Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-03-02 | CVE-2009-0749 | Use After Free vulnerability in multiple products Use-after-free vulnerability in the GIFReadNextExtension function in lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted GIF image that causes the realloc function to return a new pointer, which triggers memory corruption when the old pointer is accessed. | 7.8 |
2009-02-20 | CVE-2009-0658 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. | 7.8 |
2009-02-17 | CVE-2008-6157 | Cleartext Storage of Sensitive Information vulnerability in Sepcity Classified ADS SepCity Classified Ads stores the admin password in cleartext in data/classifieds.mdb, which allows context-dependent attackers to obtain sensitive information. | 7.5 |
2009-02-13 | CVE-2009-0141 | Incorrect Permission Assignment for Critical Resource vulnerability in Apple mac OS X and mac OS X Server XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. | 5.5 |
2009-01-30 | CVE-2009-0034 | Incorrect Authorization vulnerability in multiple products parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group (aka %group) in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command. | 7.8 |
2009-01-26 | CVE-2009-0265 | Unchecked Return Value vulnerability in ISC Bind Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature, a similar vulnerability to CVE-2008-5077 and CVE-2009-0025. | 7.5 |
2009-01-22 | CVE-2009-0255 | Use of Insufficiently Random Values vulnerability in multiple products The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key. | 7.5 |
2009-01-21 | CVE-2009-0244 | Path Traversal vulnerability in Microsoft Windows Mobile 5.0/6.0 Directory traversal vulnerability in the OBEX FTP Service in the Microsoft Bluetooth stack in Windows Mobile 6 Professional, and probably Windows Mobile 5.0 for Pocket PC and 5.0 for Pocket PC Phone Edition, allows remote authenticated users to list arbitrary directories, and create or read arbitrary files, via a .. | 8.8 |
2009-01-20 | CVE-2009-0182 | Classic Buffer Overflow vulnerability in Vuplayer Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line. | 8.8 |
2008-12-31 | CVE-2008-5784 | Reliance on Cookies without Validation and Integrity Checking vulnerability in V3Chat V3 Chat Profiles Dating Script 3.0.2 V3 Chat - Profiles/Dating Script 3.0.2 allows remote attackers to bypass authentication and gain administrative access by setting the admin cookie to 1. | 9.8 |