Vulnerabilities > Microsoft > Windows > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-31 | CVE-2007-6722 | Configuration vulnerability in Vidalia-Project Vidalia Bundle Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration. | 5.0 |
| 2009-03-14 | CVE-2009-0016 | Improper Input Validation vulnerability in Apple Itunes Apple iTunes before 8.1 on Windows allows remote attackers to cause a denial of service (infinite loop) via a Digital Audio Access Protocol (DAAP) message with a crafted Content-Length header. | 5.0 |
| 2009-03-12 | CVE-2009-0880 | Path Traversal vulnerability in IBM Director Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. | 6.8 |
| 2009-03-12 | CVE-2009-0879 | Improper Input Validation vulnerability in IBM Director The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI. | 5.0 |
| 2009-03-10 | CVE-2009-0868 | Improper Input Validation vulnerability in Fujitsu Jasmine2000 CRLF injection vulnerability in the WebLink template in Fujitsu Jasmine2000 Enterprise Edition allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors. | 6.8 |
| 2009-02-26 | CVE-2009-0522 | Remote Security vulnerability in Flash Player Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87 on Windows allows remote attackers to trick a user into visiting an arbitrary URL via an unspecified manipulation of the "mouse pointer display," related to a "Clickjacking attack." Per: http://www.adobe.com/support/security/bulletins/apsb09-01.html "This update resolves a Windows-only issue with mouse pointer display that could potentially contribute to a Clickjacking attack. | 4.3 |
| 2009-02-26 | CVE-2009-0114 | Remote Security vulnerability in Flash Player Unspecified vulnerability in the Settings Manager in Adobe Flash Player 9.x before 9.0.159.0 and 10.x before 10.0.22.87, and possibly other versions, allows remote attackers to trick a user into visiting an arbitrary URL via unknown vectors, related to "a potential Clickjacking issue variant." | 5.8 |
| 2009-02-10 | CVE-2009-0438 | Permissions, Privileges, and Access Controls vulnerability in IBM Websphere Application Server 7.0 IBM WebSphere Application Server (WAS) 7 before 7.0.0.1 on Windows allows remote attackers to bypass "Authorization checking" and obtain sensitive information from JSP pages via a crafted request. | 5.0 |
| 2009-01-28 | CVE-2009-0321 | Link Following vulnerability in Apple Safari 3.2.1 Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . | 4.3 |
| 2008-12-31 | CVE-2008-5787 | Path Traversal vulnerability in Arabportal Arab Portal 2.1 Directory traversal vulnerability in mod.php in Arab Portal 2.1 on Windows allows remote attackers to read arbitrary files via a .. | 5.4 |