Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-04-13 | CVE-2009-1267 | Denial Of Service vulnerability in Wireshark Prior to 1.0.7 Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors. | 5.0 |
| 2009-04-02 | CVE-2009-1233 | Improper Input Validation vulnerability in Apple Safari 3.2.2/4 Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. | 4.3 |
| 2009-03-31 | CVE-2007-6724 | Configuration vulnerability in Vidalia-Project Vidalia Bundle Vidalia bundle before 0.1.2.18, when running on Windows, installs Privoxy with a configuration file (config.txt or config) that contains an insecure enable-remote-http-toggle setting, which allows remote attackers to bypass intended access restrictions and modify configuration. | 5.0 |
| 2009-03-31 | CVE-2007-6723 | Configuration vulnerability in Anonymityanywhere Tork 0.22 TorK before 0.22, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | 4.3 |
| 2009-03-31 | CVE-2007-6722 | Configuration vulnerability in Vidalia-Project Vidalia Bundle Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | 5.0 |
| 2009-03-14 | CVE-2009-0016 | Improper Input Validation vulnerability in Apple Itunes Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | 5.0 |
| 2009-03-12 | CVE-2009-0880 | Path Traversal vulnerability in IBM Director Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. | 6.8 |
| 2009-03-12 | CVE-2009-0879 | Improper Input Validation vulnerability in IBM Director The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | 5.0 |
| 2009-03-10 | CVE-2009-0868 | Improper Input Validation vulnerability in Fujitsu Jasmine2000 CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.8 |
| 2009-02-26 | CVE-2009-0522 | Remote Security vulnerability in Flash Player Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html "This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. | 4.3 |