CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11501 CVE-2008-4687 94 Exec Code 2008-10-22 2018-05-12
9.0
None Remote Low Single system Complete Complete Complete
manage_proj_page.php in Mantis before 1.1.4 allows remote authenticated users to execute arbitrary code via a sort parameter containing PHP sequences, which are processed by create_function within the multi_sort function in core/utility_api.php.
11502 CVE-2008-4686 189 Exec Code Overflow 2008-10-22 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in ty.c in the TY demux plugin (aka the TiVo demuxer) in VideoLAN VLC media player, probably 0.9.4, might allow remote attackers to execute arbitrary code via a crafted .ty file, a different vulnerability than CVE-2008-4654.
11503 CVE-2008-4673 94 Exec Code File Inclusion 2008-10-22 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in panel/common/theme/default/header_setup.php in WebBiscuits Software Events Calendar 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the (1) path[docroot] and (2) component parameters.
11504 CVE-2008-4668 22 Dir. Trav. 2008-10-22 2017-09-28
9.0
None Remote Low Not required Complete Partial Partial
Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php.
11505 CVE-2008-4664 119 Exec Code Overflow 2008-10-21 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.
11506 CVE-2008-4654 119 Exec Code Overflow 2008-10-21 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
11507 CVE-2008-4652 119 Exec Code Overflow 2008-10-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
11508 CVE-2008-4645 94 Exec Code 2008-10-21 2017-09-28
9.0
Admin Remote Low Single system Complete Complete Complete
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
11509 CVE-2008-4641 20 Exec Code 2008-10-21 2008-12-03
10.0
Admin Remote Low Not required Complete Complete Complete
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
11510 CVE-2008-4631 119 DoS Exec Code Overflow 2008-10-20 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from third party information.
11511 CVE-2008-4630 2008-10-20 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.
11512 CVE-2008-4624 94 Exec Code File Inclusion 2008-10-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
11513 CVE-2008-4619 DoS 2008-10-20 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
11514 CVE-2008-4615 2008-10-20 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.
11515 CVE-2008-4595 2008-10-17 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors.
11516 CVE-2008-4594 2008-10-17 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
11517 CVE-2008-4592 22 Dir. Trav. 2008-10-16 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
11518 CVE-2008-4588 119 DoS Exec Code Overflow 2008-10-15 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
11519 CVE-2008-4587 Exec Code 2008-10-15 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.
11520 CVE-2008-4586 2008-10-15 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.
11521 CVE-2008-4572 119 DoS Exec Code Overflow 2008-10-15 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
11522 CVE-2008-4564 119 Exec Code Overflow 2009-03-18 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
11523 CVE-2008-4563 119 Exec Code Overflow 2009-03-11 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
11524 CVE-2008-4562 119 Exec Code Overflow 2009-02-08 2009-04-20
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.
11525 CVE-2008-4559 20 Exec Code 2009-02-08 2009-02-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.
11526 CVE-2008-4557 94 Exec Code 2008-10-14 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
11527 CVE-2008-4556 119 Exec Code Overflow 2008-10-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
11528 CVE-2008-4548 119 Exec Code Overflow 2008-10-14 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.
11529 CVE-2008-4547 119 Exec Code Overflow 2008-10-14 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method.
11530 CVE-2008-4541 119 Exec Code Overflow 2008-10-13 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
11531 CVE-2008-4526 22 Dir. Trav. 2008-10-09 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.
11532 CVE-2008-4509 20 Exec Code 2008-10-09 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.
11533 CVE-2008-4502 94 Exec Code File Inclusion 2008-10-08 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
11534 CVE-2008-4501 22 Dir. Trav. 2008-10-08 2017-09-28
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
11535 CVE-2008-4499 22 Dir. Trav. 2008-10-08 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
11536 CVE-2008-4489 22 Dir. Trav. 2008-10-07 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11537 CVE-2008-4486 22 Dir. Trav. 2008-10-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
11538 CVE-2008-4480 119 Exec Code Overflow 2008-10-14 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.
11539 CVE-2008-4479 119 Exec Code Overflow 2008-10-14 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
11540 CVE-2008-4478 189 Exec Code Overflow 2008-10-14 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.
11541 CVE-2008-4473 119 Exec Code Overflow 2008-10-17 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
11542 CVE-2008-4472 264 2008-10-07 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
11543 CVE-2008-4471 22 Dir. Trav. 2008-10-07 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
11544 CVE-2008-4470 119 DoS Exec Code Overflow 2008-10-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname.
11545 CVE-2008-4453 264 Exec Code 2008-10-06 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
11546 CVE-2008-4452 119 DoS Exec Code Overflow 2008-10-06 2017-09-28
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request.
11547 CVE-2008-4449 119 Exec Code Overflow 2008-10-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
11548 CVE-2008-4439 94 Exec Code File Inclusion 2008-10-03 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11549 CVE-2008-4434 119 DoS Exec Code Overflow 2008-10-03 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.
11550 CVE-2008-4429 DoS 2008-10-03 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details are obtained from third party information.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.