Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-09-08 | CVE-2009-3084 | Improper Input Validation vulnerability in Pidgin Libpurple and Pidgin The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten (aka Ink) message, related to an uninitialized variable and the incorrect "UTF16-LE" charset name. | 5.0 |
| 2009-09-08 | CVE-2009-3083 | Buffer Errors vulnerability in Pidgin Libpurple and Pidgin The msn_slp_sip_recv function in libpurple/protocols/msn/slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an SLP invite message that lacks certain required fields, as demonstrated by a malformed message from a KMess client. | 5.0 |
| 2009-09-08 | CVE-2009-3009 | Cross-Site Scripting vulnerability in Rubyonrails Rails Cross-site scripting (XSS) vulnerability in Ruby on Rails 2.x before 2.2.3, and 2.3.x before 2.3.4, allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. | 4.3 |
| 2009-09-08 | CVE-2009-2703 | Buffer Errors vulnerability in Pidgin Libpurple and Pidgin libpurple/protocols/irc/msgs.c in the IRC protocol plugin in libpurple in Pidgin before 2.6.2 allows remote IRC servers to cause a denial of service (NULL pointer dereference and application crash) via a TOPIC message that lacks a topic string. | 5.0 |
| 2009-09-08 | CVE-2009-2702 | Cryptographic Issues vulnerability in KDE Kdelibs 3.5.4/4.2.4/4.3 KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | 7.5 |
| 2009-09-08 | CVE-2009-2701 | Unspecified vulnerability in Zope Zodb Unspecified vulnerability in the Zope Enterprise Objects (ZEO) storage-server functionality in Zope Object Database (ZODB) 3.8 before 3.8.3 and 3.9.x before 3.9.0c2, when certain ZEO database sharing and blob support are enabled, allows remote authenticated users to read or delete arbitrary files via unknown vectors. network zope | 6.0 |
| 2009-09-08 | CVE-2009-2346 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Asterisk products The IAX2 protocol implementation in Asterisk Open Source 1.2.x before 1.2.35, 1.4.x before 1.4.26.2, 1.6.0.x before 1.6.0.15, and 1.6.1.x before 1.6.1.6; Business Edition B.x.x before B.2.5.10, C.2.x before C.2.4.3, and C.3.x before C.3.1.1; and s800i 1.3.x before 1.3.0.3 allows remote attackers to cause a denial of service (call-number exhaustion) by initiating many IAX2 message exchanges, a related issue to CVE-2008-3263. | 7.8 |
| 2009-09-08 | CVE-2008-7182 | Buffer Errors vulnerability in Netwin Surgemail 3.9E Buffer overflow in the IMAP service in NetWin Surgemail 3.9e, and possibly other versions before 3.9g2, allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long first argument to the APPEND command, a different vector than CVE-2008-1497 and CVE-2008-1498. | 4.0 |
| 2009-09-08 | CVE-2008-7181 | Permissions, Privileges, and Access Controls vulnerability in Butterflymedia Butterfly Organizer 2.0.0 Butterfly Organizer 2.0.0 allows remote attackers to (1) delete arbitrary categories via a modified tablehere parameter to category-delete.php with the is_js_confirmed parameter set to 1, or (2) delete arbitrary accounts via the mytable parameter to delete.php. | 7.5 |
| 2009-09-08 | CVE-2008-7180 | Improper Input Validation vulnerability in Rittwick Banerjee Telephone Directory 2008 del_query1.php in Telephone Directory 2008 allows remote attackers to delete arbitrary contacts via a direct request with a modified id variable. | 5.0 |