CVE-2009-1886

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...

Zen Cart 1.3.8 Remote Code Execution Exploit

No description provided by source. !/usr/bin/php ?php ------- Zen Cart 1.3.8 Remote Code Execution http://www.zen-cart.com/ Zen Cart Ecommerce - putting the dream of server rooting within reach of anyone! A new version 1.3.8a is avaible on http://www.zen-cart.com/ BlackH : errorreportingEALL ^...

CVE-2009-0888

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

CVE-2009-0512

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

CVE-2009-0509

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption...

CVE-2009-0889

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

CVE-2009-1530

Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which...

CVE-2009-1709

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...

Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)

The remote host is missing an update to gstreamer0.10-plugins-good announced via advisory MDVSA-2009:130. OpenVAS Vulnerability Test $Id: mdksa2009130.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:130 gstreamer0.10-plugins-good Authors: Thomas Rein...

Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl)

The remote host is missing an update to cyrus-sasl announced via advisory MDVSA-2009:113. OpenVAS Vulnerability Test $Id: mdksa2009113.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:113 cyrus-sasl Authors: Thomas Reinke Copyright: Copyright c 2009...

CVE-2009-1932

Multiple integer overflows in the 1 userinfocallback, 2 userendrowcallback, and 3 gstpngdectask functions ext/libpng/gstpngdec.c in GStreamer Good Plug-ins aka gst-plugins-good or gstreamer-plugins-good 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary cod...

USN-781-1: Pidgin vulnerabilities

It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code...

CVE-2009-0956

Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a movie containing a user data atom of size zero...

GNU glibc - Timezone Parsing Remote Integer Overflow

// source: https://www.securityfocus.com/bid/50898/info GNU glibc is prone to an remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that uses the affected library. include include include inclu...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms comartforms component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfigabsolutepath parameter to 1 imgcaptcha.php or 2 mp3captcha.php in...

CVE-2009-1791

Heap-based buffer overflow in aiffreadheader in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via an AIFF file with an invalid header value...

AOL Radio AmpX ActiveX Control ConvertFile() Buffer Overflow

This module exploits a stack-based buffer overflow in AOL IWinAmpActiveX class AmpX.dll version 2.4.0.6 installed via AOL Radio website. By setting an overly long value to 'ConvertFile', an attacker can overrun a buffer and execute arbitrary code. This module requires Metasploit:...

CVE-2009-1759

Stack-based buffer overflow in the btFiles::BuildFromMI function trunk/btfiles.cpp in Enhanced CTorrent aka dTorrent 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Torrent file containing a long...

CVE-2009-1759

Stack-based buffer overflow in the btFiles::BuildFromMI function trunk/btfiles.cpp in Enhanced CTorrent aka dTorrent 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Torrent file containing a long...

Stack overflow

Stack-based buffer overflow in the btFiles::BuildFromMI function trunk/btfiles.cpp in Enhanced CTorrent aka dTorrent 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a Torrent file containing a long...