CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11751 CVE-2011-3867 189 DoS Exec Code 2011-09-28 2011-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in Mozilla Firefox 3.6.x before 3.6.23 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via JavaScript code containing a large RegExp expression.
11752 CVE-2011-3834 189 Exec Code Overflow 2011-12-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.
11753 CVE-2011-3828 94 Exec Code 2011-11-26 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
DVRemoteAx.ax 2.1.0.39 in the DVR Remote ActiveX control allows remote attackers to execute arbitrary code via a crafted DVRobot.dll file in a manifest directory on a web server.
11754 CVE-2011-3691 426 +Priv 2011-09-27 2016-11-08
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Foxit Reader before 5.0.2.0718 allows local users to gain privileges via a Trojan horse dwmapi.dll, dwrite.dll, or msdrm.dll in the current working directory.
11755 CVE-2011-3690 +Priv 2011-09-27 2012-02-21
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in PlotSoft PDFill PDF Editor 8.0 allows local users to gain privileges via a Trojan horse mfc70enu.dll or mfc80loc.dll in the current working directory.
11756 CVE-2011-3660 DoS Exec Code Mem. Corr. 2011-12-21 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 8.0, Thunderbird 5.0 through 8.0, and SeaMonkey before 2.6 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors that trigger a compartment mismatch associated with the nsDOMMessageEvent::GetData function, and unknown other vectors.
11757 CVE-2011-3659 416 Exec Code 2012-02-01 2020-08-28
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 might allow remote attackers to execute arbitrary code via vectors related to incorrect AttributeChildRemoved notifications that affect access to removed nsDOMAttribute child nodes.
11758 CVE-2011-3655 94 +Priv 2011-11-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox 4.x through 7.0 and Thunderbird 5.0 through 7.0 perform access control without checking for use of the NoWaiverWrapper wrapper, which allows remote attackers to gain privileges via a crafted web site.
11759 CVE-2011-3654 119 DoS Exec Code Overflow Mem. Corr. 2011-11-09 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly handle links from SVG mpath elements to non-SVG elements, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
11760 CVE-2011-3652 119 DoS Exec Code Overflow Mem. Corr. 2011-11-09 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox before 8.0 and Thunderbird before 8.0 does not properly allocate memory, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors.
11761 CVE-2011-3651 DoS Exec Code Mem. Corr. 2011-11-09 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 7.0 and Thunderbird 7.0 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
11762 CVE-2011-3650 119 DoS Overflow Mem. Corr. 2011-11-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.
11763 CVE-2011-3647 20 +Priv 2011-11-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The JSSubScriptLoader in Mozilla Firefox before 3.6.24 and Thunderbird before 3.1.6 does not properly handle XPCNativeWrappers during calls to the loadSubScript method in an add-on, which makes it easier for remote attackers to gain privileges via a crafted web site that leverages certain unwrapping behavior, a related issue to CVE-2011-3004.
11764 CVE-2011-3625 119 DoS Exec Code Overflow 2014-06-11 2014-06-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a SAMI subtitle file.
11765 CVE-2011-3611 20 File Inclusion 2020-01-22 2020-01-29
9.0
None Remote Low ??? Complete Complete Complete
A File Inclusion vulnerability exists in act parameter to admin.php in UseBB before 1.0.12.
11766 CVE-2011-3587 Exec Code 2011-10-10 2011-10-21
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
11767 CVE-2011-3577 287 2011-09-20 2019-09-30
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.3 does not properly implement Activity Token authentication for Web Services, which has unspecified impact and attack vectors.
11768 CVE-2011-3575 119 Exec Code Overflow 2011-09-19 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in the NSFComputeEvaluateExt function in Nnotes.dll in IBM Lotus Domino 8.5.2 allows remote authenticated users to execute arbitrary code via a long tHPRAgentName parameter in an fmHttpPostRequest OpenForm action to WebAdmin.nsf.
11769 CVE-2011-3554 2011-10-19 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors.
11770 CVE-2011-3551 2011-10-19 2018-01-06
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, and JRockit R28.1.4 and earlier allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.
11771 CVE-2011-3549 2011-10-19 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Swing.
11772 CVE-2011-3548 2011-10-19 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7, 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability, related to AWT.
11773 CVE-2011-3545 2011-10-19 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.2_33 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Sound.
11774 CVE-2011-3544 2011-10-19 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.
11775 CVE-2011-3521 2011-10-19 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE, 7, 6 Update 27 and earlier, and 5.0 Update 31 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Deserialization.
11776 CVE-2011-3508 2011-10-18 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Oracle Solaris 8, 9, 10, and 11 Express allows remote attackers to affect confidentiality, integrity, and availability, related to LDAP library.
