CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10051 CVE-2011-0474 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with cursors, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
10052 CVE-2011-0473 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle Cascading Style Sheets (CSS) token sequences in conjunction with CANVAS elements, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to a "stale pointer."
10053 CVE-2011-0472 20 DoS 2011-01-14 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 do not properly handle the printing of PDF documents, which allows user-assisted remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a multi-page document.
10054 CVE-2011-0471 20 DoS 2011-01-14 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The node-iteration implementation in Google Chrome before 8.0.552.237 and Chrome OS before 8.0.552.344 does not properly handle pointers, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
10055 CVE-2011-0469 94 2017-08-17 2017-08-25
9.0
None Remote Low Not required Partial Complete Partial
Code injection in openSUSE when running some source services used in the open build service 2.1 before March 11 2011.
10056 CVE-2011-0465 20 Exec Code 2011-04-08 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
xrdb.c in xrdb before 1.0.9 in X.Org X11R7.6 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a (1) DHCP or (2) XDMCP message.
10057 CVE-2011-0464 Exec Code 2011-03-09 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell Vibe OnPrem 3.0 before Hot Patch 1 allows remote attackers to execute arbitrary code via unknown vectors.
10058 CVE-2011-0444 119 DoS Exec Code Overflow 2011-01-12 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MAC-LTE dissector (epan/dissectors/packet-mac-lte.c) in Wireshark 1.2.0 through 1.2.13 and 1.4.0 through 1.4.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of RARs.
10059 CVE-2011-0406 119 1 Exec Code Overflow 2011-01-10 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in HistorySvr.exe in WellinTech KingView 6.53 allows remote attackers to execute arbitrary code via a long request to TCP port 777.
10060 CVE-2011-0403 1 Exec Code 2011-01-10 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
10061 CVE-2011-0386 94 Exec Code 2011-02-25 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The XML-RPC implementation on Cisco TelePresence Recording Server devices with software 1.6.x and 1.7.x before 1.7.1 allows remote attackers to overwrite files and consequently execute arbitrary code via a malformed request, aka Bug ID CSCti50739.
10062 CVE-2011-0385 Exec Code 2011-02-25 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The administrative web interface on Cisco TelePresence Recording Server devices with software 1.6.x and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x allows remote attackers to create or overwrite arbitrary files, and possibly execute arbitrary code, via a crafted request, aka Bug IDs CSCth85786 and CSCth61065.
10063 CVE-2011-0384 287 Exec Code 2011-02-25 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The Java Servlet framework on Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug ID CSCtf01253.
10064 CVE-2011-0383 287 Exec Code 2011-02-25 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The Java Servlet framework on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 and Cisco TelePresence Multipoint Switch (CTMS) devices with software 1.0.x, 1.1.x, 1.5.x, and 1.6.x does not require administrative authentication for unspecified actions, which allows remote attackers to execute arbitrary code via a crafted request, aka Bug IDs CSCtf42005 and CSCtf42008.
10065 CVE-2011-0382 78 Exec Code 2011-02-25 2011-04-08
10.0
None Remote Low Not required Complete Complete Complete
The CGI subsystem on Cisco TelePresence Recording Server devices with software 1.6.x before 1.6.2 allows remote attackers to execute arbitrary commands via a request to TCP port 443, related to a "command injection vulnerability," aka Bug ID CSCtf97221.
10066 CVE-2011-0381 78 Exec Code 2011-02-25 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Cisco TelePresence Manager 1.2.x through 1.6.x allows remote attackers to perform unspecified actions and consequently execute arbitrary code via a crafted request to the Java RMI interface, related to a "command injection vulnerability," aka Bug ID CSCtf97085.
10067 CVE-2011-0376 200 +Info 2011-02-25 2011-03-30
10.0
None Remote Low Not required Complete Complete Complete
The TFTP implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x, 1.6.0, and 1.6.1 allows remote attackers to obtain sensitive information via a GET request, aka Bug ID CSCte43876.
10068 CVE-2011-0375 78 Exec Code 2011-02-25 2011-03-30
9.0
None Remote Low Single system Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.6.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCth24671.
10069 CVE-2011-0374 78 Exec Code 2011-02-25 2011-03-30
9.0
None Remote Low Single system Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31659.
10070 CVE-2011-0373 78 Exec Code 2011-02-25 2011-03-30
9.0
None Remote Low Single system Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote authenticated users to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31685.
10071 CVE-2011-0372 78 Exec Code 2011-02-25 2011-03-30
10.0
None Remote Low Not required Complete Complete Complete
The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID CSCtb31640.
10072 CVE-2011-0364 94 Exec Code 2011-02-18 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Management Console (webagent.exe) in Cisco Security Agent 5.1, 5.2, and 6.0 before 6.0.2.145 allows remote attackers to create arbitrary files and execute arbitrary code via unspecified parameters in a crafted st_upload request.
10073 CVE-2011-0354 255 1 2011-02-03 2011-09-21
10.0
Admin Remote Low Not required Complete Complete Complete
The default configuration of Cisco Tandberg C Series Endpoints, and Tandberg E and EX Personal Video units, with software before TC4.0.0 has a blank password for the root account, which makes it easier for remote attackers to obtain access via an unspecified login method.
