CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10551 CVE-2010-0116 189 Exec Code Overflow 2010-08-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in RealNetworks RealPlayer 11.0 through 11.1 and RealPlayer SP 1.0 through 1.1.4 on Windows might allow remote attackers to execute arbitrary code via a crafted QCP file that triggers a heap-based buffer overflow.
10552 CVE-2010-0111 20 2011-01-31 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
10553 CVE-2010-0108 119 Exec Code Overflow 2010-02-19 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.
10554 CVE-2010-0107 119 DoS Exec Code Overflow 2010-02-23 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in an ActiveX control (SYMLTCOM.dll) in Symantec N360 1.0 and 2.0; Norton Internet Security, AntiVirus, SystemWorks, and Confidential 2006 through 2008; and Symantec Client Security 3.0.x before 3.1 MR9, and 3.1.x before MR9; allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors. NOTE: this is only a vulnerability if the attacker can "masquerade as an authorized site."
10555 CVE-2010-0104 Exec Code 2010-03-18 2010-06-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.
10556 CVE-2010-0103 94 2010-03-10 2010-03-10
9.3
None Remote Medium Not required Complete Complete Complete
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
10557 CVE-2010-0098 Bypass 2010-04-08 2010-08-31
10.0
None Remote Low Not required Complete Complete Complete
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
10558 CVE-2010-0079 2010-01-12 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple vulnerabilities in the JRockit component in BEA Product Suite R27.6.5 using JRE/JDK 1.4.2, 5, and 6 allow remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this CVE identifier overlaps CVE-2009-3867, CVE-2009-3868, CVE-2009-3869, CVE-2009-3871, CVE-2009-3872, CVE-2009-3873, CVE-2009-3874, CVE-2009-3875, CVE-2009-3876, and CVE-2009-3877.
10559 CVE-2010-0073 2010-04-14 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WebLogic Server in Oracle WebLogic Server 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, and 10.3.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10560 CVE-2010-0072 Exec Code Overflow 2010-01-12 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the January 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is a buffer overflow in observiced.exe that allows remote attackers to execute arbitrary code via vectors related to a "reverse lookup of connections" to TCP port 10000.
10561 CVE-2010-0071 2010-01-12 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Listener component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, 10.2.0.4, and 11.1.0.7 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
10562 CVE-2010-0055 2010-03-30 2010-03-31
10.0
None Remote Low Not required Complete Complete Complete
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
10563 CVE-2010-0054 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
10564 CVE-2010-0053 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.
10565 CVE-2010-0052 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."
10566 CVE-2010-0050 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
10567 CVE-2010-0049 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
10568 CVE-2010-0048 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
10569 CVE-2010-0047 399 DoS Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."
10570 CVE-2010-0046 94 DoS Exec Code Mem. Corr. 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
10571 CVE-2010-0045 20 Exec Code 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
10572 CVE-2010-0043 94 DoS Exec Code Mem. Corr. 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
10573 CVE-2010-0040 189 DoS Exec Code Overflow 2010-03-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
10574 CVE-2010-0037 119 DoS Exec Code Overflow 2010-01-20 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Image RAW in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted DNG image.
10575 CVE-2010-0036 119 DoS Exec Code Overflow 2010-01-20 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreAudio in Apple Mac OS X 10.5.8 and 10.6.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MP4 audio file.
10576 CVE-2010-0034 119 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "Office PowerPoint Viewer TextCharsAtom Record Stack Overflow Vulnerability."
10577 CVE-2010-0033 119 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
10578 CVE-2010-0032 94 Exec Code 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "OEPlaceholderAtom Use After Free Vulnerability."
10579 CVE-2010-0031 94 Exec Code 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Array index error in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint OEPlaceholderAtom 'placementId' Invalid Array Indexing Vulnerability."
10580 CVE-2010-0030 119 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint LinkedSlideAtom Heap Overflow Vulnerability."
10581 CVE-2010-0029 119 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint File Path Handling Buffer Overflow Vulnerability."
10582 CVE-2010-0028 189 Exec Code Overflow 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft Paint in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted JPEG (.JPG) file, aka "MS Paint Integer Overflow Vulnerability."
10583 CVE-2010-0027 94 2010-01-22 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The URL validation functionality in Microsoft Internet Explorer 5.01, 6, 6 SP1, 7 and 8, and the ShellExecute API function in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2, does not properly process input parameters, which allows remote attackers to execute arbitrary local programs via a crafted URL, aka "URL Validation Vulnerability."
10584 CVE-2010-0020 20 Exec Code Overflow 2010-02-10 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
The SMB implementation in the Server service in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate request fields, which allows remote authenticated users to execute arbitrary code via a malformed request, aka "SMB Pathname Overflow Vulnerability."
10585 CVE-2010-0019 94 DoS Exec Code Mem. Corr. 2010-08-11 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Silverlight 3 before 3.0.50611.0 on Windows, and before 3.0.41130.0 on Mac OS X, does not properly handle pointers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and framework outage) via a crafted web site, aka "Microsoft Silverlight Memory Corruption Vulnerability."
10586 CVE-2010-0018 189 Exec Code Overflow 2010-01-13 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the Embedded OpenType (EOT) Font Engine (t2embed.dll) in Microsoft Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code via compressed data that represents a crafted EOT font, aka "Microtype Express Compressed Fonts Integer Flaw in the LZCOMP Decompressor Vulnerability."
10587 CVE-2010-0017 362 Exec Code +Priv 2010-02-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
10588 CVE-2010-0016 20 Exec Code 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
10589 CVE-2009-5143 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
10590 CVE-2009-5118 +Priv 2012-08-22 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.
10591 CVE-2009-5109 119 4 Exec Code Overflow 2011-12-24 2011-12-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
10592 CVE-2009-5074 2011-05-02 2011-07-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.
10593 CVE-2009-5071 2011-04-19 2011-04-27
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."
10594 CVE-2009-5052 2011-02-03 2011-02-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.
10595 CVE-2009-4988 119 1 Exec Code Overflow 2010-08-25 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
10596 CVE-2009-4964 119 1 Exec Code Overflow 2010-07-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.
10597 CVE-2009-4962 119 1 Exec Code Overflow 2010-07-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
10598 CVE-2009-4952 22 Dir. Trav. 2010-07-22 2010-07-23
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
10599 CVE-2009-4919 119 Overflow 2010-06-29 2010-06-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.
10600 CVE-2009-4912 264 Bypass 2010-06-29 2010-06-30
10.0
None Remote Low Not required Complete Complete Complete
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.