
7.5
EPSS Score
0.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
Cross-site scripting (XSS) vulnerability in the Integration page in the WebMail component in Kerio MailServer 6.6.0, 6.6.1, 6.6.2, and 6.7.0 allows remote attackers to inject arbitrary web script or HTML via an e-mail message.
Max CVSS
4.3
EPSS Score
0.17%
Published
2009-07-28
Updated
2009-07-29
PHP remote file inclusion vulnerability in toolbar_ext.php in the RealEstateManager (com_realestatemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the MediaLibrary (com_media_library) component 1.5.3 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
PHP remote file inclusion vulnerability in toolbar_ext.php in the VehicleManager (com_vehiclemanager) component 1.0 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
Max CVSS
7.5
EPSS Score
1.07%
Published
2009-07-28
Updated
2017-09-19
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version," or (4) "missing or invalid status number," related to (a) HttpMsg.cc and (b) HttpReply.cc.
Max CVSS
5.0
EPSS Score
94.72%
Published
2009-07-28
Updated
2009-08-12
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header size, related to (a) HttpMsg.cc and (b) client_side.cc.
Max CVSS
5.0
EPSS Score
9.52%
Published
2009-07-28
Updated
2009-08-12
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.
Max CVSS
5.0
EPSS Score
54.09%
Published
2009-07-29
Updated
2017-09-19
SQL injection vulnerability in login.asp in DataCheck Solutions V-SpacePal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.12%
Published
2009-07-27
Updated
2009-07-27
SQL injection vulnerability in the Surveys (aka NS-Polls) module in MDPro (MD-Pro) 1.083.x allows remote attackers to execute arbitrary SQL commands via the pollID parameter in a results action to modules.php.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-07-27
Updated
2017-09-19
Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.
Max CVSS
9.3
EPSS Score
2.02%
Published
2009-07-27
Updated
2009-07-27
SQL injection vulnerability in z_admin_login.asp in DataCheck Solutions SitePal 1.x allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.10%
Published
2009-07-27
Updated
2009-07-27
446 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!