CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11801 CVE-2011-3403 94 Exec Code Mem. Corr. 2011-12-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2003 SP3 and Office 2004 for Mac do not properly handle objects in memory, which allows remote attackers to execute arbitrary code via a crafted Excel spreadsheet, aka "Record Memory Corruption Vulnerability."
11802 CVE-2011-3402 Exec Code 2011-11-04 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page, as exploited in the wild in November 2011 by Duqu, aka "TrueType Font Parsing Vulnerability."
11803 CVE-2011-3401 94 Exec Code Mem. Corr. 2011-12-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
ENCDEC.DLL in Windows Media Player and Media Center in Microsoft Windows XP SP2 and SP3, Windows Vista SP2, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted .dvr-ms file, aka "Windows Media Player DVR-MS Memory Corruption Vulnerability."
11804 CVE-2011-3400 94 Exec Code 2011-12-14 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
11805 CVE-2011-3397 94 Exec Code 2011-12-14 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
The Microsoft Time component in DATIME.DLL in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted web site that leverages an unspecified "binary behavior" in Internet Explorer, aka "Microsoft Time Remote Code Execution Vulnerability."
11806 CVE-2011-3396 +Priv 2011-12-14 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft PowerPoint 2007 SP2 and 2010 allows local users to gain privileges via a Trojan horse DLL in the current working directory, aka "PowerPoint Insecure Library Loading Vulnerability."
11807 CVE-2011-3378 94 DoS Exec Code Mem. Corr. 2011-12-24 2016-12-08
9.3
None Remote Medium Not required Complete Complete Complete
RPM 4.4.x through 4.9.x, probably before 4.9.1.2, allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via an rpm package with crafted headers and offsets that are not properly handled when a package is queried or installed, related to (1) the regionSwab function, (2) the headerLoad function, and (3) multiple functions in rpmio/rpmpgp.c.
11808 CVE-2011-3360 +Priv 2011-09-20 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.
11809 CVE-2011-3332 119 Exec Code Overflow 2011-10-06 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression.
11810 CVE-2011-3322 119 1 DoS Exec Code Overflow 2011-09-15 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Core Server HMI Service (Coreservice.exe) in Scadatec Limited Procyon SCADA 1.06, and other versions before 1.14, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password to the Telnet (TCP/23) port, which triggers an out-of-bounds read or write, leading to a stack-based buffer overflow.
11811 CVE-2011-3321 119 DoS Exec Code Overflow Mem. Corr. 2011-09-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Siemens WinCC Runtime Advanced Loader, as used in SIMATIC WinCC flexible Runtime and SIMATIC WinCC (TIA Portal) Runtime Advanced, allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted packet to TCP port 2308.
11812 CVE-2011-3319 119 Exec Code Overflow 2011-10-27 2012-04-06
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file.
11813 CVE-2011-3310 94 Exec Code 2011-10-20 2017-08-29
9.0
None Remote Low ??? Complete Complete Complete
The Home Page component in Cisco CiscoWorks Common Services before 4.1 on Windows, as used in CiscoWorks LAN Management Solution, Cisco Security Manager, Cisco Unified Service Monitor, Cisco Unified Operations Manager, CiscoWorks QoS Policy Manager, and CiscoWorks Voice Manager, allows remote authenticated users to execute arbitrary commands via a crafted URL, aka Bug IDs CSCtq48990, CSCtq63992, CSCtq64011, CSCtq64019, CSCtr23090, and CSCtt25535.
11814 CVE-2011-3290 255 2011-09-21 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Cisco Identity Services Engine (ISE) before 1.0.4.MR2 has default Oracle database credentials, which allows remote attackers to modify settings or perform unspecified other administrative actions via unknown vectors, aka Bug ID CSCts59135.
11815 CVE-2011-3271 DoS Exec Code 2011-10-03 2012-05-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Smart Install functionality in Cisco IOS 12.2 and 15.1 allows remote attackers to execute arbitrary code or cause a denial of service (device crash) via crafted TCP packets to port 4786, aka Bug ID CSCto10165.
11816 CVE-2011-3268 119 Overflow 2011-08-25 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the crypt function in PHP before 5.3.7 allows context-dependent attackers to have an unspecified impact via a long salt argument, a different vulnerability than CVE-2011-2483.
11817 CVE-2011-3252 119 DoS Exec Code Overflow 2011-10-12 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreAudio, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Advanced Audio Coding (AAC) stream.
11818 CVE-2011-3251 119 DoS Exec Code Overflow Mem. Corr. 2011-10-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted TKHD atoms in a QuickTime movie file.
