CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11401 CVE-2009-3464 94 Exec Code 2009-11-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site, related to an "invalid pointer vulnerability," a different issue than CVE-2009-3465. NOTE: some of these details are obtained from third party information.
11402 CVE-2009-3463 119 Exec Code Overflow 2009-11-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Adobe Shockwave Player before 11.5.2.602 allows remote attackers to execute arbitrary code via crafted Shockwave content on a web site. NOTE: some of these details are obtained from third party information.
11403 CVE-2009-3461 264 Bypass 2009-10-19 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Acrobat 9.x before 9.2 allows attackers to bypass intended file-extension restrictions via unknown vectors.
11404 CVE-2009-3460 399 DoS Exec Code Mem. Corr. 2009-10-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
11405 CVE-2009-3459 119 Exec Code Overflow Mem. Corr. 2009-10-13 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
11406 CVE-2009-3458 20 Exec Code 2009-10-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
11407 CVE-2009-3429 119 1 Exec Code Overflow 2009-09-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
11408 CVE-2009-3428 119 3 Exec Code Overflow 2009-09-25 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Easy Music Player 1.0.0.2 allows remote attackers to execute arbitrary code via a crafted .wav file.
11409 CVE-2009-3415 2010-01-12 2012-10-22
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Oracle OLAP component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors.
11410 CVE-2009-3403 2009-10-22 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the JRockit component in BEA Product Suite R27.6.4: JRE/JDK, 1.4.2, 5, and, and 6 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: this issue subsumes CVE-2009-2670, CVE-2009-2671, CVE-2009-2672, CVE-2009-2673, CVE-2009-2674, CVE-2009-2675, and CVE-2009-2676.
11411 CVE-2009-3389 189 DoS Exec Code Overflow 2009-12-17 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a video with large dimensions.
11412 CVE-2009-3388 399 DoS Exec Code 2009-12-17 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
liboggplay in Mozilla Firefox 3.5.x before 3.5.6 and SeaMonkey before 2.0.1 might allow context-dependent attackers to cause a denial of service (application crash) or execute arbitrary code via unspecified vectors, related to "memory safety issues."
11413 CVE-2009-3384 DoS Exec Code +Info 2009-11-13 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in WebKit in Apple Safari before 4.0.4 on Windows allow remote FTP servers to execute arbitrary code, cause a denial of service (application crash), or obtain sensitive information via a crafted directory listing in a reply.
11414 CVE-2009-3383 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11415 CVE-2009-3382 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
layout/base/nsCSSFrameConstructor.cpp in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 does not properly handle first-letter frames, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
11416 CVE-2009-3381 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11417 CVE-2009-3380 DoS Exec Code Mem. Corr. 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11418 CVE-2009-3379 DoS Exec Code 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors. NOTE: this might overlap CVE-2009-2663.
11419 CVE-2009-3378 DoS Exec Code 2009-10-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The oggplay_data_handle_theora_frame function in media/liboggplay/src/liboggplay/oggplay_data.c in liboggplay, as used in Mozilla Firefox 3.5.x before 3.5.4, attempts to reuse an earlier frame data structure upon encountering a decoding error for the first frame, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or possibly execute arbitrary code via a crafted .ogg video file.
11420 CVE-2009-3377 DoS Exec Code 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in liboggz before cf5feeaab69b05e24, as used in Mozilla Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
11421 CVE-2009-3376 16 2009-10-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, does not properly handle a right-to-left override (aka RLO or U+202E) Unicode character in a download filename, which allows remote attackers to spoof file extensions via a crafted filename, as demonstrated by displaying a non-executable extension for an executable file.
11422 CVE-2009-3373 119 Exec Code Overflow 2009-10-29 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the GIF image parser in Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via unspecified vectors.
11423 CVE-2009-3372 Exec Code 2009-10-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.15 and 3.5.x before 3.5.4, and SeaMonkey before 2.0, allows remote attackers to execute arbitrary code via a crafted regular expression in a Proxy Auto-configuration (PAC) file.
11424 CVE-2009-3371 399 DoS Exec Code 2009-10-29 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox 3.5.x before 3.5.4 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code by creating JavaScript web-workers recursively.
11425 CVE-2009-3364 119 1 Exec Code Overflow 2009-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in FTPShell Client 4.1 RC2 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
11426 CVE-2009-3354 2009-09-24 2009-09-24
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Rest API module for Drupal have unknown impact and attack vectors.
11427 CVE-2009-3353 2009-09-24 2009-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Node2Node module for Drupal have unknown impact and attack vectors.
11428 CVE-2009-3352 2009-09-24 2009-09-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the quota_by_role (Quota by role) module for Drupal have unknown impact and attack vectors.
