The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet….
CVE Identifier: CVE-2009-3840
Vulnerability Type(s):
Severity: Medium
Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow….
CVE Identifier: CVE-2009-3909
Vulnerability Type(s):
Severity: High
Multiple buffer overflows in a certain ActiveX control in ActiveDom.ocx in HP OpenView Network Node Manager (OV NNM) 7.53 might allow remote attackers to cause a denial of service (memory corruption) or have unspecified other impact via a long string argument to the (1) DisplayName, (2) AddGroup, (3) InstallComponent, or (4) Subscribe method…
CVE Identifier: CVE-2009-3977
Vulnerability Type(s):
Severity: Medium
The nsGIFDecoder2::GifWrite function in decoders/gif/nsGIFDecoder2.cpp in libpr0n in Mozilla Firefox before 3.5.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an animated GIF file with a large image size, a different vulnerability than CVE-2009-3373….
CVE Identifier: CVE-2009-3978
Vulnerability Type(s):
Severity: Medium
SQL injection vulnerability in the NinjaMonials (com_ninjacentral) component 1.1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the testimID parameter in a display action to index.php….
CVE Identifier: CVE-2009-3964
Vulnerability Type(s):
Severity: High
SQL injection vulnerability in rating.php in New 5 star Rating 1.0 allows remote attackers to execute arbitrary SQL commands via the det parameter….
CVE Identifier: CVE-2009-3965
Vulnerability Type(s):
Severity: High
Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true….
CVE Identifier: CVE-2009-3966
Vulnerability Type(s):
Severity: High
SQL injection vulnerability in browse.php in Ed Charkow SuperCharged Linking allows remote attackers to execute arbitrary SQL commands via the id parameter….
CVE Identifier: CVE-2009-3967
Vulnerability Type(s):
Severity: High
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php…
CVE Identifier: CVE-2009-3968
Vulnerability Type(s):
Severity: High
Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file….
CVE Identifier: CVE-2009-3969
Vulnerability Type(s):
Severity: High
