CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10301 CVE-2010-4306 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4192.
10302 CVE-2010-4299 119 Exec Code Overflow 2010-11-22 2017-01-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ZfHIPCND.exe in Novell Zenworks 7 Handheld Management (ZHM) allows remote attackers to execute arbitrary code via a crafted request to TCP port 2400.
10303 CVE-2010-4294 94 DoS Exec Code Mem. Corr. 2010-12-06 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The frame decompression functionality in the VMnc media codec in VMware Movie Decoder before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548, VMware Workstation 6.5.x before 6.5.5 build 328052 and 7.x before 7.1.2 build 301548 on Windows, VMware Player 2.5.x before 2.5.5 build 246459 and 3.x before 3.1.2 build 301548 on Windows, and VMware Server 2.x on Windows does not properly validate an unspecified size field, which allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted video file.
10304 CVE-2010-4279 287 1 Bypass 2010-12-02 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of Pandora FMS 3.1 and earlier specifies an empty string for the loginhash_pwd field, which allows remote attackers to bypass authentication by sending a request to index.php with "admin" in the loginhash_user parameter, in conjunction with the md5 hash of "admin" in the loginhash_data parameter.
10305 CVE-2010-4278 78 1 Exec Code 2010-12-02 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
operation/agentes/networkmap.php in Pandora FMS before 3.1.1 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the layout parameter in an operation/agentes/networkmap action to index.php.
10306 CVE-2010-4253 119 DoS Exec Code Overflow 2011-01-28 2015-11-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file in an ODF or Microsoft Office document, as demonstrated by a PowerPoint (aka PPT) document.
10307 CVE-2010-4235 134 Exec Code 2011-04-04 2011-04-06
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via vectors related to the x-wap-profile HTTP header.
10308 CVE-2010-4233 255 1 2010-11-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Linux installation on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 has a default password of m for the root account, and a default password of merlin for the mg3500 account, which makes it easier for remote attackers to obtain access via the TELNET interface.
10309 CVE-2010-4232 287 1 Bypass 2010-11-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The web-based administration interface on the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to bypass authentication via a // (slash slash) at the beginning of a URI, as demonstrated by the //system.html URI.
10310 CVE-2010-4230 119 1 Exec Code Overflow 2010-11-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in a certain ActiveX control for the Camtron CMNC-200 Full HD IP Camera and TecVoz CMNC-200 Megapixel IP Camera with firmware 1.102A-008 allows remote attackers to execute arbitrary code via a long string in the first argument to the connect method.
10311 CVE-2010-4229 22 Exec Code Dir. Trav. 2011-04-18 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.
10312 CVE-2010-4228 119 DoS Exec Code Overflow 2011-03-22 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in NWFTPD.NLM before 5.10.02 in the FTP server in Novell NetWare allows remote authenticated users to execute arbitrary code or cause a denial of service (abend) via a long DELE command, a different vulnerability than CVE-2010-0625.4.
10313 CVE-2010-4227 119 1 DoS Exec Code Overflow 2011-02-25 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The xdrDecodeString function in XNFS.NLM in Novell Netware 6.5 before SP8 allows remote attackers to cause a denial of service (abend) or execute arbitrary code via a crafted, signed value in a NFS RPC request to port UDP 1234, leading to a stack-based buffer overflow.
10314 CVE-2010-4221 119 Exec Code Overflow 2010-11-09 2011-09-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
10315 CVE-2010-4218 2010-11-09 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Web Services in IBM ENOVIA 6 has unknown impact and attack vectors, related to a system that becomes "exposed to the internet."
10316 CVE-2010-4206 119 DoS Exec Code Overflow 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in the FEBlend::apply function in WebCore/platform/graphics/filters/FEBlend.cpp in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted SVG document, related to effects in the application of filters.
10317 CVE-2010-4205 20 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.44 does not properly handle the data types of event objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
10318 CVE-2010-4204 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, accesses a frame object after this object has been destroyed, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
10319 CVE-2010-4203 119 DoS Exec Code Overflow Mem. Corr. 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebM libvpx (aka the VP8 Codec SDK) before 0.9.5, as used in Google Chrome before 7.0.517.44, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via invalid frames.
10320 CVE-2010-4202 189 DoS Overflow 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Google Chrome before 7.0.517.44 on Linux allow remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted font.
