Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-11-25 | CVE-2009-3033 | Buffer Errors vulnerability in Symantec products Buffer overflow in the RunCmd method in the Altiris eXpress NS Console Utilities ActiveX control in AeXNSConsoleUtilities.dll in the web console in Symantec Altiris Deployment Solution 6.9.x, Altiris Notification Server 6.0.x, and Management Platform 7.0.x allows remote attackers to execute arbitrary code via a long string in the second argument. | 9.3 |
| 2009-11-24 | CVE-2009-4072 | Remote Security vulnerability in Opera Web Browser Unspecified vulnerability in Opera before 10.10 has unknown impact and attack vectors, related to a "moderately severe issue." | 10.0 |
| 2009-11-24 | CVE-2009-3578 | Code Injection vulnerability in Autodesk Alias Wavefront Maya and Autodesk Maya Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes." | 9.3 |
| 2009-11-24 | CVE-2009-3577 | Code Injection vulnerability in Autodesk 3DS MAX Autodesk 3D Studio Max (3DSMax) 6 through 9 and 2008 through 2010 allows remote attackers to execute arbitrary code via a .max file with a MAXScript statement that calls the DOSCommand method, related to "application callbacks." | 9.3 |
| 2009-11-24 | CVE-2009-3576 | Code Injection vulnerability in Autodesk Softimage and Autodesk Softimage XSI Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control. | 9.3 |
| 2009-11-24 | CVE-2009-3843 | Permissions, Privileges, and Access Controls vulnerability in HP Operations Manager 8.10 HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload. | 10.0 |
| 2009-11-20 | CVE-2009-3842 | Denial of Service vulnerability in HP products Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors. | 10.0 |
| 2009-11-20 | CVE-2009-4006 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Solarwinds Serv-U File Server Stack-based buffer overflow in the TEA decoding algorithm in RhinoSoft Serv-U FTP server 7.0.0.1, 9.0.0.5, and other versions before 9.1.0.0 allows remote attackers to execute arbitrary code via a long hexadecimal string. | 10.0 |
| 2009-11-19 | CVE-2009-3909 | Integer Overflow or Wraparound vulnerability in Gimp 2.6.7 Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow. | 9.3 |
| 2009-11-18 | CVE-2009-3976 | Buffer Errors vulnerability in Labtam-Inc Proftp 2.9 Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message). | 9.3 |