CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11401 CVE-2009-3980 399 DoS Exec Code Mem. Corr. 2009-12-17 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11402 CVE-2009-3979 DoS Exec Code Mem. Corr. 2009-12-17 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.0.16 and 3.5.x before 3.5.6, SeaMonkey before 2.0.1, and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11403 CVE-2009-3976 119 1 DoS Exec Code Overflow 2009-11-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Labtam ProFTP 2.9 allows remote FTP servers to cause a denial of service (application crash) or execute arbitrary code via a long 220 reply (aka connection greeting or welcome message).
11404 CVE-2009-3969 119 1 DoS Exec Code Overflow 2009-11-18 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.
11405 CVE-2009-3959 189 Exec Code Overflow 2010-01-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
11406 CVE-2009-3958 119 Exec Code Overflow 2010-01-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Download Manager in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow remote attackers to execute arbitrary code via unspecified initialization parameters.
11407 CVE-2009-3956 16 XSS 2010-01-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
11408 CVE-2009-3955 399 Exec Code Mem. Corr. Bypass 2010-01-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
11409 CVE-2009-3954 94 Exec Code 2010-01-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
11410 CVE-2009-3953 119 1 Exec Code Overflow 2010-01-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
11411 CVE-2009-3952 119 Exec Code Overflow 2010-01-08 2010-01-11
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Adobe Illustrator CS3 13.0.3 and earlier and Illustrator CS4 14.0.0 allows attackers to execute arbitrary code via unspecified vectors.
11412 CVE-2009-3947 119 1 DoS Exec Code Overflow 2009-11-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the FTP service on the Tandberg MXP F7.0 allows remote attackers to cause a denial of service (process crash or device reboot) or possibly execute arbitrary code via a long USER command, as demonstrated by a command ending with many space characters.
11413 CVE-2009-3935 2009-11-12 2010-01-06
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Advanced Management Module firmware before 2.50G for the IBM BladeCenter T 8720-2xx and 8730-2xx have unknown impact and attack vectors.
11414 CVE-2009-3932 DoS Exec Code Mem. Corr. 2009-11-12 2009-11-13
9.3
None Remote Medium Not required Complete Complete Complete
The Gears plugin in Google Chrome before 3.0.195.32 allows user-assisted remote attackers to cause a denial of service (memory corruption and plugin crash) or possibly execute arbitrary code via unspecified use of the Gears SQL API, related to putting "SQL metadata into a bad state."
11415 CVE-2009-3931 20 2009-11-12 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Incomplete blacklist vulnerability in browser/download/download_exe.cc in Google Chrome before 3.0.195.32 allows remote attackers to force the download of certain dangerous files via a "Content-Disposition: attachment" designation, as demonstrated by (1) .mht and (2) .mhtml files, which are automatically executed by Internet Explorer 6; (3) .svg files, which are automatically executed by Safari; (4) .xml files; (5) .htt files; (6) .xsl files; (7) .xslt files; and (8) image files that are forbidden by the victim's site policy.
11416 CVE-2009-3930 189 Overflow 2009-11-10 2009-11-24
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Christos Zoulas file before 5.02 allow user-assisted remote attackers to have an unspecified impact via a malformed compound document (aka cdf) file that triggers a buffer overflow.
11417 CVE-2009-3924 119 DoS Exec Code Overflow 2009-11-09 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in pbsv.dll, as used in Soldier of Fortune II and possibly other applications when Even Balance PunkBuster 1.728 or earlier is enabled, allows remote attackers to cause a denial of service (application server crash) and possibly execute arbitrary code via a long restart packet.
11418 CVE-2009-3909 189 Exec Code Overflow 2009-11-18 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the read_channel_data function in plug-ins/file-psd/psd-load.c in GIMP 2.6.7 might allow remote attackers to execute arbitrary code via a crafted PSD file that triggers a heap-based buffer overflow.
11419 CVE-2009-3878 119 Overflow 2009-11-05 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Sun Java System Web Server 7.0 Update 6 has unspecified impact and remote attack vectors, as demonstrated by the vd_sjws module in VulnDisco Pack Professional 8.12. NOTE: as of 20091105, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
11420 CVE-2009-3874 189 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the JPEGImageReader implementation in the ImageI/O component in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via large subsample dimensions in a JPEG file that triggers a heap-based buffer overflow, aka Bug Id 6874643.
11421 CVE-2009-3873 119 Overflow +Priv 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The JPEG Image Writer in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, related to a "quantization problem," aka Bug Id 6862968.
11422 CVE-2009-3872 +Priv 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JPEG JFIF Decoder in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862969.
11423 CVE-2009-3871 119 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
11424 CVE-2009-3869 119 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
11425 CVE-2009-3868 119 Overflow +Priv 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
11426 CVE-2009-3867 119 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
11427 CVE-2009-3866 264 Exec Code 2009-11-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.
11428 CVE-2009-3865 94 Exec Code 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
11429 CVE-2009-3859 119 1 DoS Exec Code Overflow 2009-11-04 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.
11430 CVE-2009-3855 2009-11-04 2009-11-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
11431 CVE-2009-3854 119 Exec Code Overflow 2009-11-04 2009-11-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
11432 CVE-2009-3853 119 Exec Code Overflow 2009-11-04 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
11433 CVE-2009-3850 94 Exec Code 2009-11-06 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
11434 CVE-2009-3849 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
11435 CVE-2009-3848 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.
11436 CVE-2009-3847 Exec Code 2009-12-10 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
11437 CVE-2009-3846 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.
11438 CVE-2009-3845 Exec Code 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
11439 CVE-2009-3844 119 DoS Exec Code Overflow 2009-12-08 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
11440 CVE-2009-3843 264 Exec Code 2009-11-23 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
11441 CVE-2009-3842 DoS 2009-11-20 2009-12-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors.
11442 CVE-2009-3841 Exec Code 2009-11-17 2009-11-24
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
11443 CVE-2009-3838 119 1 DoS Exec Code Overflow 2009-11-02 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
11444 CVE-2009-3837 119 Exec Code Overflow 2009-11-02 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
11445 CVE-2009-3831 94 DoS Exec Code Mem. Corr. 2009-10-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
11446 CVE-2009-3829 189 DoS Exec Code Overflow 2009-10-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
11447 CVE-2009-3819 Exec Code 2009-10-28 2011-12-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
11448 CVE-2009-3818 2009-10-28 2009-10-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
11449 CVE-2009-3812 119 2 Exec Code Overflow 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
11450 CVE-2009-3811 119 1 Exec Code Overflow 2009-10-27 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.