CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
11901 CVE-2008-7230 2009-09-14 2009-09-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.
11902 CVE-2008-7228 134 2009-09-14 2009-12-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.
11903 CVE-2008-7225 119 DoS Exec Code Overflow 2009-09-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
11904 CVE-2008-7219 264 2009-09-13 2011-04-05
10.0
None Remote Low Not required Complete Complete Complete
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
11905 CVE-2008-7218 2009-09-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
11906 CVE-2008-7200 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors.
11907 CVE-2008-7198 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.
11908 CVE-2008-7197 2009-09-10 2009-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.
11909 CVE-2008-7196 2009-09-10 2009-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.
11910 CVE-2008-7190 XSS 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).
11911 CVE-2008-7189 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes."
11912 CVE-2008-7177 119 Overflow 2009-09-08 2018-10-31
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
11913 CVE-2008-7174 119 DoS Exec Code Overflow 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions.
11914 CVE-2008-7173 264 DoS Exec Code 2009-09-08 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
11915 CVE-2008-7170 264 Exec Code 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.
11916 CVE-2008-7168 2009-09-08 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
11917 CVE-2008-7164 2009-09-04 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.
11918 CVE-2008-7162 119 DoS Exec Code Overflow 2009-09-04 2017-08-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
11919 CVE-2008-7158 78 Exec Code 2009-09-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.
11920 CVE-2008-7149 2009-09-01 2009-09-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.
11921 CVE-2008-7148 Exec Code 2009-09-01 2009-09-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.
11922 CVE-2008-7144 2009-09-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
11923 CVE-2008-7126 189 DoS Exec Code Overflow 2009-08-31 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
11924 CVE-2008-7125 78 Exec Code 2009-08-31 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information.
11925 CVE-2008-7122 2009-08-31 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods.
11926 CVE-2008-7115 264 +Priv Bypass 2009-08-28 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
11927 CVE-2008-7111 264 Exec Code 2009-08-28 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.
11928 CVE-2008-7109 287 Bypass 2009-08-28 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
11929 CVE-2008-7103 119 DoS Exec Code Overflow 2009-08-27 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.
11930 CVE-2008-7081 287 +Priv Bypass 2009-08-25 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11931 CVE-2008-7079 119 DoS Exec Code Overflow 2009-08-25 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
11932 CVE-2008-7078 119 DoS Exec Code Overflow 2009-08-25 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
11933 CVE-2008-7074 134 DoS Exec Code 2009-08-25 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."
11934 CVE-2008-7070 94 Exec Code 2009-08-25 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
11935 CVE-2008-7053 399 DoS Mem. Corr. 2009-08-24 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.
11936 CVE-2008-7031 119 DoS Exec Code Overflow 2009-08-24 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
11937 CVE-2008-7023 310 Bypass 2009-08-21 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
11938 CVE-2008-7022 2009-08-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
11939 CVE-2008-7010 264 1 +Priv 2009-08-19 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
11940 CVE-2008-7004 119 Overflow 2009-08-19 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
11941 CVE-2008-6998 119 Exec Code Overflow 2009-08-19 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
11942 CVE-2008-6994 119 Exec Code Overflow 2009-08-19 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated. NOTE: it might be possible to exploit this issue via an HTTP response that includes a long filename in a Content-Disposition header.
11943 CVE-2008-6993 310 2009-08-19 2009-08-21
10.0
None Remote Low Not required Complete Complete Complete
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11944 CVE-2008-6973 2009-08-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.
11945 CVE-2008-6959 2009-08-12 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647.
11946 CVE-2008-6954 264 Exec Code 2009-08-12 2017-08-16
9.0
None Remote Low Single system Complete Complete Complete
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
11947 CVE-2008-6953 119 DoS Exec Code Overflow 2009-08-12 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
11948 CVE-2008-6937 94 DoS 2009-08-11 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
11949 CVE-2008-6936 94 DoS 2009-08-11 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in a pres:// URI, a different vector than CVE-2008-6935.
11950 CVE-2008-6935 94 DoS 2009-08-11 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.