CVE-2009-4356

Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file.

Publication date: Sat, 19 Dec 2009 01:30:00 +0000

Cyber News related to CVE-2009-4356

CVE-2009-3403 - Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes ...
11 years ago

CVE-2010-0079 - Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps ...
11 years ago

CVE-2009-3239 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-2139, CVE-2009-2140. Reason: This candidate is a duplicate of CVE-2009-2139 and CVE-2009-2140. Notes: All CVE users should reference CVE-2009-2139 and CVE-2009-2140 instead of ...
54 years ago Tenable.com

CVE-2009-4212 - Multiple integer underflows in the (1) AES and (2) RC4 decryption functionality in the crypto library in MIT Kerberos 5 (aka krb5) 1.3 through 1.6.3, and 1.7 before 1.7.1, allow remote attackers to cause a denial of service (daemon crash) or possibly ...
4 years ago

CVE-2009-4356 - Multiple integer overflows in the jpeg.w5s and png.w5s filters in Winamp before 5.57 allow remote attackers to execute arbitrary code via malformed (1) JPEG or (2) PNG data in an MP3 file. ...
5 years ago

CVE-2016-4574 - Off-by-one error in the append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.4 allows remote attackers to cause a denial of service (out-of-bounds read) via invalid utf-8 encoded data. NOTE: this vulnerability exists because of ...
6 months ago

CVE-2010-4356 - SQL injection vulnerability in news_default.asp in Site2Nite Big Truck Broker allows remote attackers to execute arbitrary SQL commands via the txtSiteId parameter. ...
13 years ago

CVE-2005-4356 - SQL injection vulnerability in UStore allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. NOTE: the provenance of this information is unknown; the details are obtained solely from third party ...
13 years ago

CVE-2011-4356 - Celery 2.1 and 2.2 before 2.2.8, 2.3 before 2.3.4, and 2.4 before 2.4.4 changes the effective id but not the real id during processing of the --uid and --gid arguments to celerybeat, celeryd_detach, celeryd-multi, and celeryev, which allows local ...
12 years ago

CVE-2012-4356 - Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode ...
11 years ago

CVE-2015-4356 - Cross-site scripting (XSS) vulnerability in the view-based webform results table in the Webform module 7.x-4.x before 7.x-4.4 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a webform. ...
9 years ago

CVE-2013-4356 - Xen 4.3.x writes hypervisor mappings to certain shadow pagetables when live migration is performed on hosts with more than 5TB of RAM, which allows local 64-bit PV guests to read or write to invalid memory and cause a denial of service (crash). ...
7 years ago

CVE-2006-4356 - SQL injection vulnerability in Drupal Easylinks Module (easylinks.module) 4.7 before 1.5.2.1 2006/08/19 12:02:27 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. ...
6 years ago

CVE-2014-4356 - Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen. ...
6 years ago

CVE-2008-4356 - Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result ...
6 years ago

CVE-2018-4356 - A permissions issue existed. This issue was addressed with improved permission validation. This issue affected versions prior to iOS 12. ...
3 years ago

CVE-2007-4356 - Microsoft Internet Explorer 6 and 7 embeds FTP credentials in HTML files that are retrieved during an FTP session, which allows context-dependent attackers to obtain sensitive information by reading the HTML source, as demonstrated by a (1) .htm, (2) ...
2 years ago

CVE-2022-4356 - The LetsRecover WordPress plugin before 1.2.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin ...
1 year ago

CVE-2016-4356 - The append_utf8_value function in the DN decoder (dn.c) in Libksba before 1.3.3 allows remote attackers to cause a denial of service (out-of-bounds read) by clearing the high bit of the byte after invalid utf-8 encoded data. ...
6 months ago

CVE-2021-4356 - The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Download ...
1 year ago

CVE-2023-4356 - Use after free in Audio in Google Chrome prior to 116.0.5845.96 allowed a remote attacker who has convinced a user to engage in specific UI interaction to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: ...
10 months ago

CVE-2017-4356 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-4356 - The List categories plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'categories' shortcode in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping on user ...
1 month ago

CVE-2009-0795 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0796, CVE-2009-1265. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a different issue. Notes: All CVE users should consult ...
54 years ago Tenable.com

CVE-2009-4778 - Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow ...
14 years ago

Latest Cyber News

CVE-2024-6440 - 1 hour ago
CVE-2024-6439 - 1 hour ago
CVE-2024-6438 - 1 hour ago
CVE-2024-6264 - 1 hour ago
CVE-2024-6099 - 1 hour ago
CVE-2024-6088 - 1 hour ago
CVE-2024-4268 - 1 hour ago
CVE-2024-34593 - 2 hours ago
CVE-2024-20897 - 2 hours ago
CVE-2024-20888 - 2 hours ago
CVE-2024-20894 - 2 hours ago
CVE-2024-6012 - 2 hours ago
CVE-2024-6011 - 2 hours ago
CVE-2024-34601 - 2 hours ago
CVE-2024-34600 - 2 hours ago
CVE-2024-34599 - 2 hours ago
CVE-2024-34597 - 2 hours ago
CVE-2024-34596 - 2 hours ago
CVE-2024-34595 - 2 hours ago
CVE-2024-34594 - 2 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-34593 - 2 hours ago
CVE-2024-20897 - 2 hours ago
CVE-2024-20888 - 2 hours ago
CVE-2024-20894 - 2 hours ago
CVE-2024-6012 - 2 hours ago
CVE-2024-6011 - 2 hours ago
CVE-2024-34601 - 2 hours ago
CVE-2024-34600 - 2 hours ago
CVE-2024-34599 - 2 hours ago
CVE-2024-34597 - 2 hours ago
CVE-2024-34596 - 2 hours ago
CVE-2024-34595 - 2 hours ago
CVE-2024-34594 - 2 hours ago
CVE-2024-34592 - 2 hours ago
CVE-2024-34591 - 2 hours ago
CVE-2024-34590 - 2 hours ago
CVE-2024-34589 - 2 hours ago
CVE-2024-34588 - 2 hours ago
CVE-2024-34587 - 2 hours ago
CVE-2024-34586 - 2 hours ago