CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11701 CVE-2010-0016 20 Exec Code 2010-02-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The SMB client implementation in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate response fields, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted response, aka "SMB Client Pool Corruption Vulnerability."
11702 CVE-2009-5157 77 2019-06-11 2019-06-17
9.0
None Remote Low Single system Complete Complete Complete
On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.
11703 CVE-2009-5156 77 2019-06-11 2019-06-12
10.0
None Remote Low Not required Complete Complete Complete
An issue was discovered on ASMAX AR-804gu 66.34.1 devices. There is Command Injection via the cgi-bin/script query string.
11704 CVE-2009-5143 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Discovery 530C has a password of #bigguy1 for the (1) acqservice user and (2) wsservice user of the Xeleris System, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
11705 CVE-2009-5118 +Priv 2012-08-22 2017-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in McAfee VirusScan Enterprise before 8.7i allows local users to gain privileges via a Trojan horse DLL in an unspecified directory, as demonstrated by scanning a document located on a remote share.
11706 CVE-2009-5109 119 4 Exec Code Overflow 2011-12-24 2011-12-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
11707 CVE-2009-5074 2011-05-02 2011-07-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.
11708 CVE-2009-5071 2011-04-19 2011-04-27
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Palm Pre WebOS before 1.2.1 has unknown impact and attack vectors related to an "included contact template file."
11709 CVE-2009-5052 2011-02-03 2011-02-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.
11710 CVE-2009-4988 119 1 Exec Code Overflow 2010-08-25 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
11711 CVE-2009-4964 119 1 Exec Code Overflow 2010-07-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.
11712 CVE-2009-4962 119 1 Exec Code Overflow 2010-07-28 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
11713 CVE-2009-4952 22 Dir. Trav. 2010-07-22 2010-07-23
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors.
11714 CVE-2009-4919 119 Overflow 2010-06-29 2010-06-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow on Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) allows remote attackers to have an unspecified impact via long IKE attributes, aka Bug ID CSCsu43121.
11715 CVE-2009-4912 264 Bypass 2010-06-29 2010-06-30
10.0
None Remote Low Not required Complete Complete Complete
Cisco Adaptive Security Appliances (ASA) 5580 series devices with software before 8.1(2) complete an SSL handshake with an HTTPS client even if this client is unauthorized, which might allow remote attackers to bypass intended access restrictions via an HTTPS session, aka Bug ID CSCso10876.
11716 CVE-2009-4897 119 DoS Exec Code Overflow Mem. Corr. 2010-07-22 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name.
11717 CVE-2009-4873 119 DoS Exec Code Overflow 2010-05-26 2010-05-26
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the HTTP server in Rhino Software Serv-U Web Client 9.0.0.5 allows remote attackers to cause a denial of service (server crash) or execute arbitrary code via a long Session cookie.
11718 CVE-2009-4863 119 1 Exec Code Overflow 2010-05-11 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
11719 CVE-2009-4850 119 2 Overflow 2010-05-07 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
11720 CVE-2009-4841 119 1 Exec Code Overflow 2010-05-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
11721 CVE-2009-4840 119 1 Exec Code Overflow 2010-05-06 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.
11722 CVE-2009-4790 22 Dir. Trav. 2010-04-22 2010-06-03
9.0
None Remote Low Single system Complete Complete Complete
Multiple directory traversal vulnerabilities in Sysax Multi Server 4.5 allow remote authenticated users to read or modify arbitrary files via crafted FTP commands. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11723 CVE-2009-4778 DoS Exec Code Mem. Corr. 2010-04-21 2010-04-22
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the PDF distiller in the Attachment Service component in Research In Motion (RIM) BlackBerry Enterprise Server (BES) software 4.1.3 through 4.1.7 and 5.0.0, and BlackBerry Professional Software 4.1.4, allow user-assisted remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted .pdf file attachment, a different vulnerability than CVE-2008-3246, CVE-2009-0176, CVE-2009-0219, CVE-2009-2643, and CVE-2009-2646.
11724 CVE-2009-4776 119 Overflow 2010-04-21 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Hitachi Cosminexus V4 through V8, Processing Kit for XML, and Developer's Kit for Java, as used in products such as uCosminexus, Electronic Form Workflow, Groupmax, and IBM XL C/C++ Enterprise Edition 7 and 8, allows remote attackers to have an unknown impact via vectors related to the use of GIF image processing APIs by a Java application, and a different issue from CVE-2007-3794.
