CVE-2009-1209

Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.

Publication date: Wed, 01 Apr 2009 15:30:00 +0000

Cyber News related to CVE-2009-1209

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
12 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
12 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-1209 - Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute. ...
7 years ago

CVE-2020-26141 - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The Wi-Fi implementation does not verify the Message Integrity Check (authenticity) of fragmented TKIP frames. An adversary can abuse this to inject and possibly decrypt ...
2 years ago

CVE-2020-26140 - An issue was discovered in the ALFA Windows 10 driver 6.1316.1209 for AWUS036H. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent ...
2 years ago

CVE-2015-1209 - Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before ...
3 years ago

CVE-2001-1209 - Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. ...
15 years ago

CVE-2011-3166 - Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209. ...
12 years ago

CVE-2013-1209 - The encryption functionality in the Virtual Supervisor Module (VSM) to Virtual Ethernet Module (VEM) communication component in Cisco NX-OS on the Nexus 1000V does not properly authenticate VSM/VEM packets, which allows remote attackers to disable ...
11 years ago

CVE-2014-1209 - VMware vSphere Client 4.0, 4.1, 5.0 before Update 3, and 5.1 before Update 2 does not properly validate updates to Client files, which allows remote attackers to trigger the downloading and execution of an arbitrary program via unspecified vectors. ...
10 years ago

CVE-2016-1209 - The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via crafted serialized values in a POST request. ...
1 year ago

CVE-2002-1209 - Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, and possibly earlier, allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a GET request. ...
7 years ago

CVE-2004-1209 - Verisign Payflow Link, when running with empty Accepted URL fields, does not properly verify the data in the hidden AMOUNT field, which allows remote attackers to modify the price of the items that they purchase. ...
7 years ago

CVE-2008-1209 - Cross-site scripting (XSS) vulnerability in redirect.do in Xitex WebContent M1 allows remote attackers to inject arbitrary web script or HTML via the sid parameter. NOTE: the provenance of this information is unknown; the details are obtained solely ...
7 years ago

CVE-2011-1209 - IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.39 and 7.0 before 7.0.0.17 uses a weak WS-Security XML encryption algorithm, which makes it easier for remote attackers to obtain plaintext data from a (1) JAX-RPC or (2) JAX-WS Web Services ...
7 years ago

CVE-2010-1209 - Use-after-free vulnerability in the NodeIterator implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote attackers to execute arbitrary code via a crafted NodeFilter that detaches DOM ...
7 years ago

CVE-1999-1209 - Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges. ...
7 years ago

CVE-2017-1209 - IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...
7 years ago

CVE-2012-1209 - Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. ...
6 years ago

CVE-2000-1209 - The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) ...
6 years ago

CVE-2007-1209 - Use-after-free vulnerability in the Client/Server Run-time Subsystem (CSRSS) in Microsoft Windows Vista does not properly handle connection resources when starting and stopping processes, which allows local users to gain privileges by opening and ...
6 years ago

CVE-2006-1209 - PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a ...
6 years ago

CVE-2019-1209 - An information disclosure vulnerability exists in Lync 2013, aka 'Lync 2013 Information Disclosure Vulnerability'. ...
5 years ago

Latest Cyber News

CVE-2024-11858 - 6 hours ago
CVE-2024-7701 - 9 hours ago
CVE-2024-56082 - 15 hours ago
CVE-2024-56074 - 16 hours ago
CVE-2024-55969 - 16 hours ago
CVE-2024-56072 - 17 hours ago
CVE-2024-56073 - 17 hours ago
CVE-2024-55970 - 17 hours ago
CVE-2024-31892 - 1 day ago
CVE-2024-31891 - 1 day ago
CVE-2024-11721 - 1 day ago
CVE-2024-11720 - 1 day ago
CVE-2024-12446 - 1 day ago
CVE-2024-12628 - 1 day ago
CVE-2024-11711 - 1 day ago
CVE-2024-11712 - 1 day ago
CVE-2024-11713 - 1 day ago
CVE-2024-11714 - 1 day ago
CVE-2024-11715 - 1 day ago
CVE-2024-11710 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-55970 - 17 hours ago
CVE-2024-56072 - 17 hours ago
CVE-2024-56073 - 17 hours ago
CVE-2024-55969 - 16 hours ago
CVE-2024-56074 - 16 hours ago
CVE-2024-56082 - 15 hours ago
CVE-2024-7701 - 9 hours ago
CVE-2024-11858 - 6 hours ago
CVE-2022-43472 - 2 days ago
CVE-2022-44578 - 2 days ago
CVE-2022-45806 - 2 days ago
CVE-2022-45819 - 2 days ago
CVE-2022-45826 - 2 days ago
CVE-2022-45840 - 2 days ago
CVE-2022-45841 - 2 days ago
CVE-2022-46795 - 2 days ago
CVE-2022-46796 - 2 days ago
CVE-2022-46807 - 2 days ago
CVE-2022-46811 - 2 days ago
CVE-2022-46838 - 2 days ago