CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
9901 CVE-2010-2871 189 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the 3D object functionality in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted size value in a 0xFFFFFF45 RIFF record in a Director movie.
9902 CVE-2010-2872 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate an offset value in the pami RIFF chunk in a Director movie, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted movie.
9903 CVE-2010-2873 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate offset values in the rcsL RIFF chunks of (1) .DIR and (2) .DCR Director movies, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
9904 CVE-2010-2874 399 Exec Code Mem. Corr. 2010-09-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption. NOTE: due to conflicting information and use of the same CVE identifier by the vendor, ZDI, and TippingPoint, it is not clear whether this issue is related to use of an uninitialized pointer, an incorrect pointer offset calculation, or both.
9905 CVE-2010-2875 189 DoS Exec Code Mem. Corr. 2010-08-26 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Adobe Shockwave Player before 11.5.8.612 allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a length value associated with the tSAC chunk in a Director movie.
9906 CVE-2010-2876 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate values associated with buffer-size calculation for a 0xFFFFFFF8 record in a (1) .dir or (2) .dcr Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
9907 CVE-2010-2877 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.8.612 does not properly validate a count value in a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie, related to IML32X.dll and DIRAPIX.dll.
9908 CVE-2010-2878 20 DoS Exec Code Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPIX.dll in Adobe Shockwave Player before 11.5.8.612 does not properly validate a value associated with a buffer seek for a Director movie, which allows remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted movie.
9909 CVE-2010-2879 189 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the allocator in the TextXtra.x32 module in Adobe Shockwave Player before 11.5.8.612 allow remote attackers to cause a denial of service (heap memory corruption) or execute arbitrary code via a crafted (1) element count or (2) element size value in a file.
9910 CVE-2010-2880 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x47 of a certain file.
9911 CVE-2010-2881 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x24C0 of a certain file.
9912 CVE-2010-2882 119 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
DIRAPI.dll in Adobe Shockwave Player before 11.5.8.612 does not properly parse .dir files, which allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a malformed file containing an invalid value, as demonstrated by a value at position 0x3812 of a certain file.
9913 CVE-2010-2883 119 DoS Exec Code Overflow 2010-09-09 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
9914 CVE-2010-2884 DoS Exec Code Mem. Corr. 2010-09-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
9915 CVE-2010-2887 +Priv 2010-10-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
9916 CVE-2010-2888 20 Exec Code 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in an ActiveX control in Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Windows allow attackers to execute arbitrary code via unknown vectors.
9917 CVE-2010-2889 20 Exec Code 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
9918 CVE-2010-2890 119 DoS Exec Code Overflow Mem. Corr. 2010-10-06 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
9919 CVE-2010-2931 119 1 Exec Code Overflow 2010-08-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in SigPlus Pro 3.74 ActiveX control allows remote attackers to execute arbitrary code via a long eighth argument (HexString) to the LCDWriteString method.
9920 CVE-2010-2932 119 3 Exec Code Overflow 2010-08-05 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in BarCodeWiz BarCode 3.29 ActiveX control (BarcodeWiz.dll) allows remote attackers to execute arbitrary code via a long argument to the LoadProperties method.
9921 CVE-2010-2935 189 DoS Exec Code Overflow 2010-08-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle integer values associated with dictionary property items, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PowerPoint document that triggers a heap-based buffer overflow, related to an "integer truncation error."
9922 CVE-2010-2936 189 DoS Exec Code Overflow 2010-08-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in simpress.bin in the Impress module in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted polygons in a PowerPoint document that triggers a heap-based buffer overflow.
9923 CVE-2010-2971 119 Overflow 2010-08-05 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
loaders/load_it.c in libmikmod, possibly 3.1.12, does not properly account for the larger size of name##env relative to name##tick and name##node, which allows remote attackers to trigger a buffer over-read and possibly have unspecified other impact via a crafted Impulse Tracker file, a related issue to CVE-2010-2546. NOTE: this issue exists because of an incomplete fix for CVE-2009-3995.
9924 CVE-2010-2972 119 Exec Code Overflow Mem. Corr. 2010-08-05 2010-08-09
9.3
None Remote Medium Not required Complete Complete Complete
An unspecified component, when running on Apple iOS 4.0.1 on iPhone, iPad, and iPod, allows remote attackers to execute arbitrary code via a PDF file with crafted Compact Font Format (CFF) data, which triggers memory corruption, as demonstrated by JailbreakMe. NOTE: some of these details are obtained from third party information.
9925 CVE-2010-2974 119 Exec Code Overflow 2010-08-05 2010-08-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the IConfigurationAccess interface in the Invensys Wonderware Archestra ConfigurationAccessComponent ActiveX control in Wonderware Application Server (WAS) before 3.1 SP2 P01, as used in the Wonderware Archestra Integrated Development Environment (IDE) and the InFusion Integrated Engineering Environment (IEE), allows remote attackers to execute arbitrary code via the first argument to the UnsubscribeData method.
