Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-18 | CVE-2009-3246 | SQL Injection vulnerability in Mybuxscript Pts-Bux SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. | 7.5 |
| 2009-09-18 | CVE-2009-3244 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Shockwave Player Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value. | 9.3 |
| 2009-09-18 | CVE-2009-3243 | Multiple vulnerability in Wireshark 1.2.0/1.2.1 Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations. | 5.0 |
| 2009-09-18 | CVE-2009-3242 | Multiple vulnerability in Wireshark 1.2.0/1.2.1 Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers an assertion failure. | 5.0 |
| 2009-09-18 | CVE-2009-3241 | Multiple vulnerability in Wireshark 1.2.1 Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets. | 7.8 |
| 2009-09-18 | CVE-2009-3240 | Cross-Site Scripting vulnerability in Ohwada Xf-Section 1.12A Cross-site scripting (XSS) vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-09-18 | CVE-2009-3238 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) vulnerability in multiple products The get_random_int function in drivers/char/random.c in the Linux kernel before 2.6.30 produces insufficiently random numbers, which allows attackers to predict the return value, and possibly defeat protection mechanisms based on randomization, via vectors that leverage the function's tendency to "return the same value over and over again for long stretches of time." | 5.5 |
| 2009-09-18 | CVE-2009-2937 | Cross-Site Scripting vulnerability in Intertwingly Planet and Planet Venus Cross-site scripting (XSS) vulnerability in Planet 2.0 and Planet Venus allows remote attackers to inject arbitrary web script or HTML via the SRC attribute of an IMG element in a feed. | 4.3 |
| 2009-09-18 | CVE-2009-1883 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.9 The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage. | 4.4 |
| 2009-09-17 | CVE-2008-7243 | Cross-Site Request Forgery (CSRF) vulnerability in Modxcms 0.9.6.1 Cross-site request forgery (CSRF) vulnerability in page 34 in MODx CMS 0.9.6.1 and 0.9.6.1p1 allows remote attackers to hijack the authentication of other users for requests that modify passwords via manager/index.php. | 6.8 |