Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-30 | CVE-2009-4112 | Permissions, Privileges, and Access Controls vulnerability in Cacti Cacti 0.8.7e and earlier allows remote authenticated administrators to gain privileges by modifying the "Data Input Method" for the "Linux - Get Memory Usage" setting to contain arbitrary commands. | 9.0 |
| 2009-11-29 | CVE-2009-4107 | Buffer Errors vulnerability in Amplusnet Invisible Browsing 5.0.52 Buffer overflow in Invisible Browsing 5.0.52 allows user-assisted remote attackers to execute arbitrary code via a crafted .ibkey file containing a long string. | 9.3 |
| 2009-11-29 | CVE-2009-4103 | Buffer Errors vulnerability in Robo-Ftp 3.6.17 Buffer overflow in Robo-FTP 3.6.17, and possibly other versions, allows remote FTP servers to cause a denial of service and possibly execute arbitrary code via unspecified FTP server responses. | 9.3 |
| 2009-11-29 | CVE-2009-4102 | Improper Input Validation vulnerability in multiple products Sage 1.4.3 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | 9.3 |
| 2009-11-29 | CVE-2009-4101 | Improper Input Validation vulnerability in Didier Ernotte Inforss infoRSS 1.1.4.2 and earlier extension for Firefox performs certain operations with chrome privileges, which allows remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed. | 9.3 |
| 2009-11-29 | CVE-2009-4100 | Improper Input Validation vulnerability in Yoono Yoono extension before 6.1.1 for Firefox performs certain operations with chrome privileges, which allows user-assisted remote attackers to execute arbitrary commands and perform cross-domain scripting attacks via DOM event handlers such as onload. | 9.3 |
| 2009-11-29 | CVE-2009-4097 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Malsmith Serenity Audio Player Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. | 9.3 |
| 2009-11-29 | CVE-2009-4025 | OS Command Injection vulnerability in Pear 0.11/0.20/0.21 Argument injection vulnerability in the traceroute function in Traceroute.php in the Net_Traceroute package before 0.21.2 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
| 2009-11-29 | CVE-2009-4024 | Code Injection vulnerability in Pear Argument injection vulnerability in the ping function in Ping.php in the Net_Ping package before 2.4.5 for PEAR allows remote attackers to execute arbitrary shell commands via the host parameter. | 10.0 |
| 2009-11-25 | CVE-2009-3033 | Buffer Errors vulnerability in Symantec products Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. | 9.3 |