9926 CVE-2010-2990 119 Exec Code Overflow 2010-08-11 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix Receiver for Windows Mobile before 11.5 allow remote attackers to execute arbitrary code via (1) a crafted HTML document, (2) a crafted .ICA file, or (3) a crafted type field in an ICA graphics packet, related to a "heap offset overflow" issue.
9927 CVE-2010-2991 94 DoS Exec Code Mem. Corr. 2010-08-11 2010-08-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The IICAClient interface in the ICAClient library in the ICA Client ActiveX Object (aka ICO) component in Citrix Online Plug-in for Windows for XenApp & XenDesktop before 12.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted HTML document that triggers the reading of a .ICA file.
9928 CVE-2010-2996 94 Exec Code 2010-08-30 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in RealNetworks RealPlayer 11.0 through 11.1 on Windows allows remote attackers to execute arbitrary code via a malformed header in a RealMedia .IVR file.
9929 CVE-2010-2997 399 DoS Exec Code Mem. Corr. 2010-12-14 2011-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, Linux RealPlayer 11.0.2.1744, and possibly HelixPlayer 1.0.6 and other versions, allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted StreamTitle tag in an ICY SHOUTcast stream, related to the SMIL file format.
9930 CVE-2010-2998 20 Exec Code 2010-10-18 2010-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.0.1 allows remote attackers to execute arbitrary code via malformed sample data in a RealMedia .IVR file, related to a "malformed IVR pointer index" issue.
9931 CVE-2010-2999 189 DoS Exec Code Overflow Mem. Corr. 2010-12-14 2011-01-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1, RealPlayer SP 1.0 through 1.0.1, Mac RealPlayer 11.0 through 11.1, and Linux RealPlayer 11.0.2.1744 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed MLLT atom in an AAC file.
9932 CVE-2010-3000 189 Exec Code Overflow 2010-08-30 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the ParseKnownType function in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows allow remote attackers to execute arbitrary code via crafted (1) HX_FLV_META_AMF_TYPE_MIXEDARRAY or (2) HX_FLV_META_AMF_TYPE_ARRAY data in an FLV file.
9933 CVE-2010-3001 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control in the Internet Explorer (IE) plugin in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows has unknown impact and attack vectors related to "multiple browser windows."
9934 CVE-2010-3002 Bypass 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer 11.0 through 11.1 allows attackers to bypass intended access restrictions on files via unknown vectors.
9935 CVE-2010-3019 119 DoS Exec Code Overflow 2010-08-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera before 10.61 allows remote attackers to execute arbitrary code or cause a denial of service (application crash or hang) via vectors related to HTML5 canvas painting operations that occur during the application of transformations.
9936 CVE-2010-3041 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3042, CVE-2010-3043, and CVE-2010-3044.
9937 CVE-2010-3042 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3043, and CVE-2010-3044.
9938 CVE-2010-3043 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3044.
9939 CVE-2010-3044 119 DoS Exec Code Overflow 2011-02-02 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .wrf or (2) .arf file, related to atas32.dll, a different vulnerability than CVE-2010-3041, CVE-2010-3042, and CVE-2010-3043.
9940 CVE-2010-3096 22 Dir. Trav. 2010-08-20 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SoftX FTP Client 3.3 and possibly earlier allows remote FTP servers to write arbitrary files via "..\" (dot dot backslash) sequences in a filename.
9941 CVE-2010-3097 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in WinFrigate Frigate 3 FTP client 3.36 and earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
9942 CVE-2010-3098 22 Dir. Trav. 2010-08-20 2010-08-24
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in IoRush Software FTP Rush 1.1.3 and possibly earlier allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename.
9943 CVE-2010-3099 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SmartSoft Ltd SmartFTP Client 4.0.1124.0, and possibly other versions before 4.0 Build 1133, allows remote FTP servers to overwrite arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
9944 CVE-2010-3100 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Porta+ FTP Client 4.1, and possibly other versions, allows remote FTP servers to overwrite arbitrary files via a directory traversal sequences in a filename.
9945 CVE-2010-3101 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPx Corp FTP Explorer 10.5.19.1 for Windows, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
9946 CVE-2010-3102 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in SiteDesigner Technologies, Inc. 3D-FTP Client 9.0 build 2, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
9947 CVE-2010-3103 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FTPGetter Team FTPGetter 3.51.0.05, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
9948 CVE-2010-3104 22 Dir. Trav. 2010-08-20 2010-08-23
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in DeskShare AutoFTP Manager 4.31, and probably earlier versions, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
9949 CVE-2010-3105 119 Exec Code Overflow 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The PluginGetDriverFile function in Novell iPrint Client before 5.44 interprets an uninitialized memory location as a pointer value, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
9950 CVE-2010-3106 20 DoS Exec Code Mem. Corr. 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The ienipp.ocx ActiveX control in the browser plugin in Novell iPrint Client before 5.42 does not properly validate the debug parameter, which allows remote attackers to execute arbitrary code or cause a denial of service (stack memory corruption) via a parameter value with a crafted length, related to the ExecuteRequest method.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.