CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12101 CVE-2011-1930 Exec Code 2019-11-14 2019-11-19
10.0
None Remote Low Not required Complete Complete Complete
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
12102 CVE-2011-1919 119 DoS Exec Code Overflow 2011-11-02 2011-11-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in GE Intelligent Platforms Proficy Applications before 4.4.1 SIM 101 and 5.x before 5.0 SIM 43 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic to (1) PRProficyMgr.exe in Proficy Server Manager, (2) PRGateway.exe in Proficy Server Gateway, (3) PRRDS.exe in Proficy Remote Data Service, or (4) PRLicenseMgr.exe in Proficy Server License Manager.
12103 CVE-2011-1918 119 DoS Exec Code Overflow 2011-11-02 2013-05-21
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Data Archiver service in GE Intelligent Platforms Proficy Historian before 3.5 SIM 17 and 4.x before 4.0 SIM 12 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted TCP message traffic.
12104 CVE-2011-1914 119 Exec Code Overflow 2012-02-21 2012-02-23
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.
12105 CVE-2011-1908 189 DoS Exec Code Overflow 2011-06-24 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Type 1 font decoder in the FreeType engine in Foxit Reader before 4.0.0.0619 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font in a PDF document.
12106 CVE-2011-1900 22 Exec Code Dir. Trav. 2011-05-04 2011-05-31
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in NTWebServer in InduSoft Web Studio 6.1 and 7.x before 7.0+Patch 1 allows remote attackers to execute arbitrary code via an invalid request.
12107 CVE-2011-1889 119 Exec Code Overflow Mem. Corr. 2011-06-16 2018-10-12
10.0
None Remote Low Not required Complete Complete Complete
The NSPLookupServiceNext function in the client in Microsoft Forefront Threat Management Gateway (TMG) 2010 allows remote attackers to execute arbitrary code via vectors involving unspecified requests, aka "TMG Firewall Client Memory Corruption Vulnerability."
12108 CVE-2011-1873 20 Exec Code 2011-06-16 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 on 64-bit platforms does not properly validate pointers during the parsing of OpenType (aka OTF) fonts, which allows remote attackers to execute arbitrary code via a crafted font file, aka "Win32k OTF Validation Vulnerability."
12109 CVE-2011-1868 119 Exec Code Overflow Mem. Corr. 2011-06-16 2019-02-26
10.0
None Remote Low Not required Complete Complete Complete
The Distributed File System (DFS) implementation in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate fields in DFS responses, which allows remote DFS servers to execute arbitrary code via a crafted response, aka "DFS Memory Corruption Vulnerability."
12110 CVE-2011-1867 119 Exec Code Overflow 2011-07-11 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in iNodeMngChecker.exe in the User Access Manager (UAM) 5.0 before SP1 E0101P03 and Endpoint Admission Defense (EAD) 5.0 before SP1 E0101P03 components in HP Intelligent Management Center (aka iNode Management Center) allows remote attackers to execute arbitrary code via a 0x0A0BF007 packet.
12111 CVE-2011-1866 119 1 Exec Code Overflow 2011-07-01 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
12112 CVE-2011-1865 119 4 Exec Code Overflow 2011-07-01 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
12113 CVE-2011-1864 Exec Code 2011-06-14 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Storage Data Protector 6.0, 6.10, and 6.11 allows remote attackers to execute arbitrary code via unknown vectors.
12114 CVE-2011-1854 399 Exec Code 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long syslog packet, related to an exception handler.
12115 CVE-2011-1853 20 Exec Code 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a (1) large or (2) invalid opcode field, related to a function pointer table.
12116 CVE-2011-1852 119 Exec Code Overflow 2011-05-13 2013-07-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allow remote attackers to execute arbitrary code via crafted packet content accompanying a (1) DATA or (2) ERROR opcode.
12117 CVE-2011-1851 119 Exec Code Overflow 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a long mode field.
12118 CVE-2011-1850 119 Exec Code Overflow 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the logging functionality in dbman.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via vectors related to a received action.
12119 CVE-2011-1849 20 Exec Code 2011-05-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
tftpserver.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to create or overwrite files, and subsequently execute arbitrary code, via a crafted WRQ request.
12120 CVE-2011-1848 119 Exec Code Overflow 2011-05-13 2013-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in img.exe in HP Intelligent Management Center (IMC) 5.0 before E0101L02 allows remote attackers to execute arbitrary code via a crafted length field in a packet.
12121 CVE-2011-1827 Exec Code 2011-10-05 2012-05-14
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.
12122 CVE-2011-1807 787 Exec Code 2011-05-26 2020-05-22
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly handle blobs, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger an out-of-bounds write.
