CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11501 CVE-2009-2368 2009-07-08 2009-07-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.
11502 CVE-2009-2364 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.
11503 CVE-2009-2363 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.
11504 CVE-2009-2362 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file.
11505 CVE-2009-2357 16 2009-07-07 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
11506 CVE-2009-2356 119 Exec Code Overflow 2009-07-07 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
11507 CVE-2009-2347 189 Exec Code Overflow 2009-07-14 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
11508 CVE-2009-2344 264 1 +Priv 2009-07-07 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
11509 CVE-2009-2317 255 2009-07-05 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
11510 CVE-2009-2300 399 DoS Exec Code 2009-07-02 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.
11511 CVE-2009-2296 2009-07-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
11512 CVE-2009-2281 119 Exec Code Overflow 2009-10-23 2009-10-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
11513 CVE-2009-2271 255 2009-07-01 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
11514 CVE-2009-2261 20 1 Exec Code 2009-06-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
11515 CVE-2009-2227 119 1 Exec Code Overflow 2009-06-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
11516 CVE-2009-2225 119 Exec Code Overflow 2009-06-26 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11517 CVE-2009-2223 22 1 Dir. Trav. File Inclusion 2009-06-26 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
11518 CVE-2009-2210 DoS Exec Code 2009-06-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
11519 CVE-2009-2204 Exec Code Mem. Corr. 2009-08-03 2010-03-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
11520 CVE-2009-2203 119 DoS Exec Code Overflow 2009-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
11521 CVE-2009-2202 DoS Exec Code Mem. Corr. 2009-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
11522 CVE-2009-2195 119 DoS Exec Code Overflow 2009-08-12 2011-02-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
11523 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
11524 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
11525 CVE-2009-2186 Exec Code 2009-06-24 2009-07-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."
11526 CVE-2009-2169 94 Exec Code 2009-06-22 2009-06-23
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
11527 CVE-2009-2140 119 Exec Code Overflow 2009-09-21 2010-05-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.
11528 CVE-2009-2139 119 Exec Code Overflow 2009-09-08 2010-07-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a similar issue to CVE-2008-2238.
11529 CVE-2009-2121 119 DoS Exec Code Overflow 2009-06-23 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the browser kernel in Google Chrome before 2.0.172.33 allows remote HTTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted response.
11530 CVE-2009-2111 94 2009-06-18 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Static code injection vulnerability in add_reg.php in DB Top Sites 1.0 allows remote attackers to inject arbitrary PHP code via a crafted (1) url and (2) location parameter.
11531 CVE-2009-2061 310 2009-06-15 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.0.10 processes a 3xx HTTP CONNECT response before a successful SSL handshake, which allows man-in-the-middle attackers to execute arbitrary web script, in an https site's context, by modifying this CONNECT response to specify a 302 redirect to an arbitrary https web site.
11532 CVE-2009-2047 22 Dir. Trav. 2009-07-16 2017-08-16
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the Administration interface in Cisco Customer Response Solutions (CRS) before 7.0(1) SR2 in Cisco Unified Contact Center Express (aka CCX) server allows remote authenticated users to read, modify, or delete arbitrary files via unspecified vectors.
11533 CVE-2009-2039 2009-06-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Luottokunta module before 1.3 for osCommerce has unknown impact and attack vectors related to orders.
11534 CVE-2009-2038 2009-06-12 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Finnish Bank Payment module 2.2 for osCommerce has unknown impact and attack vectors related to bank charges.
11535 CVE-2009-2030 2009-06-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the XML Digital Signature verification functionality in JVA-RUN in JDK 6.0 in IBM OS/400 i5/OS V5R4M0 and V6R1M0 has unknown impact and attack vectors related to "XML SECURITY PATCH."
11536 CVE-2009-2028 2009-06-11 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 have unknown impact and attack vectors, related to "Adobe internally discovered issues."
11537 CVE-2009-2026 119 Exec Code Overflow 2009-08-10 2018-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in a token searching function in the dtscore library in Data Transport Services in CA Software Delivery r11.2 C1, C2, C3, and SP4; Unicenter Software Delivery 4.0 C3; CA Advantage Data Transport 3.0 C1; and CA IT Client Manager r12 allows remote attackers to execute arbitrary code via crafted data.
11538 CVE-2009-2011 78 Exec Code 2009-06-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Worldweaver DX Studio Player 3.0.29.0, 3.0.22.0, 3.0.12.0, and probably other versions before 3.0.29.1, when used as a plug-in for Firefox, does not restrict access to the shell.execute JavaScript API method, which allows remote attackers to execute arbitrary commands via a .dxstudio file that invokes this method.
11539 CVE-2009-1992 2009-10-22 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11540 CVE-2009-1985 2009-10-22 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Network Authentication component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
11541 CVE-2009-1979 Exec Code 2009-10-22 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Network Authentication component in Oracle Database 10.1.0.5 and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the October 2009 CPU. Oracle has not commented on claims from an independent researcher that this is related to improper validation of the AUTH_SESSKEY parameter length that leads to arbitrary code execution.
11542 CVE-2009-1978 Exec Code 2009-07-14 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows remote authenticated users to execute arbitrary code with SYSTEM privileges via vectors involving property_box.php.
11543 CVE-2009-1977 Bypass 2009-07-14 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.
11544 CVE-2009-1960 94 File Inclusion 2009-06-07 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
inc/init.php in DokuWiki 2009-02-14, rc2009-02-06, and rc2009-01-30, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via the config_cascade[main][default][] parameter to doku.php. NOTE: PHP remote file inclusion is also possible in PHP 5 using ftp:// URLs.
11545 CVE-2009-1944 119 Exec Code Overflow 2009-06-05 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in AIMP 2.51 build 330 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag.
11546 CVE-2009-1943 119 Exec Code Overflow 2009-06-05 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IKE service (ireIke.exe) in SafeNet SoftRemote before 10.8.6 allows remote attackers to execute arbitrary code via a long request to UDP port 62514.
11547 CVE-2009-1930 255 Exec Code 2009-08-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The Telnet service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote Telnet servers to execute arbitrary code on a client machine by replaying the NTLM credentials of a client user, aka "Telnet Credential Reflection Vulnerability," a related issue to CVE-2000-0834.
11548 CVE-2009-1929 119 Exec Code Overflow 2009-08-12 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Microsoft Terminal Services Client ActiveX control running RDP 6.1 on Windows XP SP2, Vista SP1 or SP2, or Server 2008 Gold or SP2; or 5.2 or 6.1 on Windows XP SP3; allows remote attackers to execute arbitrary code via unspecified parameters to unknown methods, aka "Remote Desktop Connection ActiveX Control Heap Overflow Vulnerability."
11549 CVE-2009-1925 94 Exec Code 2009-09-08 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The TCP/IP implementation in Microsoft Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 does not properly manage state information, which allows remote attackers to execute arbitrary code by sending packets to a listening service, and thereby triggering misinterpretation of an unspecified field as a function pointer, aka "TCP/IP Timestamps Code Execution Vulnerability."
11550 CVE-2009-1924 189 Exec Code Overflow 2009-08-12 2019-04-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the Windows Internet Name Service (WINS) component for Microsoft Windows 2000 SP4 allows remote WINS replication partners to execute arbitrary code via crafted data structures in a packet, aka "WINS Integer Overflow Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.