CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
7851 CVE-2013-5333 119 DoS Exec Code Overflow Mem. Corr. 2013-12-11 2013-12-12
10.0
None Remote Low Not required Complete Complete Complete
Adobe Shockwave Player before 12.0.7.148 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5334.
7852 CVE-2013-5332 94 DoS Exec Code Mem. Corr. 2013-12-11 2018-12-13
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
7853 CVE-2013-5331 94 Exec Code 2013-12-11 2018-12-13
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.257 and 11.8.x and 11.9.x before 11.9.900.170 on Windows and Mac OS X and before 11.2.202.332 on Linux, Adobe AIR before 3.9.0.1380, Adobe AIR SDK before 3.9.0.1380, and Adobe AIR SDK & Compiler before 3.9.0.1380 allow remote attackers to execute arbitrary code via crafted .swf content that leverages an unspecified "type confusion," as exploited in the wild in December 2013.
7854 CVE-2013-5330 119 DoS Exec Code Overflow Mem. Corr. 2013-11-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5329.
7855 CVE-2013-5329 119 DoS Exec Code Overflow Mem. Corr. 2013-11-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.252 and 11.8.x and 11.9.x before 11.9.900.152 on Windows and Mac OS X and before 11.2.202.327 on Linux, Adobe AIR before 3.9.0.1210, Adobe AIR SDK before 3.9.0.1210, and Adobe AIR SDK & Compiler before 3.9.0.1210 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-5330.
7856 CVE-2013-5327 119 DoS Exec Code Overflow Mem. Corr. 2013-10-09 2013-10-10
10.0
None Remote Low Not required Complete Complete Complete
MDBMS.dll in Adobe RoboHelp 10 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
7857 CVE-2013-5325 94 Exec Code 2013-10-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 11.x before 11.0.05 on Windows allow remote attackers to execute arbitrary JavaScript code in a javascript: URL via a crafted PDF document.
7858 CVE-2013-5324 119 DoS Exec Code Overflow Mem. Corr. 2013-09-12 2018-12-13
10.0
None Remote Low Not required Complete Complete Complete
Adobe Flash Player before 11.7.700.242 and 11.8.x before 11.8.800.168 on Windows and Mac OS X, before 11.2.202.310 on Linux, before 11.1.111.73 on Android 2.x and 3.x, and before 11.1.115.81 on Android 4.x; Adobe AIR before 3.8.0.1430; and Adobe AIR SDK & Compiler before 3.8.0.1430 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-3361, CVE-2013-3362, and CVE-2013-3363.
7859 CVE-2013-5303 2013-08-16 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Store Locator (locator) extension before 3.1.5 for TYPO3 has unknown impact and remote attack vectors, related to "Insecure Unserialize."
7860 CVE-2013-5139 119 DoS Exec Code Overflow 2013-09-19 2014-03-05
9.3
None Remote Medium Not required Complete Complete Complete
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
7861 CVE-2013-5133 264 2014-03-14 2014-03-14
8.8
None Remote Medium Not required None Complete Complete
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
7862 CVE-2013-5056 416 DoS Exec Code Mem. Corr. 2013-12-10 2019-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Scripting Runtime Object Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site that is visited with Internet Explorer, aka "Use-After-Free Vulnerability in Microsoft Scripting Runtime Object Library."
7863 CVE-2013-5052 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
7864 CVE-2013-5051 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
7865 CVE-2013-5049 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
7866 CVE-2013-5048 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5047.
7867 CVE-2013-5047 119 DoS Exec Code Overflow Mem. Corr. 2013-12-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-5048.
7868 CVE-2013-5034 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5033.
7869 CVE-2013-5033 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5032, and CVE-2013-5034.
7870 CVE-2013-5032 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5031, CVE-2013-5033, and CVE-2013-5034.
7871 CVE-2013-5031 2014-01-12 2014-01-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Atmail before 6.6.4, and 7.x before 7.1.2, has unknown impact and attack vectors, a different vulnerability than CVE-2013-5032, CVE-2013-5033, and CVE-2013-5034.
7872 CVE-2013-5026 Exec Code 2013-08-06 2013-09-17
9.3
None Remote Medium Not required Complete Complete Complete
An ActiveX control in lookout650.ocx, lookout660.ocx, and lookout670.ocx in National Instruments Lookout 6.5 through 6.7 allows remote attackers to execute arbitrary code by triggering the download of, and calls to, an arbitrary DLL file.
7873 CVE-2013-5022 22 Dir. Trav. 2013-08-06 2013-09-17
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the 3D Graph ActiveX control in cw3dgrph.ocx in National Instruments LabWindows/CVI 2012 SP1 and earlier, LabVIEW 2012 SP1 and earlier, and other products allows remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method, in conjunction with file content in the (1) Caption or (2) FormatString property value.
