CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11451 CVE-2009-1916 78 Exec Code 2009-06-04 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the ns parameter.
11452 CVE-2009-1901 2009-06-03 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 permits "non-standard http methods," which has unknown impact and remote attack vectors.
11453 CVE-2009-1899 +Info 2009-06-03 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Configservice API in the System Management/Repository component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35, 6.1 before 6.1.0.25, and 7.0 before 7.0.0.5 on z/OS allows remote authenticated users to obtain sensitive information via unknown use of the wsadmin scripting tool, related to a "security exposure in wsadmin."
11454 CVE-2009-1896 264 Exec Code 2009-08-10 2009-08-26
10.0
Admin Remote Low Not required Complete Complete Complete
The Java Web Start framework in IcedTea in OpenJDK before 1.6.0.0-20.b16.fc10 on Fedora 10, and before 1.6.0.0-27.b16.fc11 on Fedora 11, trusts an entire application when at least one of the listed jar files is trusted, which allows context-dependent attackers to execute arbitrary code without the untrusted-code restrictions via a crafted application, related to NetX.
11455 CVE-2009-1886 134 Exec Code 2009-06-24 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
11456 CVE-2009-1882 189 DoS Exec Code Overflow 2009-06-02 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the XMakeImage function in magick/xwindow.c in ImageMagick 6.5.2-8, and GraphicsMagick, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF file, which triggers a buffer overflow. NOTE: some of these details are obtained from third party information.
11457 CVE-2009-1869 189 DoS Exec Code Overflow 2009-07-31 2018-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
11458 CVE-2009-1868 119 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
11459 CVE-2009-1866 119 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
11460 CVE-2009-1865 DoS Exec Code 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
11461 CVE-2009-1864 119 DoS Exec Code Overflow 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
11462 CVE-2009-1863 264 DoS Exec Code 2009-07-31 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
11463 CVE-2009-1862 94 DoS Exec Code Mem. Corr. 2009-07-23 2009-09-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Reader and Acrobat 9.x through 9.1.2, and Adobe Flash Player 9.x through 9.0.159.0 and 10.x through 10.0.22.87, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via (1) a crafted Flash application in a .pdf file or (2) a crafted .swf file, related to authplay.dll, as exploited in the wild in July 2009.
11464 CVE-2009-1861 119 DoS Exec Code Overflow Mem. Corr. 2009-06-11 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF file with a JPX (aka JPEG2000) stream that triggers heap memory corruption.
11465 CVE-2009-1860 Exec Code 2009-06-24 2009-07-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Shockwave Player before 11.5.0.600 allows remote attackers to execute arbitrary code via crafted Shockwave Player 10 content.
11466 CVE-2009-1859 399 Exec Code Mem. Corr. 2009-06-11 2010-05-04
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
11467 CVE-2009-1858 399 Exec Code Mem. Corr. 2009-06-11 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow remote attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
11468 CVE-2009-1857 399 DoS Exec Code Mem. Corr. 2009-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.
11469 CVE-2009-1856 189 DoS Exec Code Overflow 2009-06-11 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.
11470 CVE-2009-1855 119 Exec Code Overflow 2009-06-11 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.
11471 CVE-2009-1841 94 2009-06-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
js/src/xpconnect/src/xpcwrappedjsclass.cpp in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to execute arbitrary web script with the privileges of a chrome object, as demonstrated by the browser sidebar and the FeedWriter.
11472 CVE-2009-1840 264 Bypass 2009-06-12 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.11, Thunderbird, and SeaMonkey do not check content policy before loading a script file into a XUL document, which allows remote attackers to bypass intended access restrictions via a crafted HTML document, as demonstrated by a "web bug" in an e-mail message, or web script or an advertisement in a web page.
11473 CVE-2009-1838 94 2009-06-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The garbage-collection implementation in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 sets an element's owner document to null in unspecified circumstances, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted event handler, related to an incorrect context for this event handler.
11474 CVE-2009-1837 362 Exec Code 2009-06-12 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the NPObjWrapper_NewResolve function in modules/plugin/base/src/nsJSNPRuntime.cpp in xul.dll in Mozilla Firefox 3 before 3.0.11 might allow remote attackers to execute arbitrary code via a page transition during Java applet loading, related to a use-after-free vulnerability for memory associated with a destroyed Java object.
11475 CVE-2009-1833 94 DoS Exec Code Mem. Corr. 2009-06-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) js_LeaveSharpObject, (2) ParseXMLSource, and (3) a certain assertion in jsinterp.c; and other vectors.
11476 CVE-2009-1832 94 DoS Exec Code Mem. Corr. 2009-06-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors involving "double frame construction."
11477 CVE-2009-1831 189 Exec Code Overflow 2009-05-29 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The Nullsoft Modern Skins Support module (gen_ff.dll) in Nullsoft Winamp before 5.552 allows remote attackers to execute arbitrary code via a crafted MAKI file, which triggers an incorrect sign extension, an integer overflow, and a stack-based buffer overflow.
11478 CVE-2009-1830 119 Exec Code Overflow 2009-05-29 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
11479 CVE-2009-1817 119 Exec Code Overflow 2009-05-29 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in DigiMode Maya 1.0.2 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .m3u or (2) .m3l playlist file.
