CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7551 CVE-2013-2348 DoS Exec Code 2014-01-03 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1892.
7552 CVE-2013-2347 DoS Exec Code 2014-01-03 2016-09-21
10.0
None Remote Low Not required Complete Complete Complete
The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885.
7553 CVE-2013-2346 DoS Exec Code 2014-01-03 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1870.
7554 CVE-2013-2345 DoS Exec Code 2014-01-03 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1869.
7555 CVE-2013-2344 DoS Exec Code 2014-01-03 2014-02-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1866.
7556 CVE-2013-2343 Exec Code 2013-07-02 2013-07-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP LeftHand Virtual SAN Appliance hydra with software before 10.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1510.
7557 CVE-2013-2340 Exec Code +Info 2013-07-06 2013-07-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and switches allows remote attackers to execute arbitrary code or obtain sensitive information via unknown vectors.
7558 CVE-2013-2338 Exec Code 2013-06-14 2013-06-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on HP Integrated Lights-Out 3 (aka iLO3) cards with firmware before 1.57 and 4 (aka iLO4) cards with firmware before 1.22, when Single-Sign-On (SSO) is used, allows remote attackers to execute arbitrary code via unknown vectors.
7559 CVE-2013-2335 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1733.
7560 CVE-2013-2334 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1681.
7561 CVE-2013-2333 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1680.
7562 CVE-2013-2332 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1654.
7563 CVE-2013-2331 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1652.
7564 CVE-2013-2330 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1638.
7565 CVE-2013-2329 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1637.
7566 CVE-2013-2328 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1636.
7567 CVE-2013-2327 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1635.
7568 CVE-2013-2326 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1634.
7569 CVE-2013-2325 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1633.
7570 CVE-2013-2324 Exec Code 2013-06-06 2013-06-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1629.
7571 CVE-2013-2298 119 Overflow 2014-06-02 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the XML parser in BOINC 7.x allow attackers to have unspecified impact via a crafted XML file, related to the scheduler.
7572 CVE-2013-2278 DoS Exec Code 2014-03-31 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to log messages and the "internal log handler to the Windows Event log."
7573 CVE-2013-2251 20 2013-07-19 2017-09-21
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
7574 CVE-2013-2250 20 2013-08-15 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions.
7575 CVE-2013-2135 94 Exec Code 2013-07-16 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted value that contains both "${}" and "%{}" sequences, which causes the OGNL code to be evaluated twice.
7576 CVE-2013-2134 94 Exec Code 2013-07-16 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
7577 CVE-2013-2115 94 Exec Code 2013-07-10 2013-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag. NOTE: this issue is due to an incomplete fix for CVE-2013-1966.
7578 CVE-2013-2100 310 2014-09-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and modify binary package lists via a crafted certificate.
7579 CVE-2013-2090 78 Exec Code 2014-05-27 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an email attachment. NOTE: some of these details are obtained from third party information.
7580 CVE-2013-2068 22 1 Dir. Trav. 2013-09-28 2014-01-13
9.4
None Remote Low Not required None Complete Complete
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the filename parameter to the (1) log, (2) upload, or (3) linuxpkgs method.
7581 CVE-2013-2019 119 Overflow 2014-06-02 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BOINC 6.10.58 and 6.12.34 allows remote attackers to have unspecified impact via multiple file_signature elements.
7582 CVE-2013-1966 94 Exec Code 2013-07-10 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts 2 before 2.3.14.1 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) A tag.
7583 CVE-2013-1965 94 Exec Code 2013-07-10 2018-11-23
9.3
None Remote Medium Not required Complete Complete Complete
Apache Struts Showcase App 2.0.0 through 2.3.13, as used in Struts 2 before 2.3.14.1, allows remote attackers to execute arbitrary OGNL code via a crafted parameter name that is not properly handled when invoking a redirect.
7584 CVE-2013-1961 119 DoS Overflow 2013-07-03 2016-12-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the t2p_write_pdf_page function in tiff2pdf in libtiff before 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted image length and resolution in a TIFF image file.
7585 CVE-2013-1960 119 DoS Exec Code Overflow 2013-07-03 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the t2p_process_jpeg_strip function in tiff2pdf in libtiff 4.0.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image file.
7586 CVE-2013-1948 Exec Code 2013-04-25 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
7587 CVE-2013-1947 78 Exec Code 2013-04-25 2013-05-01
9.3
None Remote Medium Not required Complete Complete Complete
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_image.rb.
7588 CVE-2013-1933 78 Exec Code 2013-04-25 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a PDF filename.
7589 CVE-2013-1903 264 2013-04-04 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL, possibly 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 incorrectly provides the superuser password to scripts related to "graphical installers for Linux and Mac OS X," which has unspecified impact and attack vectors.
7590 CVE-2013-1902 2013-04-04 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
PostgreSQL, 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, 8.4.x before 8.4.17, and 8.3.x before 8.3.23 generates insecure temporary files with predictable filenames, which has unspecified impact and attack vectors related to "graphical installers for Linux and Mac OS X."
7591 CVE-2013-1868 119 DoS Exec Code Overflow 2013-07-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in VideoLAN VLC media player 2.0.4 and earlier allow remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to the (1) freetype renderer and (2) HTML subtitle parser.
7592 CVE-2013-1777 94 Exec Code 2013-07-11 2014-04-01
10.0
None Remote Low Not required Complete Complete Complete
The JMX Remoting functionality in Apache Geronimo 3.x before 3.0.1, as used in IBM WebSphere Application Server (WAS) Community Edition 3.0.0.3 and other products, does not properly implement the RMI classloader, which allows remote attackers to execute arbitrary code by using the JMX connector to send a crafted serialized object.
7593 CVE-2013-1750 119 Exec Code Overflow 2013-03-20 2013-03-21
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer before 16.0.1.18 and RealPlayer SP 1.0 through 1.1.5 allows remote attackers to execute arbitrary code via a malformed MP4 file.
7594 CVE-2013-1738 399 Exec Code 2013-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the JS_GetGlobalForScopeChain function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code by leveraging incorrect garbage collection in situations involving default compartments and frame-chain restoration.
7595 CVE-2013-1736 119 DoS Exec Code Overflow Mem. Corr. 2013-09-18 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The nsGfxScrollFrameInner::IsLTR function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to improperly establishing parent-child relationships of range-request nodes.
7596 CVE-2013-1735 20 Exec Code 2013-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::layout::ScrollbarActivity function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via vectors related to image-document scrolling.
7597 CVE-2013-1732 119 Exec Code Overflow 2013-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the nsFloatManager::GetFlowArea function in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code via crafted use of lists and floats within a multi-column layout.
7598 CVE-2013-1724 399 DoS Exec Code Mem. Corr. 2013-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the mozilla::dom::HTMLFormElement::IsDefaultSubmitElement function in Mozilla Firefox before 24.0, Thunderbird before 24.0, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving a destroyed SELECT element.
7599 CVE-2013-1722 399 DoS Exec Code Mem. Corr. 2013-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the nsAnimationManager::BuildAnimations function in the Animation Manager in Mozilla Firefox before 24.0, Firefox ESR 17.x before 17.0.9, Thunderbird before 24.0, Thunderbird ESR 17.x before 17.0.9, and SeaMonkey before 2.21 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via vectors involving stylesheet cloning.
7600 CVE-2013-1721 119 Exec Code Overflow 2013-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the drawLineLoop function in the libGLESv2 library in Almost Native Graphics Layer Engine (ANGLE), as used in Mozilla Firefox before 24.0 and SeaMonkey before 2.21, allows remote attackers to execute arbitrary code via a crafted web site.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.