CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11101 CVE-2009-3458 20 Exec Code 2009-10-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
11102 CVE-2009-3429 119 1 Exec Code Overflow 2009-09-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
11103 CVE-2009-3428 119 3 Exec Code Overflow 2009-09-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.
11104 CVE-2009-3415 2010-01-12 2012-10-22
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
11105 CVE-2009-3403 2009-10-22 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, and CVE-2009-2676.
11106 CVE-2009-3389 189 DoS Exec Code Overflow 2009-12-17 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
11107 CVE-2009-3388 399 DoS Exec Code 2009-12-17 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
11108 CVE-2009-3384 DoS Exec Code +Info 2009-11-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
11109 CVE-2009-3383 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11110 CVE-2009-3382 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
11111 CVE-2009-3381 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11112 CVE-2009-3380 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11113 CVE-2009-3379 DoS Exec Code 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
11114 CVE-2009-3378 DoS Exec Code 2009-10-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
11115 CVE-2009-3377 DoS Exec Code 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
11116 CVE-2009-3376 16 2009-10-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
11117 CVE-2009-3373 119 Exec Code Overflow 2009-10-29 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
11118 CVE-2009-3372 Exec Code 2009-10-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
11119 CVE-2009-3371 399 DoS Exec Code 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
11120 CVE-2009-3364 119 1 Exec Code Overflow 2009-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
11121 CVE-2009-3354 2009-09-24 2009-09-24
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
11122 CVE-2009-3353 2009-09-24 2009-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
11123 CVE-2009-3352 2009-09-24 2009-09-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
11124 CVE-2009-3351 2009-09-24 2009-09-24
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
11125 CVE-2009-3350 2009-09-24 2009-10-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
11126 CVE-2009-3347 119 Exec Code Overflow 2009-09-24 2011-12-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11127 CVE-2009-3346 Exec Code 2009-09-24 2009-09-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11128 CVE-2009-3345 119 Overflow 2009-09-24 2011-12-20
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11129 CVE-2009-3341 119 Exec Code Overflow 2009-09-24 2009-09-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11130 CVE-2009-3338 119 1 Exec Code Overflow 2009-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
11131 CVE-2009-3329 119 1 Exec Code Overflow 2009-09-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.
11132 CVE-2009-3302 94 DoS Exec Code 2010-02-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
11133 CVE-2009-3301 189 DoS Exec Code 2010-02-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
11134 CVE-2009-3258 264 2009-09-18 2018-10-30
9.0
None Remote Low Single system Complete Complete Complete
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.
11135 CVE-2009-3254 119 1 Exec Code Overflow 2009-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
11136 CVE-2009-3253 119 1 DoS Exec Code Overflow 2009-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
11137 CVE-2009-3250 20 1 Exec Code 2009-09-18 2017-09-18
9.0
None Remote Low Single system Complete Complete Complete
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
11138 CVE-2009-3245 20 2010-03-05 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
11139 CVE-2009-3244 119 1 DoS Exec Code Overflow 2009-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
11140 CVE-2009-3232 287 Bypass 2009-09-17 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
11141 CVE-2009-3221 119 1 Exec Code Overflow 2009-09-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file.
11142 CVE-2009-3214 119 Exec Code Overflow 2009-09-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.
11143 CVE-2009-3213 119 1 DoS Exec Code Overflow 2009-09-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file.
11144 CVE-2009-3179 Exec Code 2009-09-11 2009-09-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11145 CVE-2009-3177 2009-09-11 2009-09-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11146 CVE-2009-3176 119 DoS Exec Code Overflow 2009-09-11 2010-08-25
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ActiveX control in Novell iPrint Client 4.38 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.1, "Novell iPrint Client 4.38 ActiveX exploit." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11147 CVE-2009-3170 119 1 DoS Exec Code Overflow 2009-09-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
11148 CVE-2009-3169 Exec Code 2009-09-11 2009-09-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Hitachi JP1/File Transmission Server/FTP before 09-00 allow remote attackers to execute arbitrary code via unknown attack vectors.
11149 CVE-2009-3135 119 Exec Code Overflow Mem. Corr. 2009-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft Office Word 2002 SP3 and 2003 SP3, Office 2004 and 2008 for Mac, Open XML File Format Converter for Mac, Office Word Viewer 2003 SP3, and Office Word Viewer allow remote attackers to execute arbitrary code via a Word document with a malformed File Information Block (FIB) structure, aka "Microsoft Office Word File Information Memory Corruption Vulnerability."
11150 CVE-2009-3134 94 Exec Code 2009-11-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 do not properly parse the Excel file format, which allows remote attackers to execute arbitrary code via a spreadsheet with a malformed record object, aka "Excel Field Sanitization Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.