CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10601 CVE-2010-1688 119 Exec Code Overflow 2010-05-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in 2BrightSparks SyncBack Freeware 3.2.20.0, and possibly other versions before 3.2.21, allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) .sps or (2) zip profile.
10602 CVE-2010-1686 119 Exec Code Overflow 2010-05-05 2010-05-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive.
10603 CVE-2010-1685 119 Exec Code Overflow 2010-05-04 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.
10604 CVE-2010-1676 119 DoS Exec Code Overflow 2010-12-21 2011-01-22
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Tor before 0.2.1.28 and 0.2.2.x before 0.2.2.20-alpha allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via unspecified vectors.
10605 CVE-2010-1663 264 Bypass 2010-05-03 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The Google URL Parsing Library (aka google-url or GURL) in Google Chrome before 4.1.249.1064 allows remote attackers to bypass the Same Origin Policy via unspecified vectors.
10606 CVE-2010-1628 119 Exec Code Overflow Mem. Corr. 2010-05-19 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Ghostscript 8.64, 8.70, and possibly other versions allows context-dependent attackers to execute arbitrary code via a PostScript file containing unlimited recursive procedure invocations, which trigger memory corruption in the stack of the interpreter.
10607 CVE-2010-1608 119 Exec Code Overflow 2010-04-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in IBM Lotus Notes 8.5 and 8.5fp1, and possibly other versions, allows remote attackers to execute arbitrary code via unknown attack vectors, as demonstrated by the vd_ln module in VulnDisco 9.0. NOTE: as of 20100222, this disclosure has no actionable information. However, because the VulnDisco author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
10608 CVE-2010-1597 119 1 Exec Code Overflow 2010-04-29 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in zgtips.dll in ZipGenius 6.3.1.2552 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing an entry with a long filename.
10609 CVE-2010-1585 20 2010-04-28 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The nsIScriptableUnescapeHTML.parseFragment method in the ParanoidFragmentSink protection mechanism in Mozilla Firefox before 3.5.17 and 3.6.x before 3.6.14, Thunderbird before 3.1.8, and SeaMonkey before 2.0.12 does not properly sanitize HTML in a chrome document, which makes it easier for remote attackers to execute arbitrary JavaScript with chrome privileges via a javascript: URI in input to an extension, as demonstrated by a javascript:alert sequence in (1) the HREF attribute of an A element or (2) the ACTION attribute of a FORM element.
10610 CVE-2010-1574 264 +Info 2010-07-08 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
IOS 12.2(52)SE and 12.2(52)SE1 on Cisco Industrial Ethernet (IE) 3000 series switches has (1) a community name of public for RO access and (2) a community name of private for RW access, which makes it easier for remote attackers to modify the configuration or obtain potentially sensitive information via SNMP requests, aka Bug ID CSCtf25589.
10611 CVE-2010-1573 255 Exec Code 2010-06-09 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Linksys WAP54Gv3 firmware 3.04.03 and earlier uses a hard-coded username (Gemtek) and password (gemtekswd) for a debug interface for certain web pages, which allows remote attackers to execute arbitrary commands via the (1) data1, (2) data2, or (3) data3 parameters to (a) Debug_command_page.asp and (b) debug.cgi.
10612 CVE-2010-1572 +Priv +Info 2010-06-09 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the tech support diagnostic shell in Cisco Application Extension Platform (AXP) 1.1 and 1.1.5 allows local users to obtain sensitive configuration information and gain administrator privileges via unspecified API calls.
10613 CVE-2010-1555 119 Exec Code Overflow 2010-05-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid Hostname parameter.
10614 CVE-2010-1554 119 1 Exec Code Overflow 2010-05-13 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid iCount parameter.
10615 CVE-2010-1553 119 Exec Code Overflow 2010-05-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in getnnmdata.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via an invalid MaxAge parameter.
10616 CVE-2010-1552 119 Exec Code Overflow 2010-05-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the doLoad function in snmpviewer.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the act and app parameters.
10617 CVE-2010-1551 119 Exec Code Overflow 2010-05-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the _OVParseLLA function in ov.dll in netmon.exe in Network Monitor in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via the sel parameter.
10618 CVE-2010-1550 134 Exec Code 2010-05-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in ovet_demandpoll.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via format string specifiers in the sel parameter.
10619 CVE-2010-1549 Exec Code 2010-05-07 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Agent in HP LoadRunner before 9.50 and HP Performance Center before 9.50 allows remote attackers to execute arbitrary code via unknown vectors.
10620 CVE-2010-1527 119 Exec Code Overflow 2010-08-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Novell iPrint Client before 5.44 allows remote attackers to execute arbitrary code via a long call-back-url parameter in an op-client-interface-version action.
10621 CVE-2010-1525 189 DoS Exec Code Overflow 2010-08-17 2013-02-06
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted size for an unspecified record type, which triggers a heap-based buffer overflow.
