CVE-2009-2961

CVE-2009-2961 describes a stack-based buffer overflow in the player Thaddy de Konng KOL Player 1.0 , triggered by a long URL in a .MP3 playlist file. According to the records, this can allow a remote attacker to cause a denial of service or execute arbitrary code. The provided documents confirm t...

Buffer overflow

Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to 1 cause a denial of service segmentation fault via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the 2 MKD, 3 XMKD, 4 RMD, and other unspecifi...

CVE-2008-7074

Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon...

CVE-2008-7074

CVE-2008-7074 describes a format string vulnerability in MemeCode Software i.Scribe (versions 1.88 through 2.00 before Beta9) that is triggered by format specifiers in the signon message of server responses. The issue can be exploited by remote SMTP servers to cause a denial of service (crash) an...

Remote file inclusion

PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the smartycompilepath variable in the fetch function...

CVE-2008-7026

CVE-2008-7026 describes an unrestricted file-upload vulnerability in eFront (version 3.5.1 build 2710 and earlier) where an attacker can upload a file with an executable extension as a user avatar via the filesystem3.class.php upload process, and then access it through a direct request to the fil...

CVE-2009-2916

Format string vulnerability in the CNSAddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname...

Code injection

WP-Syntax plugin 0.9.1 and earlier for Wordpress, with registerglobals enabled, allows remote attackers to execute arbitrary PHP code via the testfilterwphead array parameter to test/index.php, which is used in a call to the calluserfuncarray function...

Remote file inclusion

PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the configincludedir parameter...

Microsoft Windows AVI Media File Parsing Vulnerabilities (971557)

This host is missing a critical security update according to Microsoft Bulletin MS09-038. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

CVE-2008-6899

Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service crash and execute arbitrary code via a long 1 open, 2 unlink, 3 mkdir, 4 rmdir, or 5 stat SFTP command...

CVE-2008-6899

Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service crash and execute arbitrary code via a long 1 open, 2 unlink, 3 mkdir, 4 rmdir, or 5 stat SFTP command...

CVE-2008-6898

CVE-2008-6898 affects SasCam Webcam Server 2.6.5 via the ActiveX SaschArt SasCam control. The vulnerability is a buffer overflow in the XHTTP Module 4.1.0.0 that can be triggered by a long argument to the Get method (and other unspecified methods), allowing remote code execution or a crash. Publi...

CVE-2009-2204

Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapor...

CVE-2009-2643

The connected Red Hat and NVD entries confirm CVE-2009-4778 and related disclosures affect the PDF distiller in the Attachment Service of Research In Motion (RIM) BlackBerry BES and BlackBerry Professional Software. A crafted PDF file attachment can lead to a denial of service (memory corruption)...

Memory corruption

Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service memory corruption and application crash or execute arbitrary code via vectors involving double frame construction, related to 1 nsHTMLContentSink.cpp, 2 nsXMLContentSink.cpp, and 3 nsPresShell.cpp, a...

MyDLstore Pixel Ad Script - payment.php Cross-Site Scripting

MyDLstore Pixel Ad Script - payment.php Cross-Site Scripting source: https://www.securityfocus.com/bid/43448/info MyDLstore Pixel Ad Script is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute...

CVE-2009-2548

Format string vulnerability in Armed Assault aka ArmA 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via format string specifiers in the 1 nickname and 2 datafile fields in a joi...

VLC Media Player SMB 'Win32AddConnection()' BOF Vulnerability - July09 (Windows)

This host is installed with VLC Media Player and is prone to Stack-Based Buffer Overflow Vulnerability. OpenVAS Vulnerability Test $Id: gbvlcmediaplayerbofvulnjul09win.nasl 8174 2017-12-19 12:23:25Z cfischer $ VLC Media Player SMB 'Win32AddConnection' BOF Vulnerability - July09 Windows Authors:...

Microsoft DirectShow Remote Code Execution Vulnerability (961373)

This host is missing a critical security update according to Microsoft Bulletin MS09-028. OpenVAS Vulnerability Test $Id: secpodms09-028.nasl 5363 2017-02-20 13:07:22Z cfi $ Microsoft DirectShow Remote Code Execution Vulnerability 971633 Authors: Nikita MR Copyright c 2009 SecPod,...