Vulnerabilities > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2009-03-25 | CVE-2009-1096 | Buffer Errors vulnerability in SUN JDK and JRE Buffer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | 10.0 |
| 2009-03-25 | CVE-2009-1095 | Numeric Errors vulnerability in SUN JDK and JRE Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers. | 10.0 |
| 2009-03-25 | CVE-2009-1094 | Multiple Security vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data. | 10.0 |
| 2009-03-25 | CVE-2009-1092 | Resource Management Errors vulnerability in Geovision Liveaudio Activex Control 7.0 Use-after-free vulnerability in the LIVEAUDIO.LiveAudioCtrl.1 ActiveX control in LIVEAU~1.OCX 7.0 for GeoVision DVR systems allows remote attackers to execute arbitrary code by calling the GetAudioPlayingTime method with certain arguments. | 9.3 |
| 2009-03-25 | CVE-2009-1088 | Code Injection vulnerability in Hannonhill Cascade 5.7 Hannon Hill Cascade Server 5.7 and other versions allows remote authenticated users to execute arbitrary programs or Java code via a crafted XSLT stylesheet with "extension elements and extension functions" that trigger code execution by Xalan-Java, as demonstrated using xalan://java.lang.Runtime. | 9.0 |
| 2009-03-25 | CVE-2009-1087 | Improper Input Validation vulnerability in Pplive 1.9.15 Multiple argument injection vulnerabilities in PPLive.exe in PPLive 1.9.21 and earlier allow remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler. | 9.3 |
| 2009-03-25 | CVE-2008-6520 | USE of Externally-Controlled Format String vulnerability in Imatix Xitami 2.5C2 Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | 10.0 |
| 2009-03-25 | CVE-2008-6519 | USE of Externally-Controlled Format String vulnerability in Imatix Xitami Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel. | 10.0 |
| 2009-03-25 | CVE-2009-1083 | Code Injection vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 on Linux, AIX, Solaris, and HP-UX permits "control characters" in the passwords of user accounts, which allows remote attackers to execute arbitrary commands via vectors involving "resource adapters." | 9.0 |
| 2009-03-25 | CVE-2009-1082 | Improper Input Validation vulnerability in SUN Java System Identity Manager Sun Java System Identity Manager (IdM) 7.0 through 8.0 allows remote authenticated users to gain privileges by submitting crafted commands to the Admin Console, as demonstrated by privileges for account creation and other administrative capabilities, related to the saveNoValidate action and saveNoValidateAllowedFormsAndWorkflows IDs. | 9.0 |