CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13451 CVE-2007-3150 2007-06-11 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Google Desktop allows user-assisted remote attackers to execute arbitrary programs via a man-in-the-middle attack that injects JavaScript, a www.google.com search IFRAME, and a META HTTP-EQUIV="refresh" that targets a www.google.com search for a local .exe file, which is displayed in the "results stored on your computer" portion of the search results, and when clicked invokes Google Desktop to execute this file.
13452 CVE-2007-3148 119 Exec Code Overflow 2007-06-11 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
13453 CVE-2007-3147 119 Exec Code Overflow 2007-06-11 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
13454 CVE-2007-3111 Exec Code Overflow 2007-06-07 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
13455 CVE-2007-3095 Bypass 2007-06-06 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
13456 CVE-2007-3094 Exec Code 2007-06-06 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
13457 CVE-2007-3093 Exec Code 2007-06-06 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the logging mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote attackers to execute arbitrary code via unspecified vectors, related to the WBEM server.
13458 CVE-2007-3092 2007-06-06 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 allows remote attackers to spoof the URL bar, and page properties including SSL certificates, by interrupting page loading through certain use of location DOM objects and setTimeout calls. NOTE: this issue can be leveraged for phishing and other attacks.
13459 CVE-2007-3071 Exec Code Overflow 2007-06-06 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
13460 CVE-2007-3047 2007-06-05 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access.
13461 CVE-2007-3041 Exec Code Mem. Corr. 2007-08-14 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability."
13462 CVE-2007-3040 119 Exec Code Overflow 2007-09-11 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in agentdpv.dll 2.0.0.3425 in Microsoft Agent on Windows 2000 SP4 allows remote attackers to execute arbitrary code via a crafted URL to the Agent (Agent.Control) ActiveX control, which triggers an overflow within the Agent Service (agentsrv.exe) process, a different issue than CVE-2007-1205.
13463 CVE-2007-3039 119 Exec Code Overflow 2007-12-11 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
13464 CVE-2007-3034 189 Exec Code Overflow 2007-08-14 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
13465 CVE-2007-3029 Exec Code Mem. Corr. 2007-07-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2002 SP3 and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a malformed Excel file containing multiple active worksheets, which results in memory corruption.
13466 CVE-2007-3027 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."
13467 CVE-2007-3026 Exec Code Overflow 2007-07-25 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Panda Software AdminSecure allows remote attackers to execute arbitrary code via crafted packets with modified length values to TCP ports 19226 or 19227, resulting in a heap-based buffer overflow.
13468 CVE-2007-3023 2007-06-07 2012-10-30
10.0
None Remote Low Not required Complete Complete Complete
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
13469 CVE-2007-3010 20 Exec Code 2007-09-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server R7.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the user parameter during a ping action.
13470 CVE-2007-2987 119 Exec Code Overflow 2007-06-01 2011-09-20
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
13471 CVE-2007-2985 264 Exec Code Bypass +Info 2007-06-01 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator's username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or (2) upload and execute arbitrary PHP code via an update_doc action in edit.php.
13472 CVE-2007-2983 119 Exec Code Overflow 2007-10-25 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the British Telecommunications Consumer webhelper ActiveX control before 2.0.0.8 in btwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.
13473 CVE-2007-2982 Exec Code Overflow 2007-05-31 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.
13474 CVE-2007-2981 119 Exec Code Overflow 2007-05-31 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in LEAD Technologies LEADTOOLS Raster OCR Document Object Library (ltrdc14e.dll) 14.5.0.44 allows remote attackers to execute arbitrary code via a long DictionaryFileName property.
13475 CVE-2007-2974 Exec Code Overflow 2007-05-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the file parsing engine in Avira Antivir Antivirus before 7.03.00.09 allows remote attackers to execute arbitrary code via a crafted LZH archive file, resulting from an "integer cast around."
13476 CVE-2007-2967 20 DoS 2007-05-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.
13477 CVE-2007-2957 189 Exec Code Overflow 2007-10-31 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.
13478 CVE-2007-2954 119 Exec Code Overflow 2007-08-31 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2 through SP4 for Windows allow remote attackers to execute arbitrary code via certain long arguments to the (1) RpcAddPrinterDriver, (2) RpcGetPrinterDriverDirectory, and other unspecified RPC requests, aka Novell bug 300870, a different vulnerability than CVE-2006-5854.
13479 CVE-2007-2952 119 Exec Code Overflow 2008-08-01 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the filter service (aka k9filter.exe) in Blue Coat K9 Web Protection 3.2.44 with Filter 3.2.32 allow (1) remote attackers to execute arbitrary code via a long HTTP Referer header to the K9 Web Protection Administration interface and (2) man-in-the-middle attackers to execute arbitrary code via an HTTP response with a long HTTP version field.
13480 CVE-2007-2951 Exec Code 2007-06-26 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
The parseIrcUrl function in src/kvirc/kernel/kvi_ircurl.cpp in KVIrc 3.2.0 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in an (1) irc:// or (2) irc6:// URI.
13481 CVE-2007-2948 Exec Code Overflow 2007-06-07 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in stream/stream_cddb.c in MPlayer before 1.0rc1try3 allow remote attackers to execute arbitrary code via a CDDB entry with a long (1) album title or (2) category.
13482 CVE-2007-2946 DoS Exec Code Overflow 2007-05-30 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in LeadTools Raster Dialog File_D Object (LTRDFD14e.DLL) 14.5.0.44 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or execute arbitrary code via a long DestinationPath property value.
13483 CVE-2007-2938 Exec Code Overflow 2007-05-30 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1) Send485CMD method, and possibly the (2) SetLoginID, (3) AddSite, (4) SetScreen, and (5) SetVideoServer methods.
13484 CVE-2007-2931 20 Exec Code Overflow 2007-08-31 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.
13485 CVE-2007-2924 Exec Code Overflow 2007-06-19 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks GameHouse dldisplay ActiveX control (ghdlctl.dll) allow remote attackers to execute arbitrary code via unknown vectors.
13486 CVE-2007-2923 Exec Code 2007-06-18 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.
13487 CVE-2007-2921 Exec Code Overflow 2007-06-14 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.
13488 CVE-2007-2920 Exec Code Overflow 2007-06-11 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
13489 CVE-2007-2919 DoS Exec Code Overflow 2007-06-06 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.
13490 CVE-2007-2917 Exec Code Overflow 2007-05-31 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.
13491 CVE-2007-2884 20 DoS Exec Code Overflow 2007-05-29 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
13492 CVE-2007-2881 Exec Code Overflow 2007-05-29 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
13493 CVE-2007-2868 94 DoS Exec Code Mem. Corr. 2007-05-31 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
13494 CVE-2007-2867 119 DoS Overflow 2007-05-31 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
13495 CVE-2007-2865 XSS 2007-05-25 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
13496 CVE-2007-2864 Exec Code Overflow 2007-06-06 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
13497 CVE-2007-2863 Exec Code Overflow 2007-06-06 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
13498 CVE-2007-2856 119 Exec Code Overflow 2007-05-24 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.
13499 CVE-2007-2855 119 Exec Code Overflow 2007-05-24 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.
13500 CVE-2007-2853 Exec Code 2007-05-24 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.