CVE-2009-3711

Public exploit
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
Max CVSS
10.0
EPSS Score
75.84%
Published
2009-10-16
Updated
2018-10-10

CVE-2009-3699

Public exploit
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
Max CVSS
10.0
EPSS Score
75.53%
Published
2009-10-15
Updated
2017-08-17

CVE-2009-3693

Public exploit
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
Max CVSS
9.3
EPSS Score
89.90%
Published
2009-10-13
Updated
2009-10-13

CVE-2009-3591

Public exploit
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
Max CVSS
5.0
EPSS Score
37.06%
Published
2009-10-08
Updated
2018-10-10

CVE-2009-3459

Public exploit
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Max CVSS
9.3
EPSS Score
97.23%
Published
2009-10-13
Updated
2018-10-30

CVE-2009-2990

Public exploit
Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
Max CVSS
9.3
EPSS Score
97.26%
Published
2009-10-19
Updated
2018-10-30

CVE-2009-1979

Public exploit
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.
Max CVSS
10.0
EPSS Score
96.48%
Published
2009-10-22
Updated
2018-10-10
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!