CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9451 CVE-2011-1980 +Priv 2011-09-15 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft Office 2003 SP3 and 2007 SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a .doc, .ppt, or .xls file, aka "Office Component Insecure Library Loading Vulnerability."
9452 CVE-2011-1979 20 Exec Code 2011-08-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio 2003 SP3 and 2007 SP2 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "Move Around the Block RCE Vulnerability."
9453 CVE-2011-1975 +Priv 2011-08-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Data Access Tracing component in Windows Data Access Components (Windows DAC) 6.0 in Microsoft Windows 7 Gold and SP1 and Windows Server 2008 R2 and R2 SP1 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an Excel .xlsx file, aka "Data Access Components Insecure Library Loading Vulnerability."
9454 CVE-2011-1972 20 Exec Code 2011-08-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Visio 2003 SP3, 2007 SP2, and 2010 Gold and SP1 does not properly validate objects in memory during Visio file parsing, which allows remote attackers to execute arbitrary code via a crafted file, aka "pStream Release RCE Vulnerability."
9455 CVE-2011-1969 94 Exec Code 2011-10-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Forefront Unified Access Gateway (UAG) 2010 Gold, Update 1, Update 2, and SP1 provides the MicrosoftClient.jar file containing a signed Java applet, which allows remote attackers to execute arbitrary code on client machines via unspecified vectors, aka "Poisoned Cup of Code Execution Vulnerability."
9456 CVE-2011-1966 20 Exec Code 2011-08-10 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The DNS server in Microsoft Windows Server 2008 SP2, R2, and R2 SP1 does not properly handle NAPTR queries that trigger recursive processing, which allows remote attackers to execute arbitrary code via a crafted query, aka "DNS NAPTR Query Vulnerability."
9457 CVE-2011-1964 119 Exec Code Overflow Mem. Corr. 2011-08-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "Style Object Memory Corruption Vulnerability."
9458 CVE-2011-1963 119 Exec Code Overflow Mem. Corr. 2011-08-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 9 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, aka "XSLT Memory Corruption Vulnerability."
9459 CVE-2011-1961 20 Exec Code 2011-08-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The telnet URI handler in Microsoft Internet Explorer 6 through 9 does not properly launch the handler application, which allows remote attackers to execute arbitrary programs via a crafted web site, aka "Telnet Handler Remote Code Execution Vulnerability."
9460 CVE-2011-1944 189 DoS Exec Code Overflow 2011-09-02 2016-06-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions.
9461 CVE-2011-1919 119 DoS Exec Code Overflow 2011-11-02 2011-11-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.
9462 CVE-2011-1918 119 DoS Exec Code Overflow 2011-11-02 2013-05-20
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic.
9463 CVE-2011-1914 119 Exec Code Overflow 2012-02-21 2012-02-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
9464 CVE-2011-1908 189 DoS Exec Code Overflow 2011-06-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.
9465 CVE-2011-1900 22 Exec Code Dir. Trav. 2011-05-04 2011-05-31
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
9466 CVE-2011-1889 119 Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
9467 CVE-2011-1873 20 Exec Code 2011-06-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
9468 CVE-2011-1868 119 Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
9469 CVE-2011-1867 119 Exec Code Overflow 2011-07-11 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.
9470 CVE-2011-1866 119 1 Exec Code Overflow 2011-07-01 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
9471 CVE-2011-1865 119 4 Exec Code Overflow 2011-07-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
9472 CVE-2011-1864 Exec Code 2011-06-14 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.
9473 CVE-2011-1854 399 Exec Code 2011-05-13 2011-07-13
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.
9474 CVE-2011-1853 20 Exec Code 2011-05-13 2011-05-26
10.0
None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.
9475 CVE-2011-1852 119 Exec Code Overflow 2011-05-13 2013-07-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.
9476 CVE-2011-1851 119 Exec Code Overflow 2011-05-13 2011-05-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.
9477 CVE-2011-1850 119 Exec Code Overflow 2011-05-13 2011-05-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.
9478 CVE-2011-1849 20 Exec Code 2011-05-13 2011-05-26
10.0
None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
9479 CVE-2011-1848 119 Exec Code Overflow 2011-05-13 2013-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.
9480 CVE-2011-1827 Exec Code 2011-10-04 2012-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.
9481 CVE-2011-1807 119 Exec Code Overflow 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
9482 CVE-2011-1806 119 DoS Exec Code Overflow Mem. Corr. 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
9483 CVE-2011-1797 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2015-01-06
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
9484 CVE-2011-1741 119 Exec Code Overflow 2011-07-19 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
9485 CVE-2011-1735 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.
9486 CVE-2011-1734 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.
9487 CVE-2011-1733 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.
9488 CVE-2011-1732 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
9489 CVE-2011-1731 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.
9490 CVE-2011-1730 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.
9491 CVE-2011-1729 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.
9492 CVE-2011-1728 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.
9493 CVE-2011-1719 119 Exec Code Overflow 2011-04-26 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.
9494 CVE-2011-1708 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.
9495 CVE-2011-1707 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.
9496 CVE-2011-1706 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.
9497 CVE-2011-1705 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.
9498 CVE-2011-1704 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.
9499 CVE-2011-1703 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.
9500 CVE-2011-1702 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.