CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11701 CVE-2009-2484 119 1 DoS Exec Code Overflow 2009-07-16 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
11702 CVE-2009-2477 94 2 Exec Code 2009-07-15 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
11703 CVE-2009-2476 264 Bypass 2009-08-10 2017-09-18
10.0
Admin Remote Low Not required Complete Complete Complete
The Java Management Extensions (JMX) implementation in Sun Java SE 6 before Update 15, and OpenJDK, does not properly enforce OpenType checks, which allows context-dependent attackers to bypass intended access restrictions by leveraging finalizer resurrection to obtain a reference to a privileged object.
11704 CVE-2009-2471 2009-07-22 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
The setTimeout function in Mozilla Firefox before 3.0.12 does not properly preserve object wrapping, which allows remote attackers to execute arbitrary JavaScript with chrome privileges via a crafted call, related to XPCNativeWrapper.
11705 CVE-2009-2469 399 DoS Exec Code Mem. Corr. 2009-07-22 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.0.12 does not properly handle an SVG element that has a property with a watch function and an __defineSetter__ function, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted document, related to a certain pointer misinterpretation.
11706 CVE-2009-2468 189 DoS Exec Code Overflow 2009-07-22 2009-09-16
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in Apple CoreGraphics, as used in Safari before 4.0.3, Mozilla Firefox before 3.0.12, and Mac OS X 10.4.11 and 10.5.8, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long text run that triggers a heap-based buffer overflow during font glyph rendering, a related issue to CVE-2009-1194.
11707 CVE-2009-2467 DoS Exec Code 2009-07-22 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.0.12 and 3.5 before 3.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving a Flash object, a slow script dialog, and the unloading of the Flash plugin, which triggers attempted use of a deleted object.
11708 CVE-2009-2466 399 DoS Exec Code Mem. Corr. 2009-07-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsDOMClassInfo.cpp, (2) JS_HashTableRawLookup, and (3) MirrorWrappedNativeParent and js_LockGCThingRT.
11709 CVE-2009-2465 399 DoS Exec Code Mem. Corr. 2009-07-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.0.12 and Thunderbird allow remote attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via vectors involving double frame construction, related to (1) nsHTMLContentSink.cpp, (2) nsXMLContentSink.cpp, and (3) nsPresShell.cpp, and the nsSubDocumentFrame::Reflow function.
11710 CVE-2009-2464 399 DoS Exec Code Mem. Corr. 2009-07-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The nsXULTemplateQueryProcessorRDF::CheckIsSeparator function in Mozilla Firefox before 3.0.12, SeaMonkey 2.0a1pre, and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to loading multiple RDF files in a XUL tree element.
11711 CVE-2009-2463 189 DoS Exec Code Overflow Mem. Corr. 2009-07-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple integer overflows in the (1) PL_Base64Decode and (2) PL_Base64Encode functions in nsprpub/lib/libc/src/base64.c in Mozilla Firefox before 3.0.12, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors that trigger buffer overflows.
11712 CVE-2009-2462 399 DoS Exec Code Mem. Corr. 2009-07-22 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) the frame chain and synchronous events, (2) a SetMayHaveFrame assertion and nsCSSFrameConstructor::CreateFloatingLetterFrame, (3) nsCSSFrameConstructor::ConstructFrame, (4) the child list and initial reflow, (5) GetLastSpecialSibling, (6) nsFrameManager::GetPrimaryFrameFor and MathML, (7) nsFrame::GetBoxAscent, (8) nsCSSFrameConstructor::AdjustParentFrame, (9) nsDOMOfflineResourceList, and (10) nsContentUtils::ComparePosition.
11713 CVE-2009-2460 119 Overflow 2009-07-14 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in mathtex.cgi in mathTeX, when downloaded before 20090713, have unspecified impact and remote attack vectors.
11714 CVE-2009-2459 2009-07-14 2010-04-20
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in mimeTeX, when downloaded before 20090713, have unknown impact and attack vectors related to the (1) \environ, (2) \input, and (3) \counter TeX directives.
11715 CVE-2009-2452 2009-07-14 2009-07-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Citrix Licensing 11.5 have unknown impact and attack vectors, related to "underlying components of the License Management Console."
11716 CVE-2009-2415 189 Exec Code Overflow 2009-08-10 2009-12-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in memcached 1.1.12 and 1.2.2 allow remote attackers to execute arbitrary code via vectors involving length attributes that trigger heap-based buffer overflows.
11717 CVE-2009-2412 189 DoS Exec Code Overflow 2009-08-06 2017-09-18
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in APR-util; leading to buffer overflows. NOTE: some of these details are obtained from third party information.
11718 CVE-2009-2404 119 DoS Exec Code Overflow 2009-08-03 2018-10-03
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
11719 CVE-2009-2403 119 1 DoS Exec Code Overflow 2009-07-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.
11720 CVE-2009-2396 94 1 Exec Code File Inclusion 2009-07-09 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the SECURITY_FILE parameter.
11721 CVE-2009-2386 20 2009-07-10 2009-07-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in Awingsoft Awakening Winds3D Viewer plugin 3.5.0.0, 3.0.0.5, and possibly other versions allows remote attackers to force the download and execution of arbitrary files via the GetURL method.
