CVE-2009-2421

The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service NULL pointer dereference and application crash or possibly execute arbitrary code via a "high-bit character" in a URL fragment for an unspecified protocol...

Remote file inclusion

PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITYFILE parameter...

CVE-2009-2294

Integer overflow in the Pngdatainfocallback function in Dillo 2.1 and earlier allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a PNG image with crafted 1 width or 2 height values...

apache -- Prevent chunk-size integer overflow on platforms where sizeof(int) < sizeof(long)

Apache ChangeLog reports: Integer overflow in the approxysendfb function in proxy/proxyutil.c in modproxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service daemon crash or possibly execute arbitrary code via a large chunk size th...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in phpCollegeExchange 0.1.5c, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the home parameter to 1 ihead.php, 2 inav.php, 3 usernew2.php, or 4 house/myrents.php; or 5 allbooks.php, 6 home.php,...

CVE-2009-2210

Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type...

Critical: Red Hat Security Advisory: kdegraphics security update

Updated kdegraphics packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. The kdegraphics packages contain applications for the K Desktop Environment KDE. Scalabl...

CVE-2009-1886

Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename...

CVE-2009-0512

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

CVE-2009-0509

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption...

CVE-2009-0888

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

CVE-2009-0889

Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than...

CVE-2009-1530

Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which...

CVE-2009-1709

Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service heap corruption and application crash via an SVG animation element, related to SVG set objects, SVG...

Mandrake Security Advisory MDVSA-2009:130 (gstreamer0.10-plugins-good)

The remote host is missing an update to gstreamer0.10-plugins-good announced via advisory MDVSA-2009:130. OpenVAS Vulnerability Test $Id: mdksa2009130.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:130 gstreamer0.10-plugins-good Authors: Thomas Rein...

Mandrake Security Advisory MDVSA-2009:113 (cyrus-sasl)

The remote host is missing an update to cyrus-sasl announced via advisory MDVSA-2009:113. OpenVAS Vulnerability Test $Id: mdksa2009113.nasl 6573 2017-07-06 13:10:50Z cfischer $ Description: Auto-generated from advisory MDVSA-2009:113 cyrus-sasl Authors: Thomas Reinke Copyright: Copyright c 2009...

CVE-2009-1932

Multiple integer overflows in the 1 userinfocallback, 2 userendrowcallback, and 3 gstpngdectask functions ext/libpng/gstpngdec.c in GStreamer Good Plug-ins aka gst-plugins-good or gstreamer-plugins-good 0.10.15 allow remote attackers to cause a denial of service and possibly execute arbitrary cod...

USN-781-1: Pidgin vulnerabilities

It was discovered that Pidgin did not properly handle certain malformed messages when sending a file using the XMPP protocol handler. If a user were tricked into sending a file, a remote attacker could send a specially crafted response and cause Pidgin to crash, or possibly execute arbitrary code...

CVE-2009-0956

Apple QuickTime before 7.6.2 does not properly initialize memory before use in handling movie files, which allows remote attackers to execute arbitrary code or cause a denial of service application crash via a movie containing a user data atom of size zero...

GNU glibc - Timezone Parsing Remote Integer Overflow

// source: https://www.securityfocus.com/bid/50898/info GNU glibc is prone to an remote integer-overflow vulnerability. An attacker can exploit this issue to execute arbitrary code with the privileges of the user running an application that uses the affected library. include include include inclu...