Stack-based buffer overflow in WFTPSRV.exe in WinFTP 2.3.0 allows remote authenticated users to execute arbitrary code via a long LIST argument beginning with an * (asterisk) character.
Max CVSS
9.0
EPSS Score
32.04%
Published
2009-01-29
Updated
2017-09-29
Stack-based buffer overflow in Merak Media Player 3.2 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file, related to the status bar icon's tooltip. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
4.05%
Published
2009-01-29
Updated
2017-09-29
Stack-based buffer overflow in FTPShell Server 4.3 allows user-assisted remote attackers to cause a denial of service (persistent daemon crash) and possibly execute arbitrary code via a long string in a licensing key (aka .key) file.
Max CVSS
9.3
EPSS Score
3.69%
Published
2009-01-29
Updated
2017-09-29
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6648082, a different vulnerability than CVE-2007-5717.
Max CVSS
10.0
EPSS Score
1.04%
Published
2009-01-29
Updated
2018-10-30
Unspecified vulnerability in the Embedded Lights Out Manager (ELOM) on the Sun Fire X2100 M2 and X2200 M2 x86 platforms before SP/BMC firmware 3.20 allows remote attackers to obtain privileged ELOM login access or execute arbitrary Service Processor (SP) commands via unknown vectors, aka Bug ID 6633175, a different vulnerability than CVE-2007-5717.
Max CVSS
10.0
EPSS Score
1.04%
Published
2009-01-29
Updated
2018-10-30
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
Max CVSS
9.3
EPSS Score
15.98%
Published
2009-01-29
Updated
2018-10-11

CVE-2009-0323

Public exploit
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0 and 11.0 allow remote attackers to execute arbitrary code via (1) a long type parameter in an input tag, which is not properly handled by the EndOfXmlAttributeValue function; (2) an "HTML GI" in a start tag, which is not properly handled by the ProcessStartGI function; and unspecified vectors in (3) html2thot.c and (4) xml2thot.c, related to the msgBuffer variable. NOTE: these are different vectors than CVE-2008-6005.
Max CVSS
10.0
EPSS Score
95.84%
Published
2009-01-28
Updated
2018-10-11
The Backbone service (ftbackbone.exe) in EMC AutoStart before 5.3 SP2 allows remote attackers to execute arbitrary code via a packet with a crafted value that is dereferenced as a function pointer.
Max CVSS
10.0
EPSS Score
22.71%
Published
2009-01-27
Updated
2018-10-11
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
Max CVSS
9.3
EPSS Score
15.85%
Published
2009-01-27
Updated
2017-09-29
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Probe Request packet with a long SSID, possibly related to an integer signedness error.
Max CVSS
9.3
EPSS Score
3.95%
Published
2009-01-27
Updated
2018-10-30
Stack-based buffer overflow in PXEService.exe in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier allows remote attackers to execute arbitrary code via a large PXE protocol request in a UDP packet.
Max CVSS
10.0
EPSS Score
28.82%
Published
2009-01-26
Updated
2018-10-11
Stack-based buffer overflow in Triologic Media Player 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3l playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
9.3
EPSS Score
0.08%
Published
2009-01-26
Updated
2009-01-26
Buffer overflow in the Registry Setting Tool in Fujitsu SystemcastWizard Lite 2.0A, 2.0, 1.9, and earlier has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.37%
Published
2009-01-26
Updated
2017-08-08
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
Max CVSS
10.0
EPSS Score
90.84%
Published
2009-01-23
Updated
2017-10-19
Stack-based buffer overflow in Triologic Media Player 7 and 8.0.0.0 allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
2.57%
Published
2009-01-23
Updated
2017-10-19
Stack-based buffer overflow in EffectMatrix Total Video Player 1.31 allows user-assisted attackers to execute arbitrary code via a Skins\DefaultSkin\DefaultSkin.ini file with a large ColumnHeaderSpan value.
Max CVSS
9.3
EPSS Score
0.42%
Published
2009-01-23
Updated
2017-09-29
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
Max CVSS
9.3
EPSS Score
2.42%
Published
2009-01-22
Updated
2017-09-29
The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.
Max CVSS
10.0
EPSS Score
1.14%
Published
2009-01-22
Updated
2017-08-08
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Flexible Image Transport System (FITS) file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
0.54%
Published
2009-01-22
Updated
2011-03-08
Stack-based buffer overflow in easyHDR PRO 1.60.2 allows user-assisted attackers to execute arbitrary code via an invalid Radiance RGBE (aka .hdr) file.
Max CVSS
9.3
EPSS Score
0.52%
Published
2009-01-22
Updated
2018-10-11
The PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 performs delete operations on uninitialized pointers, which allows user-assisted remote attackers to execute arbitrary code via a crafted data stream in a .pdf file.
Max CVSS
9.3
EPSS Score
6.76%
Published
2009-01-21
Updated
2009-02-05
Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.
Max CVSS
9.3
EPSS Score
0.54%
Published
2009-01-20
Updated
2022-04-22
Buffer overflow in VUPlayer allows user-assisted attackers to have an unknown impact via a long file, as demonstrated by a file composed entirely of 'A' characters.
Max CVSS
9.3
EPSS Score
0.14%
Published
2009-01-20
Updated
2018-10-11
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.45%
Published
2009-01-20
Updated
2017-08-08
Multiple heap-based buffer overflows in the PDF distiller in the Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.1.3 through 4.1.6, BlackBerry Professional Software 4.1.4, and BlackBerry Unite! before 1.0.3 bundle 28 allow user-assisted remote attackers to execute arbitrary code via (1) a crafted stream in a .pdf file, related to "symWidths"; or (2) a crafted data stream in a .pdf file, related to "bitmaps."
Max CVSS
9.3
EPSS Score
0.63%
Published
2009-01-20
Updated
2009-05-18
72 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!