11722 CVE-2009-2384 119 1 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third party information.
11723 CVE-2009-2375 119 Exec Code Overflow 2009-07-08 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of these details are obtained from third party information.
11724 CVE-2009-2368 2009-07-08 2009-07-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.
11725 CVE-2009-2364 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via (1) a long string in a .plf file and (2) a long string in the listdata.dat file, possibly related to a track entry.
11726 CVE-2009-2363 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.
11727 CVE-2009-2362 119 2 Exec Code Overflow 2009-07-08 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file.
11728 CVE-2009-2357 16 2009-07-07 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and the underlying Windows operating system.
11729 CVE-2009-2356 119 Exec Code Overflow 2009-07-07 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1) POP3, (2) SMTP, or (3) web component that triggers a long SQL query.
11730 CVE-2009-2347 189 Exec Code Overflow 2009-07-14 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a heap-based buffer overflow in the (a) cvt_whole_image function in tiff2rgba and (b) tiffcvt function in rgb2ycbcr.
11731 CVE-2009-2344 264 1 +Priv 2009-07-07 2018-10-10
9.0
None Remote Low Single system Complete Complete Complete
The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an edit action to admin/user/user.cgi and unspecified other components.
11732 CVE-2009-2317 255 2009-07-05 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Axesstel MV 410R has a certain default administrator password, and does not force a password change, which makes it easier for remote attackers to obtain access.
11733 CVE-2009-2300 399 DoS Exec Code 2009-07-02 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The management interface in the phion airlock Web Application Firewall (WAF) 4.1-10.41 does not properly handle CGI requests that specify large width and height parameters for an image, which allows remote attackers to execute arbitrary commands or cause a denial of service (resource consumption) via a crafted request.
11734 CVE-2009-2296 2009-07-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
11735 CVE-2009-2281 119 Exec Code Overflow 2009-10-23 2009-10-26
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer underflows in the readPostBody function in cgiutil.c in mapserv in MapServer 4.x through 4.10.4 and 5.x before 5.4.2 allow remote attackers to execute arbitrary code via (1) a crafted Content-Length HTTP header or (2) a large HTTP request, related to an integer overflow that triggers a heap-based buffer overflow. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-0840.
11736 CVE-2009-2271 255 2009-07-01 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
11737 CVE-2009-2261 20 1 Exec Code 2009-06-30 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
11738 CVE-2009-2227 119 1 Exec Code Overflow 2009-06-26 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
11739 CVE-2009-2225 119 Exec Code Overflow 2009-06-26 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in SureThing CD/DVD Labeler 5.1.616 trial version allows user-assisted remote attackers to execute arbitrary code via a crafted (1) m3u or (2) pls playlist file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11740 CVE-2009-2223 22 1 Dir. Trav. File Inclusion 2009-06-26 2017-09-18
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in locms/smarty.php in LightOpenCMS 0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cwd parameter. NOTE: remote file inclusion attacks may be possible.
11741 CVE-2009-2210 DoS Exec Code 2009-06-25 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Thunderbird before 2.0.0.22 and SeaMonkey before 1.1.17 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a multipart/alternative e-mail message containing a text/enhanced part that triggers access to an incorrect object type.
11742 CVE-2009-2204 Exec Code Mem. Corr. 2009-08-03 2010-03-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the CoreTelephony component in Apple iPhone OS before 3.0.1 allows remote attackers to execute arbitrary code, obtain GPS coordinates, or enable the microphone via an SMS message that triggers memory corruption, as demonstrated by Charlie Miller at SyScan '09 Singapore.
11743 CVE-2009-2203 119 DoS Exec Code Overflow 2009-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MPEG-4 video file.
11744 CVE-2009-2202 DoS Exec Code Mem. Corr. 2009-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted H.264 movie file.
11745 CVE-2009-2195 119 DoS Exec Code Overflow 2009-08-12 2011-02-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in WebKit in Apple Safari before 4.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted floating-point numbers.
11746 CVE-2009-2193 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
11747 CVE-2009-2188 119 DoS Exec Code Overflow 2009-08-06 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8, and Safari before 4.0.3, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
11748 CVE-2009-2186 Exec Code 2009-06-24 2009-07-01
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Shockwave Player before 11.0.0.465 allows remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2009-1860, related to an older issue that "was previously resolved in Shockwave Player 11.0.0.465."
11749 CVE-2009-2169 94 Exec Code 2009-06-22 2009-06-23
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the PDFVIEWER.PDFViewerCtrl.1 ActiveX control (pdfviewer.ocx) in Edraw PDF Viewer Component before 3.2.0.126 allows remote attackers to create and overwrite arbitrary files via a URL argument to the FtpConnect argument and a target filename argument to the FtpDownloadFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
11750 CVE-2009-2140 119 Exec Code Overflow 2009-09-21 2010-05-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in cppcanvas/source/mtfrenderer/emfplus.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allow remote attackers to execute arbitrary code via a crafted EMF+ file, a similar issue to CVE-2008-2238.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.