CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12051 CVE-2008-6959 2009-08-12 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647.
12052 CVE-2008-6954 264 Exec Code 2009-08-12 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
12053 CVE-2008-6953 119 DoS Exec Code Overflow 2009-08-12 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
12054 CVE-2008-6937 94 DoS 2009-08-11 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12055 CVE-2008-6936 94 DoS 2009-08-11 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.
12056 CVE-2008-6935 94 DoS 2009-08-11 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.
12057 CVE-2008-6922 119 Exec Code Overflow 2009-08-10 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.
12058 CVE-2008-6916 287 Bypass 2009-08-07 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Siemens SpeedStream 5200 with NetPort Software 1.1 allows remote attackers to bypass authentication via an invalid Host header, possibly involving a trailing dot in the hostname.
12059 CVE-2008-6904 DoS Exec Code 2009-08-05 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sophos SAVScan 4.33.0 for Linux, and possibly other products and versions, allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via crafted files that have been packed with (1) armadillo, (2) asprotect, or (3) asprotectSKE.
12060 CVE-2008-6899 119 DoS Exec Code Overflow 2009-08-05 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.
12061 CVE-2008-6898 119 1 DoS Exec Code Overflow 2009-08-05 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.
12062 CVE-2008-6897 119 DoS Exec Code Overflow 2009-08-05 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Getleft.exe in Andres Garcia Getleft 1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) "a" HTML tag; a long src attribute in (2) embed, (3) img, or (4) script tags; (5) a long background attribute in a body tag; and other unspecified tags.
12063 CVE-2008-6834 22 Exec Code Dir. Trav. 2009-06-22 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in fuzzylime (cms) 3.01 and 3.01a allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the s parameter to code/commupdate.php in a count action or (2) the heads parameter to code/newsheads.php. NOTE: the blog.php vector is already covered by CVE-2008-3164.
12064 CVE-2008-6833 22 Dir. Trav. 2009-06-22 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in commsrss.php in fuzzylime (cms) before 3.01b allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in a files array element for a blogs action, as demonstrated by the files[0] parameter.
12065 CVE-2008-6826 20 Exec Code 2009-06-08 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
dhtml.pl in MHF Media Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter, as demonstrated using the (1) advert_top.htm or (2) advert_login.htm pages.
12066 CVE-2008-6824 310 2009-06-04 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The management interface on the A-LINK WL54AP3 and WL54AP2 access points has a blank default password for the admin account, which makes it easier for remote attackers to obtain access.
12067 CVE-2008-6821 119 DoS Exec Code Overflow 2009-06-03 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the DAS server in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 might allow attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors, a different vulnerability than CVE-2007-3676 and CVE-2008-3853.
12068 CVE-2008-6820 16 2009-06-03 2009-08-12
10.0
None Remote Low Not required Complete Complete Complete
The db2fmp process in IBM DB2 8 before FP17, 9.1 before FP5, and 9.5 before FP2 on Windows runs with "OS privilege," which has unknown impact and attack vectors, a different vulnerability than CVE-2008-3856.
12069 CVE-2008-6816 287 Exec Code 2009-05-28 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Eaton MGEOPS Network Shutdown Module before 3.10 Build 13 allows remote attackers to execute arbitrary code by adding a custom action to the MGE frontend via pane_actionbutton.php, and then executing this action via exec_action.php.
12070 CVE-2008-6767 DoS 2009-04-28 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote attackers to upgrade the application, and possibly cause a denial of service (application outage), via a direct request.
12071 CVE-2008-6761 94 2009-04-28 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in admin/install.php in Flexcustomer 0.0.6 might allow remote attackers to inject arbitrary PHP code into const.inc.php via the installdbname parameter (aka the Database Name field). NOTE: the installation instructions specify deleting admin/install.php.
12072 CVE-2008-6748 94 Exec Code 2009-04-24 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
12073 CVE-2008-6734 22 Dir. Trav. 2009-04-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Public/index.php in Keller Web Admin CMS 0.94 Pro allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter.
12074 CVE-2008-6731 20 Exec Code 2009-04-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in submitlink.php in FlexPHPLink Pro 0.0.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the renamed file in linkphoto/.