12123 CVE-2011-1806 119 DoS Exec Code Overflow Mem. Corr. 2011-05-26 2020-05-22
10.0
None Remote Low Not required Complete Complete Complete
Google Chrome before 11.0.696.71 does not properly implement the GPU command buffer, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
12124 CVE-2011-1797 119 DoS Exec Code Overflow Mem. Corr. 2011-07-21 2015-01-07
9.3
None Remote Medium Not required Complete Complete Complete
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
12125 CVE-2011-1741 119 Exec Code Overflow 2011-07-19 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in ftserver.exe in the OpenText Hummingbird Client Connector, as used in the Indexing Server in EMC Documentum eRoom 7.x before 7.4.3.f and other products, allows remote attackers to execute arbitrary code by sending a crafted message over TCP.
12126 CVE-2011-1735 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed bm message.
12127 CVE-2011-1734 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed omniiaputil message.
12128 CVE-2011-1733 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed HPFGConfig message.
12129 CVE-2011-1732 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed stutil message.
12130 CVE-2011-1731 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message.
12131 CVE-2011-1730 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_SCRIPT message.
12132 CVE-2011-1729 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed GET_FILE message.
12133 CVE-2011-1728 119 Exec Code Overflow 2011-05-07 2018-10-09
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_BAR message.
12134 CVE-2011-1719 119 Exec Code Overflow 2011-04-27 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Web Viewer ActiveX controls in CA Output Management Web Viewer 11.0 and 11.5 allow remote attackers to execute arbitrary code via (1) a long SRC property value to the PPSViewer ActiveX control in PPSView.ocx before 1.0.0.7 or (2) a long Title property value to the UOMWV_Helper ActiveX control in UOMWV_HelperActiveX.ocx before 11.5.0.1.
12135 CVE-2011-1708 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs cookie.
12136 CVE-2011-1707 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted op-printer-list-all-jobs parameter in a printer-url.
12137 CVE-2011-1706 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted iprint-client-config-info parameter in a printer-url.
12138 CVE-2011-1705 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url.
12139 CVE-2011-1704 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted core-package parameter in a printer-url.
12140 CVE-2011-1703 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted driver-version parameter in a printer-url.
12141 CVE-2011-1702 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted file-date-time parameter in a printer-url.
12142 CVE-2011-1701 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-name parameter in a printer-url.
12143 CVE-2011-1700 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted profile-time parameter in a printer-url.
12144 CVE-2011-1699 119 Exec Code Overflow 2011-06-09 2018-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.64 allows remote attackers to execute arbitrary code via a crafted uri parameter in a printer-url.
12145 CVE-2011-1653 89 Exec Code Sql 2011-04-18 2021-04-12
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in the Unified Network Control (UNC) Server in CA Total Defense (TD) r12 before SE2 allow remote attackers to execute arbitrary SQL commands via vectors involving the (1) UnAssignFunctionalRoles, (2) UnassignAdminRoles, (3) DeleteFilter, (4) NonAssignedUserList, (5) DeleteReportLayout, (6) DeleteReports, and (7) RegenerateReport stored procedures.
12146 CVE-2011-1646 94 Exec Code 2011-05-31 2011-09-07
9.0
None Remote Low ??? Complete Complete Complete
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote authenticated users to execute arbitrary commands via the (1) ping test parameter or (2) traceroute test parameter, aka Bug ID CSCtn23871.
12147 CVE-2011-1645 16 Exec Code 2011-05-31 2011-09-07
9.3
None Remote Medium Not required Complete Complete Complete
The web management interface on the Cisco RVS4000 Gigabit Security Router with software 1.x before 1.3.3.4 and 2.x before 2.0.2.7, and the WRVS4400N Gigabit Security Router with software before 2.0.2.1, allows remote attackers to read the backup configuration file, and consequently execute arbitrary code, via unspecified vectors, aka Bug ID CSCtn23871.
12148 CVE-2011-1643 200 +Info 2011-08-29 2012-06-15
10.0
None Remote Low Not required Complete Complete Complete
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x, 7.x before 7.1(5b)su4, 8.0, and 8.5 before 8.5(1)su2 and Cisco Unified Presence Server 6.x, 7.x, 8.0, and 8.5 before 8.5xnr allow remote attackers to read database data by connecting to a query interface through an SSL session, aka Bug IDs CSCti81574, CSCto63060, CSCto72183, and CSCto73833.
12149 CVE-2011-1623 255 2011-06-02 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Cisco Media Processing Software before 1.2 on Media Experience Engine (MXE) 5600 devices has a default root password, which makes it easier for context-dependent attackers to obtain access via (1) the local console, (2) an SSH session, or (3) a TELNET session, aka Bug ID CSCto77737.
12150 CVE-2011-1599 20 Exec Code 2011-04-27 2011-09-07
9.0
None Remote Low ??? Complete Complete Complete
manager.c in the Manager Interface in Asterisk Open Source 1.4.x before 1.4.40.1, 1.6.1.x before 1.6.1.25, 1.6.2.x before 1.6.2.17.3, and 1.8.x before 1.8.3.3 and Asterisk Business Edition C.x.x before C.3.6.4 does not properly check for the system privilege, which allows remote authenticated users to execute arbitrary commands via an Originate action that has an Async header in conjunction with an Application header.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.