Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-12-04 | CVE-2009-4201 | Buffer Errors vulnerability in Assistanttools MP3 TAG Assistance Professional 2.92 Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field. | 9.3 |
2009-12-04 | CVE-2009-4148 | Code Injection vulnerability in Daz3D DAZ Studio 2.3.3.161/2.3.3.163/3.0.1.135 DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability." | 9.3 |
2009-12-04 | CVE-2009-4195 | Buffer Errors vulnerability in Adobe Illustrator 13.0.0/14.0.0 Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. | 9.3 |
2009-12-03 | CVE-2009-1566 | Numeric Errors vulnerability in Roxio Creator and Easy Media Creator Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions. | 9.3 |
2009-12-03 | CVE-2009-4189 | Credentials Management vulnerability in HP Operations Manager HP Operations Manager has a default password of OvW*busr1 for the ovwebusr account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. | 10.0 |
2009-12-03 | CVE-2009-4188 | Credentials Management vulnerability in HP Operations Dashboard HP Operations Dashboard has a default password of j2deployer for the j2deployer account, which allows remote attackers to execute arbitrary code via a session that uses the manager role to conduct unrestricted file upload attacks against the /manager servlet in the Tomcat servlet container. | 10.0 |
2009-12-03 | CVE-2009-4186 | Buffer Errors vulnerability in Apple Safari 4.0.3 Stack consumption vulnerability in Apple Safari 4.0.3 on Windows allows remote attackers to cause a denial of service (application crash) via a long URI value (aka url) in the Cascading Style Sheets (CSS) background property. | 9.3 |
2009-12-03 | CVE-2009-1567 | Buffer Errors vulnerability in Larts Uploader Activex Control 2.2.0.6 Multiple stack-based buffer overflows in the Lateral Arts Photobox uploader ActiveX control 1.x before 1.3, and 2.2.0.6, allow remote attackers to execute arbitrary code via a long URL string for the (1) LogURL, (2) ConnectURL, (3) SkinURL, (4) AlbumCreateURL, (5) ErrorURL, or (6) httpsinglehost property value. | 9.3 |
2009-12-03 | CVE-2009-0895 | Numeric Errors vulnerability in Novell Edirectory Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow. | 10.0 |
2009-12-02 | CVE-2009-4127 | Code Injection vulnerability in Wikipedia Toolbar Unspecified vulnerability in Wikipedia Toolbar extension before 0.5.9.2 for Firefox allows user-assisted remote attackers to execute arbitrary JavaScript with Chrome privileges via vectors involving unspecified Toolbar buttons and the eval function. | 9.3 |