11819 CVE-2011-3250 189 DoS Exec Code Overflow 2011-10-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with JPEG2000 encoding.
11820 CVE-2011-3249 119 DoS Exec Code Overflow 2011-10-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with FLC encoding.
11821 CVE-2011-3248 189 DoS Exec Code 2011-10-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.
11822 CVE-2011-3247 189 DoS Exec Code Overflow 2011-10-28 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.7.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT file.
11823 CVE-2011-3232 94 DoS Exec Code 2011-09-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
YARR, as used in Mozilla Firefox before 7.0, Thunderbird before 7.0, and SeaMonkey before 2.4, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via crafted JavaScript.
11824 CVE-2011-3219 119 DoS Exec Code Overflow 2011-10-12 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in CoreMedia, as used in Apple iTunes before 10.5, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding.
11825 CVE-2011-3211 20 Exec Code 2011-09-16 2011-09-23
9.3
None Remote Medium Not required Complete Complete Complete
The server in Bcfg2 1.1.2 and earlier, and 1.2 prerelease, allows remote attackers to execute arbitrary commands via shell metacharacters in data received from a client.
11826 CVE-2011-3194 119 DoS Exec Code Overflow 2012-06-16 2017-08-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.
11827 CVE-2011-3193 787 DoS Exec Code Overflow 2012-06-16 2020-08-04
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Lookup_MarkMarkPos function in the HarfBuzz module (harfbuzz-gpos.c), as used by Qt before 4.7.4 and Pango, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.
11828 CVE-2011-3185 20 2011-08-29 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
gtkutils.c in Pidgin before 2.10.0 on Windows allows user-assisted remote attackers to execute arbitrary programs via a file: URL in a message.
11829 CVE-2011-3176 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x4c request.
11830 CVE-2011-3175 119 1 Exec Code Overflow 2012-04-09 2012-09-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to execute arbitrary code via an opcode 0x6c request.
11831 CVE-2011-3172 264 2018-06-08 2020-01-24
10.0
None Remote Low Not required Complete Complete Complete
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12.
11832 CVE-2011-3167 Exec Code 2011-11-02 2012-02-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1210.
11833 CVE-2011-3166 Exec Code 2011-11-02 2012-02-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1209.
11834 CVE-2011-3165 Exec Code 2011-11-02 2012-02-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1208.
11835 CVE-2011-3162 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1296.
11836 CVE-2011-3161 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1229.
11837 CVE-2011-3160 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1228.
11838 CVE-2011-3159 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1227.
11839 CVE-2011-3158 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1226.
11840 CVE-2011-3157 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1225.
11841 CVE-2011-3156 Exec Code 2011-10-19 2016-11-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Notebook Extension 6.20 and Data Protector for Personal Computers 7.0 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1222.
11842 CVE-2011-3143 399 DoS Exec Code Mem. Corr. 2011-08-16 2018-12-31
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in Control Microsystems ClearSCADA 2005, 2007, and 2009 before R2.3 and R1.4, as used in SCX before 67 R4.5 and 68 R3.9, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified long strings that trigger heap memory corruption.
11843 CVE-2011-3142 119 1 Exec Code Overflow 2011-08-16 2012-03-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in an ActiveX control in KVWebSvr.dll in WellinTech KingView 6.52 and 6.53 allows remote attackers to execute arbitrary code via a long second argument to the ValidateUser method.
11844 CVE-2011-3141 119 DoS Exec Code Overflow 2011-08-16 2012-03-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the InBatch BatchField ActiveX control for Invensys Wonderware InBatch 8.1 SP1, 9.0, and 9.0 SP1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
11845 CVE-2011-3137 2011-08-12 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03050.
11846 CVE-2011-3136 2011-08-12 2012-04-25
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Management Console in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors, aka APAR IV03048.
11847 CVE-2011-3135 2011-08-12 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Runtime in IBM Tivoli Federated Identity Manager (TFIM) 6.2.0 before 6.2.0.9 and Tivoli Federated Identity Manager Business Gateway (TFIMBG) 6.2.0 before 6.2.0.9 has unknown impact and attack vectors.
11848 CVE-2011-3129 264 2011-08-10 2016-05-31
9.3
None Remote Medium Not required Complete Complete Complete
The file upload functionality in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2, when running "on hosts with dangerous security settings," has unknown impact and attack vectors, possibly related to dangerous filenames.
11849 CVE-2011-3125 2011-08-10 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Various security hardening."
11850 CVE-2011-3122 2011-08-10 2017-08-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WordPress 3.1 before 3.1.3 and 3.2 before Beta 2 has unknown impact and attack vectors related to "Media security."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.