CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
10951 CVE-2009-4897 119 DoS Exec Code Overflow Mem. Corr. 2010-07-22 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
10952 CVE-2009-4873 119 DoS Exec Code Overflow 2010-05-26 2010-05-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
10953 CVE-2009-4863 119 1 Exec Code Overflow 2010-05-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
10954 CVE-2009-4850 119 2 Overflow 2010-05-07 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
10955 CVE-2009-4841 119 1 Exec Code Overflow 2010-05-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
10956 CVE-2009-4840 119 1 Exec Code Overflow 2010-05-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.
10957 CVE-2009-4790 22 Dir. Trav. 2010-04-22 2010-06-03
9.0
None Remote Low Single system Complete Complete Complete
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10958 CVE-2009-4778 DoS Exec Code Mem. Corr. 2010-04-21 2010-04-22
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646.
10959 CVE-2009-4776 119 Overflow 2010-04-21 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.
10960 CVE-2009-4769 134 2 Exec Code 2010-04-20 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
10961 CVE-2009-4768 94 Exec Code 2010-04-20 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information.
10962 CVE-2009-4764 94 1 Exec Code 2010-04-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
10963 CVE-2009-4761 119 2 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
10964 CVE-2009-4759 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
10965 CVE-2009-4758 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.
10966 CVE-2009-4757 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.
10967 CVE-2009-4756 119 4 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
10968 CVE-2009-4755 119 2 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.
10969 CVE-2009-4754 119 2 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
10970 CVE-2009-4741 2010-03-26 2010-03-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
10971 CVE-2009-4737 119 Exec Code Overflow 2010-04-06 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter."
10972 CVE-2009-4676 119 Exec Code Overflow 2010-03-05 2010-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
10973 CVE-2009-4668 119 1 Exec Code Overflow 2010-03-05 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.
10974 CVE-2009-4663 119 1 Exec Code Overflow 2010-03-03 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method.
10975 CVE-2009-4660 119 2 Exec Code Overflow 2010-03-03 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.
10976 CVE-2009-4656 119 1 DoS Exec Code Overflow 2010-03-03 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
10977 CVE-2009-4654 119 Exec Code Overflow 2010-02-26 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
10978 CVE-2009-4653 119 DoS Exec Code Overflow 2010-02-26 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.
10979 CVE-2009-4646 94 2010-02-19 2010-02-22
9.0
None Remote Low Single system Complete Complete Complete
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
10980 CVE-2009-4644 78 Exec Code Bypass 2010-02-19 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
10981 CVE-2009-4643 119 Exec Code Overflow 2010-02-15 2010-02-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe.
10982 CVE-2009-4637 119 DoS Exec Code Overflow 2010-02-09 2010-05-20
10.0
None Remote Low Not required Complete Complete Complete
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
10983 CVE-2009-4635 94 DoS Exec Code Overflow 2010-02-09 2011-10-25
9.3
None Remote Medium Not required Complete Complete Complete
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
10984 CVE-2009-4634 189 DoS Exec Code Bypass 2010-02-09 2011-10-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.
10985 CVE-2009-4633 189 DoS Exec Code Overflow 2010-02-09 2011-10-25
10.0
None Remote Low Not required Complete Complete Complete
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.
10986 CVE-2009-4631 189 DoS Exec Code Mem. Corr. 2010-02-09 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the VP3 decoder (vp3.c) in FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted VP3 file that triggers an out-of-bounds read and possibly memory corruption.
10987 CVE-2009-4594 2010-01-09 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.131 for Domino 8.0.x has unknown impact and attack vectors, aka SPR SDOY7RHBNH.
10988 CVE-2009-4588 119 1 DoS Exec Code Overflow 2010-01-07 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.
10989 CVE-2009-4549 119 1 Exec Code Overflow 2010-01-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .m3l playlist file.
10990 CVE-2009-4538 2010-01-12 2018-11-16
10.0
None Remote Low Not required Complete Complete Complete
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
10991 CVE-2009-4519 2009-12-31 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Ortro before 1.3.4 have unknown impact and attack vectors.
10992 CVE-2009-4509 94 Exec Code Bypass 2010-04-13 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The administrative web console on the TANDBERG Video Communication Server (VCS) before X4.3 uses predictable session cookies in (1) tandberg/web/lib/secure.php and (2) tandberg/web/user/lib/secure.php, which makes it easier for remote attackers to bypass authentication, and execute arbitrary code by loading a custom software update, via a crafted "Cookie: tandberg_login=" HTTP header.
10993 CVE-2009-4502 264 Exec Code Bypass 2009-12-31 2010-01-01
9.3
None Remote Medium Not required Complete Complete Complete
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
10994 CVE-2009-4482 119 Exec Code Overflow 2009-12-30 2010-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in MediaServer.exe in TVersity 1.6 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by the vd_tversity module in VulnDisco Pack Professional 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
10995 CVE-2009-4480 119 Exec Code Overflow 2009-12-30 2009-12-31
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the web service in AzeoTech DAQFactory 5.77 might allow remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.16 through 8.11. NOTE: as of 20091229, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
10996 CVE-2009-4476 119 Exec Code Overflow 2009-12-30 2010-01-06
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in HAURI ViRobot Desktop 5.5 before 2009-09-28.00 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.15 through 8.11. NOTE: some of these details are obtained from third party information.
10997 CVE-2009-4463 255 DoS 2009-12-30 2018-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords.
10998 CVE-2009-4462 119 Exec Code Overflow 2009-12-30 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetBiterConfig utility (NetBiterConfig.exe) 1.3.0 for Intellicom NetBiter WebSCADA allows remote attackers to execute arbitrary code via a long hn (hostname) parameter in a crafted HICP-protocol UDP packet.
10999 CVE-2009-4376 119 DoS Exec Code Overflow 2009-12-21 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the daintree_sna_read function in the Daintree SNA file parser in Wireshark 1.2.0 through 1.2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
11000 CVE-2009-4368 2009-12-21 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Centreon before 2.1.4 have unknown impact and attack vectors in the (1) ping tool, (2) traceroute tool, and (3) ldap import, possibly related to improper authentication.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.