11725 CVE-2009-4769 134 2 Exec Code 2010-04-20 2010-06-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
11726 CVE-2009-4768 94 Exec Code 2010-04-20 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the JASS script interpreter in Warcraft III: The Frozen Throne 1.24b and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted custom map. NOTE: some of these details are obtained from third party information.
11727 CVE-2009-4764 94 1 Exec Code 2010-04-05 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader 8.x and 9.x on Windows is able to execute EXE files that are embedded in a PDF document, which makes it easier for remote attackers to trick users into executing arbitrary code via a crafted document.
11728 CVE-2009-4761 119 2 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
11729 CVE-2009-4759 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
11730 CVE-2009-4758 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.
11731 CVE-2009-4757 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.
11732 CVE-2009-4756 119 4 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
11733 CVE-2009-4755 119 2 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.
11734 CVE-2009-4754 119 2 Exec Code Overflow 2010-03-29 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
11735 CVE-2009-4741 2010-03-26 2010-03-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
11736 CVE-2009-4737 119 Exec Code Overflow 2010-04-06 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JustSystems Corporation Ichitaro 13, 2004 through 2009, Viewer 2009 19.0.1.0 and earlier, and other versions allows context-dependent attackers to execute arbitrary code via a crafted Rich Text File (RTF), related to "pvpara ffooter."
11737 CVE-2009-4676 119 Exec Code Overflow 2010-03-05 2010-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11738 CVE-2009-4668 119 1 Exec Code Overflow 2010-03-05 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.
11739 CVE-2009-4663 119 1 Exec Code Overflow 2010-03-03 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method.
11740 CVE-2009-4660 119 2 Exec Code Overflow 2010-03-03 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.
11741 CVE-2009-4656 119 1 DoS Exec Code Overflow 2010-03-03 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
11742 CVE-2009-4654 119 Exec Code Overflow 2010-02-26 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to execute arbitrary code via long sadminpwd and verifypwd parameters in a submit action to /dhost/httpstk.
11743 CVE-2009-4653 119 DoS Exec Code Overflow 2010-02-26 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the dhost module in Novell eDirectory 8.8 SP5 for Windows allows remote authenticated users to cause a denial of service (dhost.exe crash) and possibly execute arbitrary code via a long string to /dhost/modules?I:.
11744 CVE-2009-4646 94 2010-02-19 2010-02-22
9.0
None Remote Low Single system Complete Complete Complete
Static code injection vulnerability in the administrative web interface in Accellion Secure File Transfer Appliance allows remote authenticated administrators to inject arbitrary shell commands by appending them to a request to update the SNMP public community string.
11745 CVE-2009-4644 78 Exec Code Bypass 2010-02-19 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
Accellion Secure File Transfer Appliance before 8_0_105 allows remote authenticated administrators to bypass the restricted shell and execute arbitrary commands via shell metacharacters to the ping command, as demonstrated by modifying the cli program.
11746 CVE-2009-4643 119 Exec Code Overflow 2010-02-15 2010-02-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in dsInstallerService.dll in the Juniper Installer Service, as used in Juniper Odyssey Access Client 4.72.11421.0 and other products, allows remote attackers to execute arbitrary code via a long string in a malformed DSSETUPSERVICE_CMD_UNINSTALL command to the NeoterisSetupService named pipe.
11747 CVE-2009-4637 119 DoS Exec Code Overflow 2010-02-09 2010-05-20
10.0
None Remote Low Not required Complete Complete Complete
FFmpeg 0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a stack-based buffer overflow.
11748 CVE-2009-4635 94 DoS Exec Code Overflow 2010-02-09 2011-10-25
9.3
None Remote Medium Not required Complete Complete Complete
FFmpeg 0.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted MOV container with improperly ordered tags that cause (1) mov.c and (2) utils.c to use inconsistent codec types and identifiers, leading to processing of a video-structure pointer by the mp3 decoder, and a stack-based buffer overflow.
11749 CVE-2009-4634 189 DoS Exec Code Bypass 2010-02-09 2011-10-25
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer underflows in FFmpeg 0.5 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that (1) bypasses a validation check in vorbis_dec.c and triggers a wraparound of the stack pointer, or (2) access a pointer from out-of-bounds memory in mov.c, related to an elst tag that appears before a tag that creates a stream.
11750 CVE-2009-4633 189 DoS Exec Code Overflow 2010-02-09 2011-10-25
10.0
None Remote Low Not required Complete Complete Complete
vorbis_dec.c in FFmpeg 0.5 uses an assignment operator when a comparison operator was intended, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted file that modifies a loop counter and triggers a heap-based buffer overflow.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.