Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-09-28 | CVE-2009-2864 | Denial of Service vulnerability in Cisco products Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 5.x before 5.1(3g), 6.x before 6.1(4), 7.0.x before 7.0(2a)su1, and 7.1.x before 7.1(2) allows remote attackers to cause a denial of service (service restart) via malformed SIP messages, aka Bug ID CSCsz95423. | 7.8 |
2009-09-28 | CVE-2009-2863 | Improper Authentication vulnerability in Cisco IOS Race condition in the Firewall Authentication Proxy feature in Cisco IOS 12.0 through 12.4 allows remote attackers to bypass authentication, or bypass the consent web page, via a crafted request, aka Bug ID CSCsy15227. | 7.1 |
2009-09-28 | CVE-2009-2862 | Unspecified vulnerability in Cisco IOS The Object Groups for Access Control Lists (ACLs) feature in Cisco IOS 12.2XNB, 12.2XNC, 12.2XND, 12.4MD, 12.4T, 12.4XZ, and 12.4YA allows remote attackers to bypass intended access restrictions via crafted requests, aka Bug IDs CSCsx07114, CSCsu70214, CSCsw47076, CSCsv48603, CSCsy54122, and CSCsu50252. network cisco | 4.3 |
2009-09-25 | CVE-2009-3431 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Adobe Acrobat and Acrobat Reader Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. | 5.0 |
2009-09-25 | CVE-2009-3430 | SQL Injection vulnerability in Allomani Mobile 2.5 SQL injection vulnerability in login.php in Allomani Mobile 2.5 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. | 7.5 |
2009-09-25 | CVE-2009-3429 | Buffer Errors vulnerability in Pirateradio Destiny Media Player 1.61 Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file. | 9.3 |
2009-09-25 | CVE-2009-3428 | Buffer Errors vulnerability in Otbcode Easy Music Player 1.0.0.2 Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file. | 9.3 |
2009-09-25 | CVE-2009-3427 | Cross-Site Scripting vulnerability in Kayako Supportsuite 3.50.06 Cross-site scripting (XSS) vulnerability in Kayako SupportSuite 3.50.06 allows remote attackers to inject arbitrary web script or HTML via the subject field in a ticket. | 4.3 |
2009-09-25 | CVE-2009-3426 | Code Injection vulnerability in Databay Maxcms 3.11.20B PHP remote file inclusion vulnerability in includes/file_manager/special.php in MaxCMS 3.11.20b allows remote attackers to execute arbitrary PHP code via a URL in the fm_includes_special parameter. | 6.8 |
2009-09-25 | CVE-2009-3425 | Path Traversal vulnerability in Databay Maxcms 3.11.20B Directory traversal vulnerability in includes/inc.thcms_admin_dirtree.php in MaxCMS 3.11.20b allows remote attackers to read arbitrary files via directory traversal sequences in the thCMS_root parameter. | 5.0 |