Stack-based buffer overflow in Core FTP 2.1 build 1612 allows user-assisted remote attackers to execute arbitrary code via a long hostname in an FTP server entry in a site backup file. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
7.84%
Published
2009-09-30
Updated
2017-08-17
Heap-based buffer overflow in the Create New Site feature in GlobalSCAPE CuteFTP Professional, Home, and Lite 8.3.3 and 8.3.3.0054 allows user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a site list containing an entry with a long label.
Max CVSS
9.3
EPSS Score
1.73%
Published
2009-09-30
Updated
2017-08-17
Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
Max CVSS
9.3
EPSS Score
3.83%
Published
2009-09-29
Updated
2017-08-17
IBM DB2 9.1 before FP8 does not require the SETSESSIONUSER privilege for the SET SESSION AUTHORIZATION statement, which has unspecified impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
0.30%
Published
2009-09-29
Updated
2013-09-11

CVE-2009-3429

Public exploit
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
Max CVSS
9.3
EPSS Score
95.28%
Published
2009-09-25
Updated
2017-09-19
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.
Max CVSS
9.3
EPSS Score
4.07%
Published
2009-09-25
Updated
2017-09-19
login.php in Zenas PaoBacheca Guestbook 2.1, when register_globals is enabled, allows remote attackers to bypass authentication and gain administrative access by setting the login_ok parameter to 1.
Max CVSS
9.8
EPSS Score
1.66%
Published
2009-09-25
Updated
2024-02-13
CgiUserConfigEdit in BackupPC 3.1.0, when SSH keys and Rsync are in use in a multi-user environment, does not restrict users from the ClientNameAlias function, which allows remote authenticated users to read and write sensitive files by modifying ClientNameAlias to match another system, then initiating a backup or restore.
Max CVSS
8.5
EPSS Score
0.37%
Published
2009-09-24
Updated
2009-10-31
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
Max CVSS
9.3
EPSS Score
1.36%
Published
2009-09-24
Updated
2017-09-19
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2009-09-24
Updated
2009-09-24
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2009-09-24
Updated
2009-09-29
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.31%
Published
2009-09-24
Updated
2022-09-27
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2009-09-24
Updated
2009-09-24
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.21%
Published
2009-09-24
Updated
2009-10-12
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
1.50%
Published
2009-09-24
Updated
2011-12-20
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
1.11%
Published
2009-09-24
Updated
2009-09-28
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
0.23%
Published
2009-09-24
Updated
2011-12-20
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
Max CVSS
10.0
EPSS Score
1.20%
Published
2009-09-24
Updated
2009-09-28
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
Max CVSS
9.3
EPSS Score
5.45%
Published
2009-09-24
Updated
2017-09-19
Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.
Max CVSS
9.3
EPSS Score
2.27%
Published
2009-09-23
Updated
2017-09-19
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.
Max CVSS
9.0
EPSS Score
0.20%
Published
2009-09-18
Updated
2018-10-30
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
Max CVSS
9.3
EPSS Score
13.37%
Published
2009-09-18
Updated
2017-09-19
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
Max CVSS
9.3
EPSS Score
10.19%
Published
2009-09-18
Updated
2017-09-19
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
Max CVSS
9.0
EPSS Score
5.48%
Published
2009-09-18
Updated
2017-09-19
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
Max CVSS
9.3
EPSS Score
84.86%
Published
2009-09-18
Updated
2017-09-19
106 vulnerabilities found
1 2 3 4 5
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!