10622 CVE-2010-1524 119 Exec Code Overflow Mem. Corr. 2010-08-17 2013-02-06
9.3
None Remote Medium Not required Complete Complete Complete
The SpreadSheet Lotus 123 reader (wkssr.dll) in Autonomy KeyView 10.4 and 10.9, as used in multiple IBM, Symantec, and other products, allows remote attackers to execute arbitrary code via unspecified vectors related to allocation of an array of pointers and "string indexing," which triggers memory corruption.
10623 CVE-2010-1523 119 Exec Code Overflow 2010-11-05 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in vp6.w5s (aka the VP6 codec) in Winamp before 5.59 Beta build 3033 might allow remote attackers to execute arbitrary code via a crafted VP6 (1) video file or (2) video stream.
10624 CVE-2010-1518 20 DoS Exec Code Mem. Corr. 2010-08-02 2010-08-03
10.0
None Remote Low Not required Complete Complete Complete
Array index error in the SetDLInfo method in the GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via the item argument.
10625 CVE-2010-1517 20 2010-08-02 2010-08-03
10.0
None Remote Low Not required Complete Complete Complete
The GIGABYTE Dldrv2 ActiveX control 1.4.206.11 allows remote attackers to (1) download arbitrary programs onto a client system, and execute these programs, via vectors involving the dl method; and (2) download arbitrary programs onto a client system via vectors involving the SetDLInfo method in conjunction with the Bdl method.
10626 CVE-2010-1516 189 Exec Code Overflow 2010-08-17 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c.
10627 CVE-2010-1508 119 DoS Exec Code Overflow 2010-12-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6.9 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Track Header (aka tkhd) atoms.
10628 CVE-2010-1505 264 2010-04-23 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 4.1.249.1059 does not prevent pages from loading with the New Tab page's privileges, which has unknown impact and attack vectors.
10629 CVE-2010-1502 2010-04-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Google Chrome before 4.1.249.1059 allows remote attackers to access local files via vectors related to "developer tools."
10630 CVE-2010-1490 2010-04-21 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Cognos 8 Business Intelligence before 8.4.1 FP1 has unknown impact and attack vectors.
10631 CVE-2010-1465 119 1 Exec Code Overflow 2010-04-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Trellian FTP client 3.01, including 3.1.3.1789, allows remote attackers to execute arbitrary code via a long PASV response.
10632 CVE-2010-1462 22 Dir. Trav. 2010-04-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in WebAsyst Shop-Script FREE has unknown impact and attack vectors via the sub parameter.
10633 CVE-2010-1424 Exec Code 2010-04-15 2010-04-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government 2006 through 2010 allows user-assisted remote attackers to execute arbitrary code via a crafted font file.
10634 CVE-2010-1423 78 Exec Code 2010-04-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in the URI handler in (a) Java NPAPI plugin and (b) Java Deployment Toolkit in Java 6 Update 10, 19, and other versions, when running on Windows and possibly on Linux, allows remote attackers to execute arbitrary code via the (1) -J or (2) -XXaltjvm argument to javaws.exe, which is processed by the launch method. NOTE: some of these details are obtained from third party information.
10635 CVE-2010-1419 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows user-assisted remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving a certain window close action that occurs during a drag-and-drop operation.
10636 CVE-2010-1417 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via HTML content that contains multiple :after pseudo-selectors.
10637 CVE-2010-1415 94 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly handle libxml contexts, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to an "API abuse issue."
10638 CVE-2010-1414 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the removeChild DOM method.
10639 CVE-2010-1412 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to hover events.
10640 CVE-2010-1410 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via an SVG document with nested use elements.
10641 CVE-2010-1405 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML element that has custom vertical positioning.
10642 CVE-2010-1404 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an SVG document that contains recursive Use elements, which are not properly handled during page deconstruction.
10643 CVE-2010-1403 119 DoS Exec Code Overflow 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during the handling of a use element in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted document containing XML that triggers a parsing error, related to ProcessInstruction.
10644 CVE-2010-1402 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Double free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to an event listener in an SVG document, related to duplicate event listeners, a timer, and an AnimateTransform object.
10645 CVE-2010-1401 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving the :first-letter pseudo-element.
10646 CVE-2010-1400 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving caption elements.
10647 CVE-2010-1399 119 DoS Exec Code Overflow 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, accesses uninitialized memory during a selection change on a form input element, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
10648 CVE-2010-1398 119 DoS Exec Code Overflow Mem. Corr. 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, does not properly perform ordered list insertions, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document, related to the insertion of an unspecified element into an editable container and the access of an uninitialized element.
10649 CVE-2010-1397 399 DoS Exec Code 2010-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to a layout change during selection rendering and the DOCUMENT_POSITION_DISCONNECTED attribute in a container of an unspecified type.
10650 CVE-2010-1396 399 DoS Exec Code 2010-06-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the contentEditable attribute and removing container elements.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.