CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
8401 CVE-2008-0726 189 Exec Code Overflow Mem. Corr. 2008-02-12 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
8402 CVE-2008-0747 119 Exec Code Overflow 2008-02-13 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
8403 CVE-2008-0805 264 Exec Code 2008-02-18 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
8404 CVE-2008-0888 119 DoS Exec Code Overflow 2008-03-17 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
8405 CVE-2008-0948 119 DoS Exec Code Overflow 2008-03-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
8406 CVE-2008-0951 94 Exec Code 2008-03-24 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Windows Vista does not properly enforce the NoDriveTypeAutoRun registry value, which allows user-assisted remote attackers, and possibly physically proximate attackers, to execute arbitrary code by inserting a (1) CD-ROM device or (2) U3-enabled USB device containing a filesystem with an Autorun.inf file, and possibly other vectors related to (a) AutoRun and (b) AutoPlay actions.
8407 CVE-2008-0952 2008-06-04 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and the content in the second argument, a different vulnerability than CVE-2007-5608 and CVE-2008-0953.
8408 CVE-2008-0955 119 Exec Code Overflow 2008-05-29 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Creative Software AutoUpdate Engine ActiveX control in CTSUEng.ocx allows remote attackers to execute arbitrary code via a long CacheFolder property value.
8409 CVE-2008-0956 119 Exec Code Overflow 2008-06-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the BackWeb Lite Install Runner ActiveX control in the BackWeb Web Package ActiveX object in LiteInstActivator.dll in BackWeb before 8.1.1.87, as used in Logitech Desktop Manager (LDM) before 2.56, allow remote attackers to execute arbitrary code via unspecified vectors.
8410 CVE-2008-0958 119 Exec Code Overflow 2008-05-29 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Online Media Technologies NCTSoft NCTAudioGrabber2 ActiveX control in NCTAudioGrabber2.dll allow remote attackers to execute arbitrary code via unspecified vectors.
8411 CVE-2008-0964 119 Exec Code Overflow 2008-08-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
8412 CVE-2008-0965 134 Exec Code 2008-08-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.
8413 CVE-2008-0984 399 Exec Code 2008-02-26 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
8414 CVE-2008-1028 20 DoS Exec Code 2008-06-02 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in AppKit in Apple Mac OS X before 10.5 allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document file, as demonstrated by opening the document with TextEdit.
8415 CVE-2008-1031 119 DoS Exec Code Overflow 2008-06-02 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
CoreGraphics in Apple Mac OS X before 10.5.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document, related to an uninitialized variable.
8416 CVE-2008-1034 189 DoS Exec Code Overflow 2008-06-02 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer underflow in Help Viewer in Apple Mac OS X before 10.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted help:topic URL that triggers a buffer overflow.
8417 CVE-2008-1083 119 Exec Code Overflow 2008-04-08 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the CreateDIBPatternBrushPt function in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF or WMF image file with a malformed header that triggers an integer overflow, aka "GDI Heap Overflow Vulnerability."
8418 CVE-2008-1085 94 Exec Code Mem. Corr. 2008-04-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 5.01 SP4, 6 through SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream that triggers memory corruption, as demonstrated using an invalid MIME-type that does not have a registered handler.
8419 CVE-2008-1086 94 Exec Code Mem. Corr. 2008-04-08 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The HxTocCtrl ActiveX control (hxvz.dll), as used in Microsoft Internet Explorer 5.01 SP4 and 6 SP1, in Windows XP SP2, Server 2003 SP1 and SP2, Vista SP1, and Server 2008, allows remote attackers to execute arbitrary code via malformed arguments, which triggers memory corruption.
8420 CVE-2008-1087 119 Exec Code Overflow 2008-04-08 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, and Server 2008 allows remote attackers to execute arbitrary code via an EMF image file with crafted filename parameters, aka "GDI Stack Overflow Vulnerability."
8421 CVE-2008-1088 399 Exec Code 2008-04-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Project 2000 Service Release 1, 2002 SP1, and 2003 SP2 allows user-assisted remote attackers to execute arbitrary code via a crafted Project file, related to improper validation of "memory resource allocations."
8422 CVE-2008-1089 94 Exec Code 2008-04-08 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a Visio file containing crafted object header data, aka "Visio Object Header Vulnerability."
8423 CVE-2008-1090 399 Exec Code 2008-04-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visio 2002 SP2, 2003 SP2 and SP3, and 2007 up to SP1 allows user-assisted remote attackers to execute arbitrary code via a crafted .DXF file, aka "Visio Memory Validation Vulnerability."
8424 CVE-2008-1091 94 Exec Code Overflow 2008-05-13 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 Office System SP1 and earlier allows remote attackers to execute arbitrary code via a Rich Text Format (.rtf) file with a malformed string that triggers a "memory calculation error" and a heap-based buffer overflow, aka "Object Parsing Vulnerability."
8425 CVE-2008-1092 119 Exec Code Overflow 2008-03-25 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in msjet40.dll before 4.0.9505.0 in Microsoft Jet Database Engine allows remote attackers to execute arbitrary code via a crafted Word file, as exploited in the wild in March 2008. NOTE: as of 20080513, Microsoft has stated that this is the same issue as CVE-2007-6026.
8426 CVE-2008-1093 94 Exec Code 2008-09-18 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan horse Rules.
8427 CVE-2008-1101 119 Exec Code Overflow 2008-04-10 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in kvdocve.dll in the KeyView document viewing engine in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allows remote attackers to execute arbitrary code via a long pathname, as demonstrated by a long SRC attribute of an IMG element in an HTML document.
8428 CVE-2008-1104 119 Exec Code Overflow 2008-05-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Foxit Reader before 2.3 build 2912 allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file, related to the util.printf JavaScript function and floating point specifiers in format strings.
