CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11451 CVE-2013-3153 94 DoS Exec Code Mem. Corr. 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3148.
11452 CVE-2013-3155 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3157.
11453 CVE-2013-3156 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access File Format Memory Corruption Vulnerability."
11454 CVE-2013-3157 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Access 2007 SP3, 2010 SP1 and SP2, and 2013 in Microsoft Office allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Access file, aka "Access Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3155.
11455 CVE-2013-3158 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3 and 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
11456 CVE-2013-3161 94 DoS Exec Code Mem. Corr. 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143.
11457 CVE-2013-3162 94 DoS Exec Code Mem. Corr. 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3115.
11458 CVE-2013-3163 94 DoS Exec Code Mem. Corr. 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3144 and CVE-2013-3151.
11459 CVE-2013-3164 94 DoS Exec Code Mem. Corr. 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11460 CVE-2013-3171 94 Exec Code 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The serialization functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5 SP1, 3.5.1, 4, and 4.5 does not properly check the permissions of delegate objects, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (XBAP) or (2) a crafted .NET Framework application that leverages a partial-trust relationship, aka "Delegate Serialization Vulnerability."
11461 CVE-2013-3174 94 Exec Code 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."
11462 CVE-2013-3178 94 DoS Exec Code 2013-07-09 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Silverlight 5 before 5.1.20513.0 does not properly initialize arrays, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference) via a crafted Silverlight application, aka "Null Pointer Vulnerability."
11463 CVE-2013-3181 119 Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
usp10.dll in the Unicode Scripts Processor in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Uniscribe Font Parsing Engine Memory Corruption Vulnerability."
11464 CVE-2013-3184 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11465 CVE-2013-3187 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3191 and CVE-2013-3193.
11466 CVE-2013-3188 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3189.
11467 CVE-2013-3189 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3188.
11468 CVE-2013-3190 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11469 CVE-2013-3191 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3187 and CVE-2013-3193.
11470 CVE-2013-3193 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3187 and CVE-2013-3191.
11471 CVE-2013-3194 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11472 CVE-2013-3199 119 DoS Exec Code Overflow Mem. Corr. 2013-08-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11473 CVE-2013-3201 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3203, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209.
11474 CVE-2013-3202 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11475 CVE-2013-3203 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3206, CVE-2013-3207, and CVE-2013-3209.
11476 CVE-2013-3204 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11477 CVE-2013-3205 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11478 CVE-2013-3206 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3207, and CVE-2013-3209.
11479 CVE-2013-3207 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3209.
11480 CVE-2013-3208 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11481 CVE-2013-3209 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3201, CVE-2013-3203, CVE-2013-3206, and CVE-2013-3207.
11482 CVE-2013-3248 +Priv 2013-10-03 2013-10-04
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
11483 CVE-2013-3249 119 Exec Code Overflow 2014-03-20 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the "Add from text file" feature in the DameWare Exporter tool (DWExporter.exe) in DameWare Remote Support 10.0.0.372, 9.0.1.247, and earlier allows user-assisted attackers to execute arbitrary code via unspecified vectors.
11484 CVE-2013-3466 287 Exec Code 2013-08-29 2016-11-07
9.3
None Remote Medium Not required Complete Complete Complete
The EAP-FAST authentication module in Cisco Secure Access Control Server (ACS) 4.x before 4.2.1.15.11, when a RADIUS server configuration is enabled, does not properly parse user identities, which allows remote attackers to execute arbitrary commands via crafted EAP-FAST packets, aka Bug ID CSCui57636.
11485 CVE-2013-3480 189 Exec Code Overflow 2013-08-09 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Sagelight 4.4 and earlier allows remote attackers to execute arbitrary code via crafted width and height dimensions in a BMP file, which triggers a heap-based buffer overflow.
11486 CVE-2013-3481 119 Exec Code Overflow 2014-03-27 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Artweaver Plus and Free before 3.1.5 allows remote attackers to execute arbitrary code via a crafted JPG image file.
11487 CVE-2013-3482 119 1 DoS Exec Code Overflow 2014-01-19 2014-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
11488 CVE-2013-3483 119 DoS Exec Code Overflow 2014-01-19 2014-01-21
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ERS file.
11489 CVE-2013-3552 119 Exec Code Overflow 2018-02-08 2018-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Nitro Pro 7.5.0.29 and earlier and Nitro Reader 2.5.0.45 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
11490 CVE-2013-3553 119 Exec Code Overflow 2018-02-08 2018-02-24
9.3
None Remote Medium Not required Complete Complete Complete
Nitro Pro 7.5.0.22 and earlier and Nitro Reader 2.5.0.36 and earlier allow remote attackers to execute arbitrary code via a crafted PDF file.
11491 CVE-2013-3599 20 +Priv 2013-09-06 2013-09-06
9.3
None Remote Medium Not required Complete Complete Complete
userlogin.jsp in Coursemill Learning Management System (LMS) 6.6 and 6.8 allows remote attackers to gain privileges via a modified user-role value to home.html.
11492 CVE-2013-3614 264 2013-09-17 2013-09-25
9.3
None Remote Medium Not required Complete Complete Complete
Dahua DVR appliances have a small value for the maximum password length, which makes it easier for remote attackers to obtain access via a brute-force attack.
11493 CVE-2013-3626 22 Dir. Trav. 2013-11-06 2013-11-06
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the Session Server in Attachmate Verastream Host Integrator (VHI) 6.0 through 7.5 SP 1 HF 1 allows remote attackers to upload and execute arbitrary files via a crafted message.
11494 CVE-2013-3662 119 Exec Code Overflow 2014-07-01 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Timbre SketchUp (formerly Google SketchUp) before 8 Maintenance 2 allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers a stack-based buffer overflow.
11495 CVE-2013-3663 119 Exec Code Overflow 2014-06-13 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 8 Maintenance 3, allows remote attackers to execute arbitrary code via a crafted RLE8 compressed BMP.
11496 CVE-2013-3664 119 Exec Code Overflow 2014-07-01 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689) allows remote attackers to execute arbitrary code via a crafted color palette table in a MAC Pict texture, which triggers an out-of-bounds stack write. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-3662. NOTE: this issue was SPLIT due to different affected products and codebases (ADT1); CVE-2013-7388 has been assigned to the paintlib issue.
11497 CVE-2013-3743 2013-06-18 2018-01-04
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 6 Update 45 and earlier and 5.0 Update 45 and earlier allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
11498 CVE-2013-3845 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
11499 CVE-2013-3846 399 DoS Exec Code Mem. Corr. 2013-12-28 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3143 and CVE-2013-3161.
11500 CVE-2013-3847 119 DoS Exec Code Overflow Mem. Corr. 2013-09-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Word Automation Services in SharePoint Server 2010 SP1, Word Web App 2010 SP1 in Office Web Apps 2010, Word 2003 SP3, Word 2007 SP3, Word 2010 SP1, Office Compatibility Pack SP3, and Word Viewer allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "Word Memory Corruption Vulnerability," a different vulnerability than CVE-2013-3848, CVE-2013-3849, and CVE-2013-3858.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.