CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10651 CVE-2009-2460 119 Overflow 2009-07-14 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.
10652 CVE-2009-2459 2009-07-14 2010-04-20
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives.
10653 CVE-2009-2452 2009-07-14 2009-07-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console."
10654 CVE-2009-2415 189 Exec Code Overflow 2009-08-10 2009-12-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.
10655 CVE-2009-2412 189 DoS Exec Code Overflow 2009-08-06 2017-09-18
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
10656 CVE-2009-2404 119 DoS Exec Code Overflow 2009-08-03 2018-10-03
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
10657 CVE-2009-2403 119 1 DoS Exec Code Overflow 2009-07-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.
10658 CVE-2009-2396 94 1 Exec Code File Inclusion 2009-07-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
10659 CVE-2009-2386 20 2009-07-10 2009-07-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
10660 CVE-2009-2384 119 1 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
10661 CVE-2009-2375 119 Exec Code Overflow 2009-07-08 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information.
10662 CVE-2009-2368 2009-07-08 2009-07-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.
10663 CVE-2009-2364 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.
10664 CVE-2009-2363 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.
10665 CVE-2009-2362 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file.
10666 CVE-2009-2357 16 2009-07-07 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
10667 CVE-2009-2356 119 Exec Code Overflow 2009-07-07 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
10668 CVE-2009-2347 189 Exec Code Overflow 2009-07-14 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
10669 CVE-2009-2344 264 1 +Priv 2009-07-07 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
10670 CVE-2009-2317 255 2009-07-05 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
10671 CVE-2009-2300 399 DoS Exec Code 2009-07-02 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.
10672 CVE-2009-2296 2009-07-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
10673 CVE-2009-2281 119 Exec Code Overflow 2009-10-23 2009-10-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
10674 CVE-2009-2271 255 2009-07-01 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
10675 CVE-2009-2261 20 1 Exec Code 2009-06-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
10676 CVE-2009-2227 119 1 Exec Code Overflow 2009-06-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
10677 CVE-2009-2225 119 Exec Code Overflow 2009-06-26 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10678 CVE-2009-2223 22 1 Dir. Trav. File Inclusion 2009-06-26 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
10679 CVE-2009-2210 DoS Exec Code 2009-06-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
10680 CVE-2009-2204 Exec Code Mem. Corr. 2009-08-03 2010-03-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
10681 CVE-2009-2203 119 DoS Exec Code Overflow 2009-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
10682 CVE-2009-2202 DoS Exec Code Mem. Corr. 2009-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
10683 CVE-2009-2195 119 DoS Exec Code Overflow 2009-08-12 2011-02-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
10684 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
10685 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
10686 CVE-2009-2186 Exec Code 2009-06-24 2009-07-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."
10687 CVE-2009-2169 94 Exec Code 2009-06-22 2009-06-23
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
10688 CVE-2009-2140 119 Exec Code Overflow 2009-09-21 2010-05-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.
10689 CVE-2009-2139 119 Exec Code Overflow 2009-09-08 2010-07-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.
10690 CVE-2009-2121 119 DoS Exec Code Overflow 2009-06-23 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.
10691 CVE-2009-2111 94 2009-06-18 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
10692 CVE-2009-2061 310 2009-06-15 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
10693 CVE-2009-2047 22 Dir. Trav. 2009-07-16 2017-08-16
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
10694 CVE-2009-2039 2009-06-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders.
10695 CVE-2009-2038 2009-06-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.
10696 CVE-2009-2030 2009-06-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."
10697 CVE-2009-2028 2009-06-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
10698 CVE-2009-2026 119 Exec Code Overflow 2009-08-10 2018-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.
10699 CVE-2009-2011 78 Exec Code 2009-06-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
10700 CVE-2009-1992 2009-10-22 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.