8429 CVE-2008-1107 119 Exec Code Overflow 2009-04-16 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Danske Bank e-Sec Control Module ActiveX control (DanskeSikker.ocx) 3.1.0.48, and possibly earlier versions, allow remote attackers to execute arbitrary code via long arguments to unspecified methods, which are not properly handled by a logging function.
8430 CVE-2008-1109 119 Exec Code Overflow 2008-06-04 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar view (aka the Calendars window).
8431 CVE-2008-1116 Exec Code 2008-03-03 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the Web Scan Object ActiveX control (OL2005.dll) in Rising Antivirus Online Scanner allows remote attackers to force the download and execution of arbitrary code by setting the BaseURL property and invoking the UpdateEngine method. NOTE: some of these details are obtained from third party information.
8432 CVE-2008-1120 134 DoS Exec Code 2008-03-03 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in the embedded Internet Explorer component for Mirabilis ICQ 6 build 6043 allows remote servers to execute arbitrary code or cause a denial of service (crash) via unspecified vectors related to HTML code generation.
8433 CVE-2008-1136 20 Exec Code 2008-03-04 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The Utils::runScripts function in src/utils.cpp in vdccm 0.92 through 0.10.0 in SynCE (SynCE-dccm) allows remote attackers to execute arbitrary commands via shell metacharacters in a certain string to TCP port 5679.
8434 CVE-2008-1161 119 DoS Exec Code Overflow 2008-03-10 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Matroska demuxer (demuxers/demux_matroska.c) in xine-lib before 1.1.10.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Matroska file with invalid frame sizes.
8435 CVE-2008-1185 264 +Priv 2008-03-06 2019-07-31
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1186, aka "the first issue."
8436 CVE-2008-1186 264 +Priv 2008-03-06 2019-07-31
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Virtual Machine for Sun Java Runtime Environment (JRE) and JDK 5.0 Update 13 and earlier, and SDK/JRE 1.4.2_16 and earlier, allows remote attackers to gain privileges via an untrusted application or applet, a different issue than CVE-2008-1185, aka "the second issue."
8437 CVE-2008-1188 119 Exec Code Overflow 2008-03-06 2019-07-31
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the useEncodingDecl function in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allow remote attackers to execute arbitrary code via a JNLP file with (1) a long key name in the xml header or (2) a long charset value, different issues than CVE-2008-1189, aka "The first two issues."
8438 CVE-2008-1190 264 +Priv 2008-03-06 2019-07-31
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Java Web Start in Sun JDK and JRE 6 Update 4 and earlier, 5.0 Update 14 and earlier, and SDK/JRE 1.4.2_16 and earlier allows remote attackers to gain privileges via an untrusted application, a different issue than CVE-2008-1191, aka the "fourth" issue.
8439 CVE-2008-1193 264 +Priv 2008-03-06 2019-07-31
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Java Runtime Environment Image Parsing Library in Sun JDK and JRE 6 Update 4 and earlier, and 5.0 Update 14 and earlier, allows remote attackers to gain privileges via an untrusted application.
8440 CVE-2008-1195 254 2008-03-06 2019-07-31
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Sun JDK and Java Runtime Environment (JRE) 6 Update 4 and earlier and 5.0 Update 14 and earlier; and SDK and JRE 1.4.2_16 and earlier; allows remote attackers to access arbitrary network services on the local host via unspecified vectors related to JavaScript and Java APIs.
8441 CVE-2008-1200 Exec Code 2008-03-06 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine (msjet40.dll). NOTE: this is probably a different issue than CVE-2007-6026.
8442 CVE-2008-1210 119 DoS Exec Code Overflow 2008-03-07 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ctags parsing code in Programmer's Notepad before 2.0.8.718 allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted .c file, when the victim selects the Jump To dialog. NOTE: some of these details are obtained from third party information.
8443 CVE-2008-1217 94 Exec Code 2008-03-08 2009-09-03
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH, and 8.0.x before 8.0.1 allows remote attackers to execute arbitrary code via a crafted attachment in an e-mail message sent over SMTP, a variant of CVE-2007-6706.
8444 CVE-2008-1230 264 2008-03-10 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to upload and execute arbitrary .jsp files via an unspecified manipulation that attaches a .jsp file to an "entry page."
8445 CVE-2008-1231 22 Dir. Trav. +Info 2008-03-10 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Edit.jsp in JSPWiki 2.4.104 and 2.5.139 allows remote attackers to include and execute arbitrary local .jsp files, and obtain sensitive information, via a .. (dot dot) in the editor parameter.
8446 CVE-2008-1235 Exec Code 2008-03-27 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Mozilla Firefox before 2.0.0.13, Thunderbird before 2.0.0.13, and SeaMonkey before 1.1.9 allows remote attackers to execute arbitrary code via unknown vectors that cause JavaScript to execute with the wrong principal, aka "Privilege escalation via incorrect principals."
8447 CVE-2008-1250 352 XSS CSRF 2008-03-10 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the central phone server for the Snom 320 SIP Phone allow remote attackers to perform actions as the phone user, as demonstrated by inserting an address-book entry containing an XSS sequence.
8448 CVE-2008-1259 287 Bypass 2008-03-10 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The Zyxel P-2602HW-D1A router with 3.40(AJZ.1) firmware maintains authentication state by IP address, which allows remote attackers to bypass authentication by establishing a session from a source IP address of a user who previously authenticated within the previous 5 minutes.
8449 CVE-2008-1282 119 Exec Code Overflow 2008-03-10 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the BFup ActiveX control (BFup.dll) in B21Soft BFup before 1.0.802.29 allows remote attackers to execute arbitrary code via a long FilePath parameter.
8450 CVE-2008-1309 399 DoS Exec Code 2008-03-12 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.