Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-01-13 | CVE-2009-3953 | Out-of-bounds Write vulnerability in multiple products The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994. | 8.8 |
| 2010-01-09 | CVE-2010-0013 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2010-01-08 | CVE-2010-0012 | Path Traversal vulnerability in multiple products Directory traversal vulnerability in libtransmission/metainfo.c in Transmission 1.22, 1.34, 1.75, and 1.76 allows remote attackers to overwrite arbitrary files via a .. | 8.8 |
| 2010-01-06 | CVE-2009-4581 | Path Traversal vulnerability in Roseonlinecms Directory traversal vulnerability in modules/admincp.php in RoseOnlineCMS 3 B1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the admin parameter. | 9.8 |
| 2009-12-29 | CVE-2009-4449 | Path Traversal vulnerability in Mybboard Mybb 1.4.10 Directory traversal vulnerability in MyBB (aka MyBulletinBoard) 1.4.10, and possibly earlier versions, when changing the user avatar from the gallery, allows remote authenticated users to determine the existence of files via directory traversal sequences in the avatar and possibly the gallery parameters, related to (1) admin/modules/user/users.php and (2) usercp.php. | 6.5 |
| 2009-12-15 | CVE-2009-4324 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009. | 7.8 |
| 2009-12-03 | CVE-2009-4194 | Path Traversal vulnerability in Kmint21 Golden FTP Server 4.30/4.50 Directory traversal vulnerability in Golden FTP Server 4.30 Free and Professional, 4.50, and possibly other versions allows remote authenticated users to delete arbitrary files via a .. | 8.1 |
| 2009-11-24 | CVE-2009-3897 | Incorrect Permission Assignment for Critical Resource vulnerability in Dovecot Dovecot 1.2.x before 1.2.8 sets 0777 permissions during creation of certain directories at installation time, which allows local users to access arbitrary user accounts by replacing the auth socket, related to the parent directories of the base_dir directory, and possibly the base_dir directory itself. | 5.5 |
| 2009-11-23 | CVE-2009-4053 | Path Traversal vulnerability in Home FTP Server Project Home FTP Server 1.10.1.139 Multiple directory traversal vulnerabilities in Home FTP Server 1.10.1.139 allow remote authenticated users to (1) create arbitrary directories via directory traversal sequences in an MKD command or (2) create files with any contents in arbitrary directories via directory traversal sequences in a file upload request. | 6.5 |
| 2009-11-20 | CVE-2009-4004 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Linux Kernel Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X86_SETUP_MCE IOCTL request that specifies a large number of Machine Check Exception (MCE) banks. | 7.8 |