Remote file inclusion

PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configincludedir parameter...

Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)

This host is missing a critical security update according to Microsoft Bulletin MS09-038. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-6899

Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service crash and execute arbitrary code via a long 1 open, 2 unlink, 3 mkdir, 4 rmdir, or 5 stat SFTP command...

CVE-2008-6899

Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service crash and execute arbitrary code via a long 1 open, 2 unlink, 3 mkdir, 4 rmdir, or 5 stat SFTP command...

CVE-2008-6898

CVE-2008-6898 affects SasCam Webcam Server 2.6.5 via the ActiveX SaschArt SasCam control. The vulnerability is a buffer overflow in the XHTTP Module 4.1.0.0 that can be triggered by a long argument to the Get method (and other unspecified methods), allowing remote code execution or a crash. Publi...

CVE-2009-2204

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapor...

CVE-2009-2643

The connected Red Hat and NVD entries confirm CVE-2009-4778 and related disclosures affect the PDF distiller in the Attachment Service of Research In Motion (RIM) BlackBerry BES and BlackBerry Professional Software. A crafted PDF file attachment can lead to a denial of service (memory corruption)...

Memory corruption

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via vectors involving double frame construction, related to 1 nsHTMLContentSink.cpp, 2 nsXMLContentSink.cpp, and 3 nsPresShell.cpp, a...

MyDLstore Pixel Ad Script - payment.php Cross-Site Scripting

MyDLstore Pixel Ad Script - payment.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43448/info MyDLstore Pixel Ad Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

CVE-2009-2548

Format string vulnerability in Armed Assault aka ArmA 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 nickname and 2 datafile fields in a joi...

VLC Media Player SMB 'Win32AddConnection()' BOF Vulnerability - July09 (Windows)

This host is installed with VLC Media Player and is prone to Stack-Based Buffer Overflow Vulnerability. OpenVAS Vulnerability Test $Id: gbvlcmediaplayerbofvulnjul09win.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player SMB 'Win32AddConnection' BOF Vulnerability - July09 Windows Authors:...

Microsoft DirectShow Remote Code Execution Vulnerability (961373)

This host is missing a critical security update according to Microsoft Bulletin MS09-028. OpenVAS Vulnerability Test $Id: secpodms09-028.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft DirectShow Remote Code Execution Vulnerability 971633 Authors: Nikita MR Copyright c 2009 SecPod,...

CVE-2009-2421

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol...

Remote file inclusion

PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...

ClamAV LZH File Unpacking Denial of Service Vulnerability (Windows)

The host is installed with ClamAV and is prone to Denial of Service Vulnerability. OpenVAS Vulnerability Test $Id: gbclamavlzhdosvulnwin.nasl 4865 2016-12-28 16:16:43Z teissa $ ClamAV LZH File Unpacking Denial of Service Vulnerability Windows Authors: Nikita MR Copyright: Copyright c 2009 Greenbo...

CVE-2009-2294

Integer overflow in the Pngdatainfocallback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG image with crafted 1 width or 2 height values...

apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Apache ChangeLog reports: Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size th...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to 1 ihead.php, 2 inav.php, 3 usernew2.php, or 4 house/myrents.php; or 5 allbooks.php, 6 home.php,...

CVE-2009-2210

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type...

Critical: Red Hat Security Advisory: kdegraphics security update

Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment KDE. Scalabl...