10321 CVE-2010-4201 399 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Google Chrome before 7.0.517.44 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text control selections.
10322 CVE-2010-4199 20 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.44 does not properly perform a cast of an unspecified variable during processing of an SVG use element, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted SVG document.
10323 CVE-2010-4198 20 DoS Mem. Corr. 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, does not properly handle large text areas, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted HTML document.
10324 CVE-2010-4197 399 DoS 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit, as used in Google Chrome before 7.0.517.44, webkitgtk before 1.2.6, and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving text editing.
10325 CVE-2010-4196 20 Exec Code 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
10326 CVE-2010-4195 20 Exec Code 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
10327 CVE-2010-4194 20 Exec Code 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
10328 CVE-2010-4193 20 Exec Code 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
10329 CVE-2010-4192 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type record that triggers an incorrect memory allocation, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, and CVE-2010-4306.
10330 CVE-2010-4191 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4190, CVE-2010-4192, and CVE-2010-4306.
10331 CVE-2010-4190 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an incorrect calculation of an offset for a substructure, which causes an out-of-bounds "seek" of heap memory, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4187, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.
10332 CVE-2010-4189 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie containing a GIF image with a crafted global color table size value, which causes an out-of-range pointer offset.
10333 CVE-2010-4188 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk with a size field of 0, which is used in the calculation of a file offset and causes invalid data to be used as a loop counter, triggering a heap-based buffer overflow, a different vulnerability than CVE-2010-2587 and CVE-2010-2588.
10334 CVE-2010-4187 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed chunk in a Director file, a different vulnerability than CVE-2011-0555, CVE-2010-4093, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.
10335 CVE-2010-4182 Exec Code 2010-11-04 2010-11-05
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse msjet49.dll that is located in the same folder as a file that is processed by dao360.dll. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10336 CVE-2010-4154 22 1 Dir. Trav. 2010-11-03 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Rhino Software, Inc. FTP Voyager 15.2.0.11, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10337 CVE-2010-4153 22 Dir. Trav. 2010-11-03 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in CrossFTP Pro 1.65a, and probably earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10338 CVE-2010-4149 22 1 Dir. Trav. 2010-11-01 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in FreshWebMaster Fresh FTP 5.36, 5.37, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename. NOTE: some of these details are obtained from third party information.
10339 CVE-2010-4148 22 1 Dir. Trav. 2010-11-01 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in AnyConnect 1.2.3.0, and possibly earlier, allows remote FTP servers to write arbitrary files via a "..\" (dot dot backslash) in a filename.
10340 CVE-2010-4142 119 2 DoS Exec Code Overflow 2010-11-01 2010-11-04
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
10341 CVE-2010-4116 Exec Code 2010-12-21 2013-07-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP StorageWorks Storage Mirroring 5.x before 5.2.2.1771.2 allows remote attackers to execute arbitrary code via unknown vectors.
10342 CVE-2010-4115 255 +Priv 2010-12-17 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
HP StorageWorks Modular Smart Array P2000 G3 firmware TS100R011, TS100R025, TS100P002, TS200R005, TS201R014, and TS201R015 installs an undocumented admin account with a default "!admin" password, which allows remote attackers to gain privileges.
10343 CVE-2010-4113 119 Exec Code Overflow 2010-12-22 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in HP Power Manager (HPPM) before 4.3.2 allows remote attackers to execute arbitrary code via a long Login variable to the management web server.
10344 CVE-2010-4095 22 Dir. Trav. 2010-10-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the FTP client in Serengeti Systems Incorporated Robo-FTP 3.7.3, and probably other versions before 3.7.5, allows remote FTP servers to write arbitrary files via a .. (dot dot) in a filename in a server response.
10345 CVE-2010-4093 119 DoS Exec Code Overflow Mem. Corr. 2011-02-10 2011-02-17
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0555, CVE-2010-4187, CVE-2010-4190, CVE-2010-4191, CVE-2010-4192, and CVE-2010-4306.
10346 CVE-2010-4092 399 Exec Code 2010-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.
10347 CVE-2010-4091 119 1 DoS Exec Code Overflow Mem. Corr. 2010-11-07 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
10348 CVE-2010-4090 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
10349 CVE-2010-4089 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.
10350 CVE-2010-4088 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.