CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11951 CVE-2009-0090 264 Exec Code 2009-10-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, and 2.0 SP1 does not properly validate .NET verifiable code, which allows remote attackers to obtain unintended access to stack memory, and execute arbitrary code, via (1) a crafted XAML browser application (XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka "Microsoft .NET Framework Pointer Verification Vulnerability."
11952 CVE-2009-0088 20 Exec Code 2009-04-15 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."
11953 CVE-2009-0087 Exec Code Mem. Corr. 2009-04-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Word 6 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and the Word 6 text converter in Microsoft Office Word 2000 SP3 and 2002 SP3; allows remote attackers to execute arbitrary code via a crafted Word 6 file that contains malformed data, aka "WordPad and Office Text Converter Memory Corruption Vulnerability."
11954 CVE-2009-0086 189 Exec Code 2009-04-15 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
11955 CVE-2009-0084 94 Exec Code 2009-04-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
11956 CVE-2009-0081 20 Exec Code 2009-03-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
11957 CVE-2009-0076 399 Exec Code Mem. Corr. 2009-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
11958 CVE-2009-0075 399 Exec Code Mem. Corr. 2009-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
11959 CVE-2009-0070 189 DoS 2009-01-08 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
11960 CVE-2009-0065 119 Overflow 2009-01-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
11961 CVE-2009-0064 +Priv +Info 2009-04-24 2017-08-07
9.0
None Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.
11962 CVE-2009-0062 264 +Priv 2009-02-04 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.
11963 CVE-2009-0043 264 Exec Code 2009-01-08 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
11964 CVE-2009-0042 Bypass 2009-01-27 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
11965 CVE-2009-0012 119 Exec Code Overflow 2009-02-12 2011-01-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
11966 CVE-2009-0010 189 1 DoS Exec Code Overflow 2009-05-13 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
11967 CVE-2009-0007 119 DoS Exec Code Overflow 2009-01-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.
11968 CVE-2009-0006 189 DoS Exec Code Overflow 2009-01-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
11969 CVE-2009-0005 399 DoS Exec Code Mem. Corr. 2009-01-21 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
11970 CVE-2009-0004 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
11971 CVE-2009-0003 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
11972 CVE-2009-0002 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
11973 CVE-2009-0001 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
11974 CVE-2008-7319 77 Exec Code 2017-11-07 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
11975 CVE-2008-7252 310 2010-01-19 2011-01-28
10.0
None Remote Low Not required Complete Complete Complete
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
11976 CVE-2008-7249 119 Exec Code Overflow 2009-12-30 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.
11977 CVE-2008-7233 2009-09-14 2012-10-22
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator component, aka AS02.
11978 CVE-2008-7232 119 Exec Code Overflow 2009-09-14 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.
11979 CVE-2008-7230 2009-09-14 2009-09-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.
11980 CVE-2008-7228 134 2009-09-14 2009-12-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.
11981 CVE-2008-7225 119 DoS Exec Code Overflow 2009-09-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
11982 CVE-2008-7219 264 2009-09-13 2011-04-05
10.0
None Remote Low Not required Complete Complete Complete
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
11983 CVE-2008-7218 2009-09-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
11984 CVE-2008-7200 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors.
11985 CVE-2008-7198 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.
11986 CVE-2008-7197 2009-09-10 2009-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.
11987 CVE-2008-7196 2009-09-10 2009-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.
11988 CVE-2008-7190 XSS 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).
11989 CVE-2008-7189 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes."
11990 CVE-2008-7177 119 Overflow 2009-09-08 2018-10-31
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
11991 CVE-2008-7174 119 DoS Exec Code Overflow 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions.
11992 CVE-2008-7173 264 DoS Exec Code 2009-09-08 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
11993 CVE-2008-7170 264 Exec Code 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.
11994 CVE-2008-7168 2009-09-08 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
11995 CVE-2008-7164 2009-09-04 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.
11996 CVE-2008-7162 119 DoS Exec Code Overflow 2009-09-04 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
11997 CVE-2008-7158 78 Exec Code 2009-09-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.
11998 CVE-2008-7149 2009-09-01 2009-09-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.
11999 CVE-2008-7148 Exec Code 2009-09-01 2009-09-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.
12000 CVE-2008-7144 2009-09-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.