Security Vulnerabilities, CVEs, Published In September 2009
CVE-2009-3429
Public exploit
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
Max CVSS
9.3
EPSS Score
95.28%
Published
2009-09-25
Updated
2017-09-19
CVE-2009-3214
Public exploit
Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.
Max CVSS
9.3
EPSS Score
68.25%
Published
2009-09-16
Updated
2018-10-10
CVE-2009-3103
Public exploit
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
Max CVSS
10.0
EPSS Score
97.27%
Published
2009-09-08
Updated
2023-12-07
CVE-2009-3068
Public exploit
Unrestricted file upload vulnerability in the RoboHelpServer Servlet (robohelp/server) in Adobe RoboHelp Server 8 allows remote attackers to execute arbitrary code by uploading a Java Archive (.jsp) file during a PUBLISH action, then accessing it via a direct request to the file in the robohelp/robo/reserved/web directory under its sessionid subdirectory, as demonstrated by the vd_adobe module in VulnDisco Pack Professional 8.7 through 8.11.
Max CVSS
9.3
EPSS Score
97.24%
Published
2009-09-04
Updated
2018-10-10
CVE-2009-2521
Public exploit
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
Max CVSS
5.0
EPSS Score
97.06%
Published
2009-09-04
Updated
2020-11-23
CVE-2008-7232
Public exploit
Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.
Max CVSS
10.0
EPSS Score
48.57%
Published
2009-09-14
Updated
2017-08-17
6 vulnerabilities found