CVE-2009-3496
published 2009-09-30CVE-2009-3496: Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the…
PriorityP418medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
1.45%
70.1th percentile
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r7jg-rv4q-6j69: Cross-site scripting (XSS) vulnerability in view_mag
ghsa_unreviewed·2022-05-02
CVE-2009-3496 [MEDIUM] CWE-79 GHSA-r7jg-rv4q-6j69: Cross-site scripting (XSS) vulnerability in view_mag
Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter.
Red Hat
kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing
vendor_redhat·2008-07-31·CVSS 10.0
CVE-2008-3496 [CRITICAL] kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing
kernel: uvcvideo: Fix a buffer overflow in format descriptor parsing
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
Statement: Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5 or Red Hat Enterprise MRG.
The uvcvideo driver was first added in kernel packages update RHSA-2009:0225 in Red Hat Enterprise Linux 5.3, and it already contained a fix for this flaw.
No detection rules found.
No writeups or analysis indexed.
http://antisecurity.org/dvd-zone-view_mag-phpmag_id-bsqlxss-multiple-remote-vulnerabilities.antisecurityhttp://secunia.com/advisories/36843http://www.securityfocus.com/bid/36487http://www.vupen.com/english/advisories/2009/2735http://antisecurity.org/dvd-zone-view_mag-phpmag_id-bsqlxss-multiple-remote-vulnerabilities.antisecurityhttp://secunia.com/advisories/36843http://www.securityfocus.com/bid/36487http://www.vupen.com/english/advisories/2009/2735
2009-09-30
Published