10074 CVE-2011-0347 2011-01-07 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer on Windows XP allows remote attackers to trigger an incorrect GUI display and have unspecified other impact via vectors related to the DOM implementation, as demonstrated by cross_fuzz.
10075 CVE-2011-0346 399 DoS Exec Code Mem. Corr. 2011-01-07 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the ReleaseInterface function in MSHTML.DLL in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the DOM implementation and the BreakAASpecial and BreakCircularMemoryReferences functions, as demonstrated by cross_fuzz, aka "MSHTML Memory Corruption Vulnerability."
10076 CVE-2011-0342 119 Exec Code Overflow 2011-09-02 2013-05-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the InduSoft ISSymbol ActiveX control in ISSymbol.ocx 301.1104.601.0 in InduSoft Web Studio 7.0B2 hotfix 7.0.01.04 allow remote attackers to execute arbitrary code via a long parameter to the (1) Open, (2) Close, or (3) SetCurrentLanguage method.
10077 CVE-2011-0341 119 Exec Code Overflow 2011-05-13 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the pdfmoz_onmouse function in apps/mozilla/moz_main.c in the MuPDF plug-in 2008.09.02 for Firefox allows remote attackers to execute arbitrary code via a crafted web site.
10078 CVE-2011-0340 119 Exec Code Overflow 2011-05-04 2013-05-20
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.
10079 CVE-2011-0335 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-2119, and CVE-2011-2122.
10080 CVE-2011-0334 119 Exec Code Overflow 2011-10-07 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a long HTTP request for a .css file.
10081 CVE-2011-0333 119 Exec Code Overflow 2011-10-07 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the NgwiCalVTimeZoneBody::ParseSelf function in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before HP3 allows remote attackers to execute arbitrary code via a crafted TZNAME variable in a VCALENDAR attachment in an e-mail message, related to an "integer truncation error."
10082 CVE-2011-0332 189 Exec Code Overflow 2011-02-25 2016-11-08
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Foxit Reader before 4.3.1.0218 and Foxit Phantom before 2.3.3.1112 allows remote attackers to execute arbitrary code via crafted ICC chunks in a PDF file, which triggers a heap-based buffer overflow.
10083 CVE-2011-0331 399 Exec Code 2011-03-22 2011-04-08
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the addOSPLext method in the Honeywell ScanServer ActiveX control 780.0.20.5 allows remote attackers to execute arbitrary code via a crafted HTML document.
10084 CVE-2011-0324 119 Exec Code Overflow 2011-02-07 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyString property, (2) NewPath parameter to the SetLocalIniFilePath method, or (3) NewPortPath parameter to the SetTabletPortPath method.
10085 CVE-2011-0323 Exec Code 2011-02-07 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) SigMessage methods to create arbitrary files with arbitrary content.
10086 CVE-2011-0320 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0319, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
10087 CVE-2011-0319 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0318, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
10088 CVE-2011-0318 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0317, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
10089 CVE-2011-0317 119 DoS Exec Code Overflow Mem. Corr. 2011-06-16 2011-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Dirapi.dll in Adobe Shockwave Player before 11.6.0.626 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0318, CVE-2011-0319, CVE-2011-0320, CVE-2011-0335, CVE-2011-2119, and CVE-2011-2122.
10090 CVE-2011-0285 20 DoS Exec Code 2011-04-14 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The process_chpw_request function in schpw.c in the password-changing functionality in kadmind in MIT Kerberos 5 (aka krb5) 1.7 through 1.9 frees an invalid pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted request that triggers an error condition.
10091 CVE-2011-0276 1 Exec Code 2011-02-01 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitrary code via the doPost method in the com.trinagy.servlet.HelpManagerServlet class.
10092 CVE-2011-0273 119 Exec Code Overflow 2011-01-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.
10093 CVE-2011-0272 Exec Code 2011-01-18 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP LoadRunner 9.52 allows remote attackers to execute arbitrary code via network traffic to TCP port 5001 or 5002, related to the HttpTunnel feature.
10094 CVE-2011-0271 78 Exec Code 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The CGI scripts in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 do not properly validate an unspecified parameter, which allows remote attackers to execute arbitrary commands by using a command string for this parameter's value, related to a "command injection vulnerability."
10095 CVE-2011-0270 134 Exec Code 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in input data that involves an invalid template name.
10096 CVE-2011-0269 119 Exec Code Overflow 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long schd_select1 parameter.
10097 CVE-2011-0268 119 Exec Code Overflow 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long text1 parameter.
10098 CVE-2011-0267 119 1 Exec Code Overflow 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allow remote attackers to execute arbitrary code via a long (1) schdParams or (2) nameParams parameter, a different vulnerability than CVE-2011-0266.
10099 CVE-2011-0266 119 Exec Code Overflow 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long nameParams parameter, a different vulnerability than CVE-2011-0267.2.
10100 CVE-2011-0265 119 Exec Code Overflow 2011-01-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via a long data_select1 parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.