7874 CVE-2013-5021 22 Dir. Trav. 2013-08-06 2013-09-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in National Instruments cwui.ocx, as used in National Instruments LabWindows/CVI 2012 SP1 and earlier, National Instruments LabVIEW 2012 SP1 and earlier, the Data Analysis component in ABB DataManager 1 through 6.3.6, and other products allow remote attackers to create and execute arbitrary files via a full pathname in an argument to the ExportStyle method in the (1) CWNumEdit, (2) CWGraph, (3) CWBoolean, (4) CWSlide, or (5) CWKnob ActiveX control, in conjunction with file content in the (a) Caption or (b) FormatString property value.
7875 CVE-2013-5019 119 3 Exec Code Overflow 2013-07-31 2018-04-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Ultra Mini HTTPD 1.21 allows remote attackers to execute arbitrary code via a long resource name in an HTTP request.
7876 CVE-2013-4988 119 1 Exec Code Overflow 2013-12-13 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
7877 CVE-2013-4987 264 +Priv 2013-11-07 2013-11-08
8.5
None Remote Medium Single system Complete Complete Complete
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
7878 CVE-2013-4983 78 Exec Code 2013-09-10 2013-10-09
10.0
None Remote Low Not required Complete Complete Complete
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
7879 CVE-2013-4981 119 DoS Exec Code Overflow 2014-03-03 2014-03-04
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the Network.SMTP.Receivers parameter.
7880 CVE-2013-4980 119 DoS Exec Code Overflow 2014-03-03 2014-03-04
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device crash) and possibly execute arbitrary code via a long string in the URI in an RTSP SETUP request.
7881 CVE-2013-4979 119 Exec Code Overflow 2014-01-31 2014-02-21
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the gldll32.dll module in EPS Viewer 3.2 and earlier allows remote attackers to execute arbitrary code via a crafted EPS file.
7882 CVE-2013-4978 119 Exec Code Overflow 2014-02-05 2014-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
7883 CVE-2013-4977 119 DoS Exec Code Overflow 2014-03-03 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
7884 CVE-2013-4974 119 DoS Exec Code Overflow Mem. Corr. 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealMedia file.
7885 CVE-2013-4973 119 Exec Code Overflow 2013-08-26 2013-09-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
7886 CVE-2013-4937 2013-07-26 2013-07-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the AiCloud feature on the ASUS RT-AC66U, RT-N66U, RT-N65U, RT-N14U, RT-N16, RT-N56U, and DSL-N55U with firmware before 3.0.4.372 have unknown impact and attack vectors.
7887 CVE-2013-4860 264 2014-06-05 2017-08-28
8.3
None Local Network Low Not required Complete Complete Complete
Radio Thermostat CT80 And CT50 with firmware 1.4.64 and earlier does not restrict access to the API, which allows remote attackers to change the operation mode, wifi connection settings, temperature thresholds, and other settings via unspecified vectors.
7888 CVE-2013-4841 Exec Code 2014-02-26 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in dbd_manager in LeftHand OS before 11.0 in HP StoreVirtual 4000 and StoreVirtual VSA Software (formerly LeftHand Virtual SAN Appliance) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1509.
7889 CVE-2013-4838 Exec Code 2013-11-04 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1850.
7890 CVE-2013-4837 Exec Code 2013-11-04 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
7891 CVE-2013-4822 Exec Code 2013-10-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
7892 CVE-2013-4813 94 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
The Agent (aka AgentController) servlet in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 allows remote attackers to execute arbitrary commands via a HEAD request, aka ZDI-CAN-1745.
7893 CVE-2013-4812 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
7894 CVE-2013-4811 20 Exec Code 2013-09-16 2013-09-25
10.0
None Remote Low Not required Complete Complete Complete
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
7895 CVE-2013-4810 94 Exec Code 2013-09-16 2017-10-04
10.0
None Remote Low Not required Complete Complete Complete
HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet, aka ZDI-CAN-1760. NOTE: this is probably a duplicate of CVE-2007-1036, CVE-2010-0738, and/or CVE-2012-0874.
7896 CVE-2013-4808 2013-08-17 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
7897 CVE-2013-4805 Bypass 2013-08-05 2013-08-22
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in HP Integrated Lights-Out 3 (aka iLO3) firmware before 1.60 and 4 (aka iLO4) firmware before 1.30 allows remote attackers to bypass authentication via unknown vectors.
7898 CVE-2013-4804 Exec Code +Info 2013-10-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Business Process Monitor 9.13.1 patch 1 and 9.22 patch 1 allows remote attackers to execute arbitrary code and obtain sensitive information via unknown vectors.
7899 CVE-2013-4800 Exec Code 2013-07-29 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1735.
7900 CVE-2013-4798 Exec Code 2013-07-29 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1705.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.