11480 CVE-2009-1815 119 Exec Code Overflow 2009-05-29 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
11481 CVE-2009-1807 Exec Code 2009-05-28 2009-06-09
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
11482 CVE-2009-1806 2009-05-28 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.4.0 SP2, when Active Memory Sharing is used, has unknown impact and attack vectors, related to a shared memory partition and a shared memory pool with redundant paging Virtual I/O Server (VIOS) partitions. NOTE: some of these details are obtained from third party information.
11483 CVE-2009-1792 78 Exec Code 2009-05-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
The system.openURL function in StoneTrip Ston3D StandalonePlayer (aka S3DPlayer StandAlone) 1.6.2.4 and 1.7.0.1 and WebPlayer (aka S3DPlayer Web) 1.6.0.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the first argument (the sURL argument).
11484 CVE-2009-1791 119 DoS Exec Code Overflow 2009-05-26 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an AIFF file with an invalid header value.
11485 CVE-2009-1788 119 DoS Exec Code Overflow 2009-05-26 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 through 1.0.19, as used in Winamp 5.552 and possibly other media programs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a VOC file with an invalid header value.
11486 CVE-2009-1784 20 Bypass 2009-05-22 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The AVG parsing engine 8.5 323, as used in multiple AVG anti-virus products including Anti-Virus Network Edition, Internet Security Netzwerk Edition, Server Edition für Linux/FreeBSD, Anti-Virus SBS Edition, and others allows remote attackers to bypass malware detection via a crafted (1) RAR and (2) ZIP archive.
11487 CVE-2009-1783 20 Bypass 2009-05-22 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple FRISK Software F-Prot anti-virus products, including Antivirus for Exchange, Linux on IBM zSeries, Linux x86 File Servers, Linux x86 Mail Servers, Linux x86 Workstations, Solaris Mail Servers, Antivirus for Windows, and others, allow remote attackers to bypass malware detection via a crafted CAB archive.
11488 CVE-2009-1774 22 Dir. Trav. 2009-05-22 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in plugins/ddb/foot.php in Strawberry 1.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the file parameter to example/index.php. NOTE: this was originally reported as an issue affecting the do parameter, but traversal with that parameter might depend on a modified example/index.php. NOTE: some of these details are obtained from third party information.
11489 CVE-2009-1759 119 DoS Exec Code Overflow 2009-05-22 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the btFiles::BuildFromMI function (trunk/btfiles.cpp) in Enhanced CTorrent (aka dTorrent) 3.3.2 and probably earlier, and CTorrent 1.3.4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Torrent file containing a long path.
11490 CVE-2009-1745 255 2009-05-21 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Armorlogic Profense Web Application Firewall before 2.2.22, and 2.4.x before 2.4.4, has a default root password hash, and permits password-based root logins over SSH, which makes it easier for remote attackers to obtain access.
11491 CVE-2009-1743 22 Exec Code Dir. Trav. 2009-05-20 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to create and overwrite arbitrary files via a filename containing a ..\ (dot dot backslash) sequence in a Hollywood FX Compressed Archive (.hfz) file. NOTE: this can be leveraged for code execution by decompressing a file to a Startup folder. NOTE: some of these details are obtained from third party information.
11492 CVE-2009-1740 119 Exec Code Overflow 2009-05-20 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in the D-Link MPEG4 Viewer ActiveX Control (csviewer.ocx) 2.11.918.2006 allow remote attackers to execute arbitrary code via a long argument to the (1) SetFilePath and (2) SetClientCookie methods. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11493 CVE-2009-1730 22 Dir. Trav. 2009-05-20 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in NetMechanica NetDecision TFTP Server 4.2 allow remote attackers to read or modify arbitrary files via directory traversal sequences in the (1) GET or (2) PUT command.
11494 CVE-2009-1726 119 DoS Exec Code Overflow 2009-08-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
11495 CVE-2009-1725 189 DoS Exec Code Mem. Corr. 2009-07-09 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted HTML document.
11496 CVE-2009-1712 94 Exec Code +Priv +Info 2009-06-10 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 4.0 does not prevent remote loading of local Java applets, which allows remote attackers to execute arbitrary code, gain privileges, or obtain sensitive information via an APPLET or OBJECT element.
11497 CVE-2009-1711 399 DoS Exec Code 2009-06-10 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 4.0 does not properly initialize memory for Attr DOM objects, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document.
11498 CVE-2009-1709 399 DoS Exec Code 2009-06-10 2018-10-03
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the garbage-collection implementation in WebCore in WebKit in Apple Safari before 4.0 allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via an SVG animation element, related to SVG set objects, SVG marker elements, the targetElement attribute, and unspecified "caches."
11499 CVE-2009-1708 Exec Code +Info 2009-06-10 2009-06-19
9.3
None Remote Medium Not required Complete Complete Complete
Apple Safari before 4.0 does not prevent calls to the open-help-anchor URL handler by web sites, which allows remote attackers to open arbitrary local help files, and execute arbitrary code or obtain sensitive information, via a crafted call.
11500 CVE-2009-1705 189 DoS Exec Code Mem. Corr. 2009-06-10 2009-06-13
9.3
None Remote Medium Not required Complete Complete Complete
CoreGraphics in Apple Safari before 4.0 on Windows does not properly use arithmetic during automatic hinting of TrueType fonts, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted font data.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.