Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-05-29 | CVE-2009-1830 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Slsknet Soulseek 156/157Ns Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query. | 10.0 |
| 2009-05-29 | CVE-2009-1792 | OS Command Injection vulnerability in Stonetrip S3Dplayer Standalone and S3Dplayer web The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument). | 9.3 |
| 2009-05-29 | CVE-2009-1537 | Remote Code Execution vulnerability in Microsoft DirectX DirectShow QuickTime Video Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability." Per: http://www.microsoft.com/technet/security/advisory/971778.mspx "Microsoft is aware of limited, active attacks that use this exploit code. | 9.3 |
| 2009-05-29 | CVE-2009-1817 | Buffer Errors vulnerability in Digimode10 Maya 1.0.2 Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file. | 9.3 |
| 2009-05-29 | CVE-2009-1815 | Buffer Errors vulnerability in Sonicspot Audioactive Player 1.93B Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file. | 9.3 |
| 2009-05-28 | CVE-2009-1807 | Unspecified vulnerability in Baofeng Storm Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. | 9.3 |
| 2009-05-28 | CVE-2009-1806 | Unspecified vulnerability in IBM Hardware Management Console 7.3.4.0 Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. | 9.3 |
| 2009-05-28 | CVE-2008-6816 | Improper Authentication vulnerability in Eaton Network Shutdown Module Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php. | 10.0 |
| 2009-05-27 | CVE-2009-1477 | Cryptographic Issues vulnerability in Aten products The https web interfaces on the ATEN KH1516i IP KVM switch with firmware 1.0.063, the KN9116 IP KVM switch with firmware 1.1.104, and the PN9108 power-control unit have a hardcoded SSL private key, which makes it easier for remote attackers to decrypt https sessions by extracting this key from their own switch and then sniffing network traffic to a switch owned by a different customer. | 10.0 |
| 2009-05-27 | CVE-2009-1473 | Cryptographic Issues vulnerability in Aten Kh1516I IP KVM Switch and Kn9116 IP KVM Switch The (1) Windows and (2) Java client programs for the ATEN KH1516i IP KVM switch with firmware 1.0.063 and the KN9116 IP KVM switch with firmware 1.1.104 do not properly use RSA cryptography for a symmetric session-key negotiation, which makes it easier for remote attackers to (a) decrypt network traffic, or (b) conduct man-in-the-middle attacks, by repeating unspecified "client-side calculations." | 10.0 |