CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11901 CVE-2008-2240 119 DoS Exec Code Overflow 2008-05-22 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
11902 CVE-2008-2238 119 Exec Code Overflow 2008-10-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
11903 CVE-2008-2237 119 Exec Code Overflow 2008-10-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
11904 CVE-2008-2228 94 Exec Code File Inclusion 2008-05-14 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.
11905 CVE-2008-2221 +Priv 2008-05-14 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
11906 CVE-2008-2216 264 2008-05-14 2017-09-28
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.
11907 CVE-2008-2214 119 DoS Exec Code Overflow 2008-05-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
11908 CVE-2008-2192 94 2008-05-14 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
11909 CVE-2008-2161 119 Exec Code Overflow 2008-05-12 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
11910 CVE-2008-2160 94 Exec Code 2008-05-12 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
11911 CVE-2008-2158 119 Exec Code Overflow 2008-05-29 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
11912 CVE-2008-2157 20 Exec Code 2008-05-29 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
11913 CVE-2008-2152 189 Exec Code Overflow 2008-06-10 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
11914 CVE-2008-2144 DoS Exec Code 2008-05-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
11915 CVE-2008-2111 399 Exec Code Mem. Corr. 2008-05-07 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
11916 CVE-2008-2097 119 Overflow +Priv 2008-06-05 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
11917 CVE-2008-2086 94 Exec Code File Inclusion 2008-12-04 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.
11918 CVE-2008-2081 22 Dir. Trav. 2008-05-05 2017-09-28
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
11919 CVE-2008-2077 2008-05-05 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."
11920 CVE-2008-2069 119 DoS Exec Code Overflow 2008-05-02 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
11921 CVE-2008-2064 2008-05-02 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
11922 CVE-2008-2054 Exec Code 2008-05-29 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
11923 CVE-2008-2053 2008-05-22 2017-08-07
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.
11924 CVE-2008-2051 2008-05-05 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
11925 CVE-2008-2050 119 Overflow 2008-05-05 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
11926 CVE-2008-2042 20 Exec Code Overflow 2008-05-07 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
11927 CVE-2008-2041 94 2008-04-30 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in eGroupWare before 1.4.004 have unspecified attack vectors and "grave" impact when the web server has write access to a directory under the web document root.
11928 CVE-2008-2015 22 Exec Code Dir. Trav. 2008-04-29 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.
11929 CVE-2008-2010 Exec Code 2008-04-29 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime Player on Windows XP SP2 and Vista SP1 allows remote attackers to execute arbitrary code via a crafted QuickTime media file. NOTE: as of 20080429, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
11930 CVE-2008-2008 119 DoS Exec Code Overflow 2008-04-29 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Display Names message feature in Cerulean Studios Trillian Basic and Pro 3.1.9.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long nickname in an MSN protocol message.
11931 CVE-2008-1997 94 Exec Code 2008-04-28 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the ADMIN_SP_C2 procedure in IBM DB2 8 before FP16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unknown vectors. NOTE: the ADMIN_SP_C issue is already covered by CVE-2008-0699.
11932 CVE-2008-1989 94 Exec Code File Inclusion 2008-04-27 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in 123flashchat.php in the 123 Flash Chat 6.8.0 module for e107, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the e107path parameter.
11933 CVE-2008-1988 20 2008-04-27 2017-08-07
9.0
Admin Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in the file_upload function in core/misc.class.php in EncapsGallery 2.0.2 allows remote authenticated administrators to upload and execute arbitrary PHP files by uploading a file with an executable extension, then accessing it via a direct request to the file in the rwx_gallery directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11934 CVE-2008-1973 119 DoS Exec Code Overflow 2008-04-27 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file.
11935 CVE-2008-1965 94 Exec Code 2008-04-25 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in the cai: URI handler in rcplauncher in IBM Lotus Expeditor Client for Desktop 6.1.1 and 6.1.2, as used by Lotus Symphony and possibly other products, allows remote attackers to execute arbitrary code by injecting a -launcher option via a cai: URI, as demonstrated by a reference to a UNC share pathname.
11936 CVE-2008-1949 287 DoS 2008-05-21 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to process Client Hello messages within a TLS message after one has already been processed, which allows remote attackers to cause a denial of service (NULL dereference and crash) via a TLS message containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
11937 CVE-2008-1948 189 DoS Exec Code Overflow 2008-05-21 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
11938 CVE-2008-1922 119 Exec Code Overflow 2008-05-13 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.
11939 CVE-2008-1914 119 Exec Code Overflow 2008-04-22 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
11940 CVE-2008-1912 119 DoS Exec Code Overflow 2008-04-22 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.
11941 CVE-2008-1910 119 Exec Code Overflow 2008-04-22 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the database service (ibserver.exe) in Borland InterBase 2007 SP2 allows remote attackers to execute arbitrary code via a malformed opcode 0x52 request to TCP port 3050. NOTE: this might overlap CVE-2007-5243 or CVE-2007-5244.
11942 CVE-2008-1898 20 DoS Exec Code 2008-04-21 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
11943 CVE-2008-1887 119 Exec Code Overflow 2008-04-18 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Python 2.5.2 and earlier allows context-dependent attackers to execute arbitrary code via multiple vectors that cause a negative size value to be provided to the PyString_FromStringAndSize function, which allocates less memory than expected when assert() is disabled and triggers a buffer overflow.
11944 CVE-2008-1866 94 2008-04-17 2017-09-28
9.0
Admin Remote Low Single system Complete Complete Complete
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically extracted under templates/ for execution via a direct request.
11945 CVE-2008-1860 94 2008-04-17 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Static code injection vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to inject arbitrary PHP code into includes/Config.php via the default parameter.
11946 CVE-2008-1842 189 DoS Exec Code Overflow 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in ovspmd.exe in HP OpenView Network Node Manager (OV NNM) 8.01, and 7.53 and earlier, allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a long request to TCP port 8886 that begins with a certain negative integer, which passes a signed comparison and triggers a heap-based buffer overflow.
11947 CVE-2008-1831 2008-04-16 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka (1) SEBL01, (2) SEBL02, (3) SEBL03, (4) SEBL04, (5) SEBL05, and (6) SEBL06.
11948 CVE-2008-1830 2008-04-16 2018-10-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the PeopleSoft HCM ePerformance component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 and 9.0 has unknown impact and remote attack vectors, aka PSE03.
11949 CVE-2008-1829 2008-04-16 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the PeopleSoft HCM Recruiting component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.8 SP1 has unknown impact and remote attack vectors, aka PSE02.
11950 CVE-2008-1828 2008-04-16 2018-10-11
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the PeopleSoft PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.22.19, 8.48.16, and 8.49.09 has unknown impact and remote authenticated attack vectors, aka PSE01.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.