Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-06-08 | CVE-2008-6826 | Improper Input Validation vulnerability in Mhfmedia ADS PRO dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages. | 10.0 |
2009-06-05 | CVE-2009-1944 | Buffer Errors vulnerability in Aimp 2.51 Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. | 9.3 |
2009-06-05 | CVE-2009-1943 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Safenet-Inc Softremote and Softremote1.4 Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514. | 10.0 |
2009-06-05 | CVE-2009-1936 | Path Traversal vulnerability in Cpcommerce Project Cpcommerce 1.2.0/1.2.9 _functions.php in cpCommerce 1.2.x, possibly including 1.2.9, sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass a protection mechanism to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files via the GLOBALS[prefix] parameter, a different vector than CVE-2003-1500. | 9.8 |
2009-06-04 | CVE-2009-1916 | OS Command Injection vulnerability in Gscripts DNS Tools dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter. | 10.0 |
2009-06-04 | CVE-2008-6824 | Cryptographic Issues vulnerability in A-Link Wl54Ap2 and Wl54Ap3 The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access. | 10.0 |
2009-06-03 | CVE-2008-6821 | Buffer Errors vulnerability in IBM DB2 8.0/9.1/9.5 Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853. | 10.0 |
2009-06-03 | CVE-2008-6820 | Configuration vulnerability in IBM DB2 8.0/9.1/9.5 The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856. | 10.0 |
2009-06-03 | CVE-2009-1901 | Multiple Security vulnerability in IBM WebSphere Application Server The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors. | 10.0 |
2009-06-03 | CVE-2009-1899 | Multiple Security vulnerability in IBM WebSphere Application Server Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin." | 10.0 |