11429 CVE-2009-3351 2009-09-24 2009-09-24
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Node Browser module for Drupal have unknown impact and attack vectors.
11430 CVE-2009-3350 2009-09-24 2009-10-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Subdomain Manager module for Drupal have unknown impact and attack vectors.
11431 CVE-2009-3347 119 Exec Code Overflow 2009-09-24 2011-12-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on the D-Link DIR-400 wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11432 CVE-2009-3346 Exec Code 2009-09-24 2009-09-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SAP Crystal Reports Server 2008 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11433 CVE-2009-3345 119 Overflow 2009-09-24 2011-12-20
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in SAP Crystal Reports Server 2008 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.3 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11434 CVE-2009-3341 119 Exec Code Overflow 2009-09-24 2009-09-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on the Linksys WRT54GL wireless router allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.10 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11435 CVE-2009-3338 119 1 Exec Code Overflow 2009-09-24 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in EffectMatrix (E.M.) Magic Morph 1.95b allows remote attackers to execute arbitrary code via a long string in a .mor file.
11436 CVE-2009-3329 119 1 Exec Code Overflow 2009-09-23 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Winplot 1.25.0.1 allows user-assisted remote attackers to execute arbitrary code via a crafted Plot2D (.wp2) file.
11437 CVE-2009-3302 94 DoS Exec Code 2010-02-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTSetBrc table property modifier in a Word document, related to a "boundary error flaw."
11438 CVE-2009-3301 189 DoS Exec Code 2010-02-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in filter/ww8/ww8par2.cxx in OpenOffice.org (OOo) before 3.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted sprmTDefTable table property modifier in a Word document.
11439 CVE-2009-3258 264 2009-09-18 2018-10-30
9.0
None Remote Low Single system Complete Complete Complete
vtiger CRM before 5.1.0 allows remote authenticated users, with certain View privileges, to delete (1) attachments, (2) reports, (3) filters, (4) views, and (5) tickets; insert (6) attachments, (7) reports, (8) filters, (9) views, and (10) tickets; and edit (11) reports, (12) filters, (13) views, and (14) tickets via unspecified vectors.
11440 CVE-2009-3254 119 1 Exec Code Overflow 2009-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
11441 CVE-2009-3253 119 1 DoS Exec Code Overflow 2009-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
11442 CVE-2009-3250 20 1 Exec Code 2009-09-18 2017-09-18
9.0
None Remote Low Single system Complete Complete Complete
The saveForwardAttachments procedure in the Compose Mail functionality in vtiger CRM 5.0.4 allows remote authenticated users to execute arbitrary code by composing an e-mail message with an attachment filename ending in (1) .php in installations based on certain Apache HTTP Server configurations, (2) .php. on Windows, or (3) .php/ on Linux, and then making a direct request to a certain pathname under storage/.
11443 CVE-2009-3245 20 2010-03-05 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
11444 CVE-2009-3244 119 1 DoS Exec Code Overflow 2009-09-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SwDir.dll ActiveX control in Adobe Shockwave Player 11.5.1.601 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PlayerVersion property value.
11445 CVE-2009-3232 287 Bypass 2009-09-17 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
pam-auth-update for PAM, as used in Ubuntu 8.10 and 9.4, and Debian GNU/Linux, does not properly handle an "empty selection" for system authentication modules in certain rare configurations, which causes any attempt to be successful and allows remote attackers to bypass authentication.
11446 CVE-2009-3221 119 1 Exec Code Overflow 2009-09-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Audio Lib Player (ALP) allows remote attackers to execute arbitrary code via a long URL in a .m3u playlist file.
11447 CVE-2009-3214 119 Exec Code Overflow 2009-09-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.
11448 CVE-2009-3213 119 1 DoS Exec Code Overflow 2009-09-16 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in broid 1.0 Beta 3a allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .mp3 file.
11449 CVE-2009-3179 Exec Code 2009-09-11 2009-09-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Symantec Altiris Deployment Solution 6.9 might allow remote attackers to execute arbitrary code via unknown client-side attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 7.17, as identified by (1) "Symantec Altiris Deployment Solution 6.9 exploit, (2) "Symantec Altiris Deployment Solution 6.9 exploit (II)," and (3) "Symantec Altiris Deployment Solution 6.9 exploit (III)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11450 CVE-2009-3177 2009-09-11 2009-09-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Kaspersky Online Scanner 7.0 has unknown impact and attack vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.8, (1) "Kaspersky Online Antivirus Scanner 7.0 exploit (Linux)" and (2) "Kaspersky Online Antivirus Scanner 7.0 exploit (Windows)." NOTE: as of 20090909, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.