11777 CVE-2011-3504 94 Exec Code 2011-09-29 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The Matroska format decoder in FFmpeg before 0.8.3 does not properly allocate memory, which allows remote attackers to execute arbitrary code via a crafted file.
11778 CVE-2011-3503 Exec Code 2011-09-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in eSignal 10.6.2425.1208, and possibly other versions, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse JRS_UT.dll that is located in the same folder as a .quo (QUOTE) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11779 CVE-2011-3499 119 DoS Exec Code Overflow Mem. Corr. 2011-09-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via an EIDP packet with a large size field, which writes a zero byte to an arbitrary memory location.
11780 CVE-2011-3498 119 DoS Exec Code Overflow 2011-09-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long request.
11781 CVE-2011-3497 200 +Info 2011-09-16 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary DLL functions via the XF function, possibly related to an insecure exposed method.
11782 CVE-2011-3496 20 1 Exec Code 2011-09-16 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
11783 CVE-2011-3495 22 Dir. Trav. 2011-09-16 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to read, modify, or delete arbitrary files via the (1) RF, (2) wF, (3) UF, or (4) NF command.
11784 CVE-2011-3494 119 DoS Exec Code Overflow 2011-09-16 2012-06-20
10.0
None Remote Low Not required Complete Complete Complete
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
11785 CVE-2011-3493 119 DoS Exec Code Overflow 2011-09-16 2012-06-04
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the DH_OneSecondTick function in Cogent DataHub 7.1.1.63 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) domain, (2) report_domain, (3) register_datahub, or (4) slave commands.
11786 CVE-2011-3492 119 1 DoS Exec Code Overflow 2011-09-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Azeotech DAQFactory 5.85 build 1853 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted NETB packet to UDP port 20034.
11787 CVE-2011-3491 119 DoS Exec Code Overflow 2011-09-16 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Progea Movicon / PowerHMI 11.2.1085 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a negative Content-Length field.
11788 CVE-2011-3490 119 1 DoS Exec Code Overflow 2011-09-16 2012-02-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in service.exe in Measuresoft ScadaPro 4.0.0 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long command to port 11234, as demonstrated with the TF command.
11789 CVE-2011-3488 399 Exec Code 2011-09-16 2012-06-28
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Equis MetaStock 11 and earlier allows remote attackers to execute arbitrary code via a malformed (1) mwc chart, (2) mws chart, (3) mwt template, or (4) mwl layout.
11790 CVE-2011-3478 287 Exec Code 2012-01-25 2018-01-06
10.0
None Remote Low Not required Complete Complete Complete
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
11791 CVE-2011-3439 119 DoS Exec Code Overflow Mem. Corr. 2011-11-11 2019-09-26
9.3
None Remote Medium Not required Complete Complete Complete
FreeType in CoreGraphics in Apple iOS before 5.0.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted font in a document.
11792 CVE-2011-3430 2011-10-14 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
The Settings component in Apple iOS before 5, when a configuration profile is used for a locale other than English, does not properly implement localization, which makes it easier for attackers to have an unspecified impact by leveraging incorrect configuration display.
11793 CVE-2011-3421 2011-09-12 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
11794 CVE-2011-3420 2011-09-12 2017-09-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
11795 CVE-2011-3417 264 2011-12-30 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The Forms Authentication feature in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0, when sliding expiry is enabled, does not properly handle cached content, which allows remote attackers to obtain access to arbitrary user accounts via a crafted URL, aka "ASP.NET Forms Authentication Ticket Caching Vulnerability."
11796 CVE-2011-3413 94 DoS Exec Code Mem. Corr. 2011-12-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft PowerPoint 2007 SP2; Office 2008 for Mac; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP2; and PowerPoint Viewer 2007 SP2 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an invalid OfficeArt record in a PowerPoint document, aka "OfficeArt Shape RCE Vulnerability."
11797 CVE-2011-3412 94 Exec Code Mem. Corr. 2011-12-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect memory handling, aka "Publisher Memory Corruption Vulnerability."
11798 CVE-2011-3411 94 Exec Code 2011-12-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Publisher 2003 SP3 allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Invalid Pointer Vulnerability."
11799 CVE-2011-3410 20 Exec Code 2011-12-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Array index error in Microsoft Publisher 2003 SP3, and 2007 SP2 and SP3, allows remote attackers to execute arbitrary code via a crafted Publisher file that leverages incorrect handling of values in memory, aka "Publisher Out-of-bounds Array Index Vulnerability."
11800 CVE-2011-3406 119 Exec Code Overflow 2011-12-14 2020-09-28
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in Active Directory, Active Directory Application Mode (ADAM), and Active Directory Lightweight Directory Service (AD LDS) in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote authenticated users to execute arbitrary code via a crafted query that leverages incorrect memory initialization, aka "Active Directory Buffer Overflow Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.