CVE-2009-1831

Public exploit
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
Max CVSS
9.3
EPSS Score
95.32%
Published
2009-05-29
Updated
2017-09-29
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
Max CVSS
10.0
EPSS Score
18.47%
Published
2009-05-29
Updated
2017-09-29
Unspecified vulnerability in the PCNFSD dissector in Wireshark 0.8.20 through 1.0.7 allows remote attackers to cause a denial of service (crash) via crafted PCNFSD packets.
Max CVSS
5.0
EPSS Score
0.34%
Published
2009-05-29
Updated
2017-09-29
Mozilla Firefox 3.0.10 allows remote attackers to cause a denial of service (infinite loop, application hang, and memory consumption) via a KEYGEN element in conjunction with (1) a META element specifying automatic page refresh or (2) a JavaScript onLoad event handler for a BODY element. NOTE: it was later reported that earlier versions are also affected.
Max CVSS
5.0
EPSS Score
6.77%
Published
2009-05-29
Updated
2018-10-10
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
Max CVSS
5.0
EPSS Score
9.25%
Published
2009-05-29
Updated
2018-10-10
modules/admuser.php in myGesuad 0.9.14 (aka 0.9) does not require administrative authentication, which allows remote authenticated users to list user accounts via a Find action.
Max CVSS
6.5
EPSS Score
0.39%
Published
2009-05-29
Updated
2017-09-29
The ps_drv.sys kernel driver in ArcaBit ArcaVir 2009 Antivirus Protection 9.4.3201.9 and earlier, ArcaVir 2009 Internet Security 9.4.3202.9 and earlier, ArcaVir 2009 System Protection 9.4.3203.9 and earlier, and ArcaBit 2009 Home Protection 9.4.3204.9 and earlier, allows local users to gain privileges via crafted METHOD_NEITHER IOCTL requests to \Device\ps_drv containing arbitrary kernel addresses, as demonstrated using the (1) 0x2A7B802B and possibly (2) 0x2A7B8004 and (3) 0x2A7B802F IOCTLs.
Max CVSS
7.2
EPSS Score
0.04%
Published
2009-05-29
Updated
2017-09-29
Multiple PHP remote file inclusion vulnerabilities in the InterJoomla ArtForms (com_artforms) component 2.1b7 for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) imgcaptcha.php or (2) mp3captcha.php in assets/captcha/includes/captchaform/, or (3) assets/captcha/includes/captchatalk/swfmovie.php.
Max CVSS
7.5
EPSS Score
1.04%
Published
2009-05-29
Updated
2017-09-29
DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.
Max CVSS
5.0
EPSS Score
0.49%
Published
2009-05-29
Updated
2017-09-29
SQL injection vulnerability in product.php in 2daybiz Custom T-shirt Design Script allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-05-29
Updated
2017-09-29
SQL injection vulnerability in admin/admin_manager.asp in MaxCMS 2.0 allows remote attackers to execute arbitrary SQL commands via an m_username cookie in an add action.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-05-29
Updated
2017-09-29
Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.
Max CVSS
9.3
EPSS Score
9.14%
Published
2009-05-29
Updated
2017-09-29
SQL injection vulnerability in admin.php in My Game Script 2.0 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the username field). NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.09%
Published
2009-05-29
Updated
2017-09-29
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
Max CVSS
9.3
EPSS Score
9.81%
Published
2009-05-29
Updated
2017-09-29
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074.
Max CVSS
7.5
EPSS Score
0.13%
Published
2009-05-29
Updated
2017-09-29
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).
Max CVSS
7.5
EPSS Score
0.16%
Published
2009-05-29
Updated
2017-09-29
Multiple SQL injection vulnerabilities in myGesuad 0.9.14 (aka 0.9) allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) budget.php, (4) zahlung.php, or (5) adresse.php in modules/, related to classes/class.perform.php.
Max CVSS
6.0
EPSS Score
0.15%
Published
2009-05-29
Updated
2017-09-29
Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.
Max CVSS
6.0
EPSS Score
0.15%
Published
2009-05-29
Updated
2017-09-29
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
Max CVSS
9.3
EPSS Score
6.11%
Published
2009-05-28
Updated
2009-06-09
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
0.15%
Published
2009-05-28
Updated
2017-08-17
Multiple SQL injection vulnerabilities in admin/index.php in VideoScript.us YouTube Video Script allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Max CVSS
7.5
EPSS Score
0.06%
Published
2009-05-28
Updated
2017-09-29
FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, generates different error messages for a failed login attempt depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
Max CVSS
5.0
EPSS Score
0.29%
Published
2009-05-28
Updated
2019-12-10
Multiple cross-site request forgery (CSRF) vulnerabilities in FreePBX 2.5.1, and other 2.4.x, 2.5.x, and pre-release 2.6.x versions, allow remote attackers to hijack the authentication of admins for requests that create a new admin account or have unspecified other impact.
Max CVSS
6.8
EPSS Score
0.29%
Published
2009-05-28
Updated
2019-12-10
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
4.10%
Published
2009-05-28
Updated
2009-05-28
Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.
Max CVSS
6.8
EPSS Score
0.06%
Published
2009-05-28
Updated
2017-09-29
296 vulnerabilities found
1 2 3 4 5 6 7 8 9 10 11 12
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!