12075 CVE-2008-6711 Exec Code 2009-04-10 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated users to execute arbitrary commands via unknown vectors related to "viewing system logs."
12076 CVE-2008-6710 +Priv 2009-04-10 2017-08-16
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Web administration interface in Avaya Communication Manager 3.1.x before CM 3.1.4 SP2 and 4.0.x before 4.0.3 SP1 allows remote authenticated administrators to gain root privileges via unknown vectors related to "configuring data viewing or restoring credentials."
12077 CVE-2008-6709 Exec Code 2009-04-10 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x, allows remote authenticated users to execute arbitrary commands via unknown vectors related to configuration of "local data viewing or restoring parameters."
12078 CVE-2008-6708 +Priv 2009-04-10 2017-08-16
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Web management interface in Avaya SIP Enablement Services (SES) 3.x and 4.0, as used with Avaya Communication Manager 3.1.x and 4.x, allows remote authenticated administrators to gain root privileges via unknown vectors related to configuration of "data viewing or restoring parameters."
12079 CVE-2008-6703 119 Exec Code Overflow 2009-04-10 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.
12080 CVE-2008-6651 94 2009-04-07 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.
12081 CVE-2008-6604 22 Dir. Trav. 2009-04-04 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in PicoFlat CMS 0.5.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pagina parameter, a different vulnerability than CVE-2007-5390.
12082 CVE-2008-6602 2009-04-03 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Download Center Lite before 2.1 has unknown impact and attack vectors related to "A minor security fix."
12083 CVE-2008-6598 362 2009-04-03 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."
12084 CVE-2008-6588 255 2009-04-03 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Aztech ADSL2/2+ 4-port router has a default "isp" account with a default "isp" password, which allows remote attackers to obtain access if this default is not changed.
12085 CVE-2008-6583 119 DoS Exec Code Overflow 2009-04-03 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file.
12086 CVE-2008-6578 DoS Exec Code +Priv +Info 2009-04-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Nortel Communication Server 1000 4.50.x allow remote attackers to execute arbitrary commands to gain privileges, obtain sensitive information, or cause a denial of service via unknown vectors.
12087 CVE-2008-6577 255 +Priv 2009-04-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Nortel MG1000S, Signaling Server, and Call Server on the Communications Server 1000 (CS1K) 4.50.x contain multiple unspecified hard-coded accounts and passwords, which allows remote attackers to gain privileges.
12088 CVE-2008-6566 2009-03-31 2009-03-31
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Octopussy before 0.9.5.8 has unknown impact and attack vectors related to a "major security" vulnerability.
12089 CVE-2008-6563 119 DoS Exec Code Overflow 2009-03-31 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the XML parser in Trillian 3.1.9.0, and possibly earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted DTD file.
12090 CVE-2008-6557 20 Exec Code 2009-03-30 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.7 allows remote attackers to execute arbitrary commands via shell metacharacters in the details command.
12091 CVE-2008-6556 20 Exec Code 2009-03-30 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
cgi-bin/webutil.pl in The Puppet Master WebUtil 2.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the whois command.
12092 CVE-2008-6555 20 Exec Code 2009-03-30 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
cgi-bin/webutil.pl in The Puppet Master WebUtil allows remote attackers to execute arbitrary commands via shell metacharacters in the dig command.
12093 CVE-2008-6554 78 Exec Code 2009-03-30 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
cgi-bin/script in Aztech ADSL2/2+ 4-port router 3.7.0 build 070426 allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
12094 CVE-2008-6546 2009-03-29 2009-03-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions."
12095 CVE-2008-6536 2009-03-29 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in 7-zip before 4.5.7 has unknown impact and remote attack vectors, as demonstrated by the PROTOS GENOME test suite for Archive Formats (c10).
12096 CVE-2008-6520 134 DoS Exec Code 2009-03-25 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
12097 CVE-2008-6519 134 DoS Exec Code 2009-03-25 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
12098 CVE-2008-6474 94 2009-03-16 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
12099 CVE-2008-6447 119 Exec Code Overflow 2009-03-09 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
12100 CVE-2008-6444 119 Exec Code Overflow 2009-03-09 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.