CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10201 CVE-2011-1861 +Info 2011-06-14 2017-08-16
8.3
None Remote Medium Not required Complete Partial Partial
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote attackers to modify data or obtain sensitive information via unknown vectors.
10202 CVE-2011-1857 Bypass 2011-06-14 2017-08-16
8.2
None Remote Medium Single system Partial Complete Complete
Unspecified vulnerability in HP Service Manager 7.02, 7.11, 9.20, and 9.21 and Service Center 6.2.8 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
10203 CVE-2011-1854 399 Exec Code 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.
10204 CVE-2011-1853 20 Exec Code 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.
10205 CVE-2011-1852 119 Exec Code Overflow 2011-05-13 2013-07-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.
10206 CVE-2011-1851 119 Exec Code Overflow 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.
10207 CVE-2011-1850 119 Exec Code Overflow 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.
10208 CVE-2011-1849 20 Exec Code 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
10209 CVE-2011-1848 119 Exec Code Overflow 2011-05-13 2013-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.
10210 CVE-2011-1827 Exec Code 2011-10-04 2012-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.
10211 CVE-2011-1807 119 Exec Code Overflow 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
10212 CVE-2011-1806 119 DoS Exec Code Overflow Mem. Corr. 2011-05-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
10213 CVE-2011-1797 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2015-01-06
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
10214 CVE-2011-1774 20 Exec Code 2011-07-21 2012-02-13
8.8
None Remote Medium Not required None Complete Complete
WebKit in Apple Safari before 5.0.6 has improper libxslt security settings, which allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via a crafted web site. NOTE: this may overlap CVE-2011-1425.
10215 CVE-2011-1741 119 Exec Code Overflow 2011-07-19 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
10216 CVE-2011-1736 22 Dir. Trav. 2011-05-07 2018-10-09
8.5
None Remote Low Not required Complete None Partial
Directory traversal vulnerability in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to read arbitrary files via directory traversal sequences in a filename in a GET_FILE message.
10217 CVE-2011-1735 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.
10218 CVE-2011-1734 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.
10219 CVE-2011-1733 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.
10220 CVE-2011-1732 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
10221 CVE-2011-1731 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.
10222 CVE-2011-1730 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.
10223 CVE-2011-1729 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.
10224 CVE-2011-1728 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.
10225 CVE-2011-1719 119 Exec Code Overflow 2011-04-26 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.
10226 CVE-2011-1708 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.
10227 CVE-2011-1707 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.
10228 CVE-2011-1706 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.
10229 CVE-2011-1705 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.
10230 CVE-2011-1704 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.
10231 CVE-2011-1703 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.
10232 CVE-2011-1702 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.
10233 CVE-2011-1701 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.
10234 CVE-2011-1700 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.
10235 CVE-2011-1699 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.
10236 CVE-2011-1653 89 Exec Code Sql 2011-04-18 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
10237 CVE-2011-1646 94 Exec Code 2011-05-31 2011-09-06
9.0
None Remote Low Single system Complete Complete Complete
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
10238 CVE-2011-1645 16 Exec Code 2011-05-31 2011-09-06
9.3
None Remote Medium Not required Complete Complete Complete
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.
10239 CVE-2011-1643 200 +Info 2011-08-29 2012-06-15
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
10240 CVE-2011-1623 255 2011-06-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737.
10241 CVE-2011-1609 89 Exec Code Sql 2011-05-03 2017-08-16
8.5
None Remote Medium Single system Complete Complete Complete
SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.
10242 CVE-2011-1599 20 Exec Code 2011-04-26 2011-09-06
9.0
None Remote Low Single system Complete Complete Complete
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
10243 CVE-2011-1591 119 2 Exec Code Overflow 2011-04-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
10244 CVE-2011-1571 Exec Code 2011-05-07 2011-05-31
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote attackers to execute arbitrary commands via unknown vectors.
10245 CVE-2011-1568 134 1 DoS Exec Code 2011-04-05 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and 9.00.00.11063 and earlier, in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to cause a denial of service and possibly execute arbitrary code, as demonstrated using the RMS Reports Delete command, related to the logging of messages to GSST.LOG. NOTE: some of these details are obtained from third party information.
10246 CVE-2011-1567 119 1 DoS Exec Code Overflow 2011-04-05 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted (1) ListAll, (2) Write File, (3) ReadFile, (4) Delete, (5) RenameFile, and (6) FileInfo commands in an 0xd opcode; (7) the Add, (8) ReadFile, (9) Write File, (10) Rename, (11) Delete, and (12) Add commands in an RMS report templates (0x7) opcode; and (13) 0x4 command in an STDREP request (0x8) opcode to TCP port 12401.
10247 CVE-2011-1566 22 1 Exec Code Dir. Trav. 2011-04-05 2012-05-11
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
10248 CVE-2011-1565 22 1 Dir. Trav. 2011-04-05 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in IGSSdataServer.exe 9.00.00.11063 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to (1) read (opcode 0x3) or (2) create or write (opcode 0x2) arbitrary files via ..\ (dot dot backslash) sequences to TCP port 12401.
10249 CVE-2011-1564 189 1 Exec Code Overflow 2011-04-05 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.
10250 CVE-2011-1563 119 1 Exec Code Overflow 2011-04-05 2011-09-21
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) On_FC_CTAGLIST_FCS_CADDTAG, (3) On_FC_CTAGLIST_FCS_CDELTAG, (4) On_FC_CTAGLIST_FCS_ADDTAGMS, (5) On_FC_RFUSER_FCS_LOGIN, (6) unspecified "On_FC_BINFILE_FCS_*FILE", (7) On_FC_CGETTAG_FCS_GETTELEMETRY, (8) On_FC_CGETTAG_FCS_GETCHANNELTELEMETRY, (9) On_FC_CGETTAG_FCS_SETTELEMETRY, (10) On_FC_CGETTAG_FCS_SETCHANNELTELEMETRY, and (11) On_FC_SCRIPT_FCS_STARTPROG packets to port 910.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.