CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11101 CVE-2009-3859 119 1 DoS Exec Code Overflow 2009-11-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.
11102 CVE-2009-3855 2009-11-04 2009-11-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
11103 CVE-2009-3854 119 Exec Code Overflow 2009-11-04 2009-11-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
11104 CVE-2009-3853 119 Exec Code Overflow 2009-11-04 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
11105 CVE-2009-3850 94 Exec Code 2009-11-06 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
11106 CVE-2009-3849 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
11107 CVE-2009-3848 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.
11108 CVE-2009-3847 Exec Code 2009-12-10 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
11109 CVE-2009-3846 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.
11110 CVE-2009-3845 Exec Code 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
11111 CVE-2009-3844 119 DoS Exec Code Overflow 2009-12-08 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
11112 CVE-2009-3843 264 Exec Code 2009-11-23 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
11113 CVE-2009-3842 DoS 2009-11-20 2009-12-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors.
11114 CVE-2009-3841 Exec Code 2009-11-17 2009-11-24
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
11115 CVE-2009-3838 119 1 DoS Exec Code Overflow 2009-11-02 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
11116 CVE-2009-3837 119 Exec Code Overflow 2009-11-02 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
11117 CVE-2009-3831 94 DoS Exec Code Mem. Corr. 2009-10-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
11118 CVE-2009-3829 189 DoS Exec Code Overflow 2009-10-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
11119 CVE-2009-3819 Exec Code 2009-10-28 2011-12-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
11120 CVE-2009-3818 2009-10-28 2009-10-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
11121 CVE-2009-3812 119 2 Exec Code Overflow 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
11122 CVE-2009-3811 119 1 Exec Code Overflow 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
11123 CVE-2009-3810 119 1 DoS Exec Code Overflow 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
11124 CVE-2009-3808 1 DoS Exec Code 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.
11125 CVE-2009-3807 119 1 DoS Overflow 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
11126 CVE-2009-3800 DoS Exec Code 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
11127 CVE-2009-3799 189 Exec Code Overflow Mem. Corr. 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
11128 CVE-2009-3798 399 Exec Code Mem. Corr. 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
11129 CVE-2009-3797 399 Exec Code Mem. Corr. 2009-12-10 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
11130 CVE-2009-3796 94 Exec Code 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
11131 CVE-2009-3794 119 Exec Code Overflow 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
11132 CVE-2009-3793 399 DoS Exec Code 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
11133 CVE-2009-3792 22 Dir. Trav. 2009-12-21 2009-12-22
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors.
11134 CVE-2009-3790 119 DoS Exec Code Overflow 2009-10-26 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11135 CVE-2009-3743 189 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
11136 CVE-2009-3739 DoS 2010-01-19 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors.
11137 CVE-2009-3737 94 Exec Code 2010-08-17 2011-07-26
9.3
None Remote Medium Not required Complete Complete Complete
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.
11138 CVE-2009-3735 94 Exec Code 2010-02-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
11139 CVE-2009-3732 134 Exec Code 2010-04-12 2013-05-14
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
11140 CVE-2009-3717 119 1 DoS Exec Code Overflow 2009-10-16 2017-09-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
11141 CVE-2009-3711 119 1 DoS Exec Code Overflow 2009-10-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
11142 CVE-2009-3710 255 1 +Priv 2009-10-16 2009-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
11143 CVE-2009-3709 119 1 Exec Code Overflow 2009-10-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
11144 CVE-2009-3708 119 Exec Code Overflow 2009-10-16 2009-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11145 CVE-2009-3699 119 Exec Code Overflow 2009-10-15 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in libcsa.a (aka the calendar daemon library) in IBM AIX 5.x through 5.3.10 and 6.x through 6.1.3, and VIOS 2.1 and earlier, allows remote attackers to execute arbitrary code via a long XDR string in the first argument to procedure 21 of rpc.cmsd.
11146 CVE-2009-3693 22 Dir. Trav. 2009-10-13 2009-10-13
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.
11147 CVE-2009-3691 189 Exec Code Overflow 2009-10-13 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.
11148 CVE-2009-3678 189 DoS Exec Code Overflow 2010-05-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in cdd.dll in the Canonical Display Driver (CDD) in Microsoft Windows Server 2008 R2 and Windows 7 on 64-bit platforms, when the Windows Aero theme is installed, allows context-dependent attackers to cause a denial of service (reboot) or possibly execute arbitrary code via a crafted image file that triggers incorrect data parsing after user-mode data is copied to kernel mode, as demonstrated using "Browse with Irfanview" and certain actions on a folder containing a large number of thumbnail images in Resample mode, possibly related to the ATI graphics driver or win32k.sys, aka "Canonical Display Driver Integer Overflow Vulnerability."
11149 CVE-2009-3677 94 Bypass 2009-12-09 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The Internet Authentication Service (IAS) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold and SP1, and Server 2008 Gold does not properly verify the credentials in an MS-CHAP v2 Protected Extensible Authentication Protocol (PEAP) authentication request, which allows remote attackers to access network resources via a malformed request, aka "MS-CHAP Authentication Bypass Vulnerability."
11150 CVE-2009-3674 399 Exec Code Mem. Corr. 2009-12-09 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "Uninitialized Memory Corruption Vulnerability," a different vulnerability than CVE-2009-3671.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.