CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12201 CVE-2008-6520 134 DoS Exec Code 2009-03-25 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in the SSI filter in Xitami Web Server 2.5c2, and possibly other versions, allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a URI that ends in (1) .ssi, (2) .shtm, or (3) .shtml, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
12202 CVE-2008-6519 134 DoS Exec Code 2009-03-25 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Xitami Web Server 2.2a through 2.5c2, and possibly other versions, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via format string specifiers in a Long Running Web Process (LRWP) request, which triggers incorrect logging code involving the sendfmt function in the SMT kernel.
12203 CVE-2008-6474 94 2009-03-16 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
The management interface in F5 BIG-IP 9.4.3 allows remote authenticated users with Resource Manager privileges to inject arbitrary Perl code via unspecified configuration settings related to Perl EP3 with templates, probably triggering static code injection.
12204 CVE-2008-6447 119 Exec Code Overflow 2009-03-09 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
12205 CVE-2008-6444 119 Exec Code Overflow 2009-03-09 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in CSTransfer.dll in Baidu Hi IM might allow remote attackers to execute arbitrary code via a crafted packet, probably related to an improper length value.
12206 CVE-2008-6441 134 Exec Code 2009-03-09 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in the Epic Games Unreal engine client, as used in multiple games, allows remote servers to execute arbitrary code via (1) the CLASS parameter in a DLMGR command, (2) a malformed package (PKG), and possibly (3) the LEVEL parameter in a WELCOME command.
12207 CVE-2008-6415 119 Exec Code Overflow 2009-03-06 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname.
12208 CVE-2008-6393 189 DoS Exec Code Overflow Bypass 2009-03-03 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.
12209 CVE-2008-6363 119 Exec Code Overflow 2009-03-02 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third party information.
12210 CVE-2008-6235 78 Exec Code 2009-02-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The Netrw plugin (netrw.vim) in Vim 7.0 and 7.1 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a filename used by the (1) "D" (delete) command or (2) b:netrw_curdir variable, as demonstrated using the netrw.v4 and netrw.v5 test cases.
12211 CVE-2008-6186 119 DoS Exec Code Overflow 2009-02-19 2017-09-28
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.
12212 CVE-2008-6171 20 2009-02-19 2017-08-16
9.3
Admin Remote Medium Not required Complete Complete Complete
includes/bootstrap.inc in Drupal 5.x before 5.12 and 6.x before 6.6, when the server is configured for "IP-based virtual hosts," allows remote attackers to include and execute arbitrary files via the HTTP Host header.
12213 CVE-2008-6158 2009-02-17 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the admin backend in w3b>cms (aka w3blabor CMS) before 3.2.0 have unknown impact and remote attack vectors.
12214 CVE-2008-6110 2009-02-10 2009-02-11
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SemanticScuttle before 0.90 has unknown impact and attack vectors related to improper validation of parameters to profile.php.
12215 CVE-2008-6079 Overflow 2009-02-06 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
12216 CVE-2008-6071 119 DoS Exec Code Overflow 2009-02-10 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the DecodeImage function in coders/pict.c in GraphicsMagick before 1.1.14, and 1.2.x before 1.2.3, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PICT image. NOTE: some of these details are obtained from third party information.
12217 CVE-2008-6070 119 DoS Exec Code Overflow 2009-02-10 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer underflows in the ReadPALMImage function in coders/palm.c in GraphicsMagick before 1.2.3 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PALM image, a different vulnerability than CVE-2007-0770. NOTE: some of these details are obtained from third party information.
12218 CVE-2008-6021 2009-02-02 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Attachmate Reflection for Secure IT UNIX Client and Server before 7.0 SP1 have unknown impact and attack vectors, aka "security vulnerabilities found by 3rd party analysis."
12219 CVE-2008-6005 119 Exec Code Overflow 2009-01-28 2009-02-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the CheckUniqueName function in W3C Amaya Web Browser 10.0.1, and possibly other versions including 11.0.1, might allow remote attackers to execute arbitrary code via "duplicated" attribute value inputs.
12220 CVE-2008-5982 134 Exec Code 2009-01-27 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in BMC PATROL Agent before 3.7.30 allows remote attackers to execute arbitrary code via format string specifiers in an invalid version number to TCP port 3181, which are not properly handled when writing a log message.
12221 CVE-2008-5963 20 Exec Code 2009-01-23 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Eval injection vulnerability in library/setup/rpc.php in Gravity Getting Things Done (GTD) 0.4.5 and earlier allows remote attackers to execute arbitrary PHP code via the objectname parameter.
12222 CVE-2008-5911 119 DoS Exec Code Overflow 2009-01-20 2009-01-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in RealNetworks Helix Server and Helix Mobile Server 11.x before 11.1.8 and 12.x before 12.0.1 allow remote attackers to (1) cause a denial of service via three crafted RTSP SETUP commands, or execute arbitrary code via (2) an NTLM authentication request with malformed base64-encoded data, (3) an RTSP DESCRIBE command, or (4) a DataConvertBuffer request.
12223 CVE-2008-5876 119 DoS Exec Code Overflow 2009-01-08 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader.
12224 CVE-2008-5868 119 Exec Code Overflow 2009-01-08 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows user-assisted attackers to execute arbitrary code via a long ProxyLogin value in a configuration (.cfg) file.
12225 CVE-2008-5866 94 +Info 2009-01-07 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The Proxim Wireless Tsunami MP.11 2411 with firmware 3.0.3 has public as its default SNMP read/write community, which makes it easier for remote attackers to obtain sensitive information or modify SNMP variables.
12226 CVE-2008-5848 255 2009-01-06 2009-05-20
10.0
Admin Remote Low Not required Complete Complete Complete
The Advantech ADAM-6000 module has 00000000 as its default password, which makes it easier for remote attackers to obtain access through an HTTP session, and (1) monitor or (2) control the module's Modbus/TCP I/O activity.
12227 CVE-2008-5839 119 Exec Code Overflow 2009-01-05 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.
12228 CVE-2008-5812 2009-01-02 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 have unknown impact and attack vectors.
12229 CVE-2008-5810 20 Exec Code 2009-01-02 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
WBPublish (aka WBPublish.exe) in Fujitsu-Siemens WebTransactions 7.0, 7.1, and possibly other versions allows remote attackers to execute arbitrary commands via shell metacharacters in input that is sent through HTTP and improperly used during temporary session data cleanup, possibly related to (1) directory names, (2) template names, and (3) session IDs.
12230 CVE-2008-5801 94 Exec Code 2008-12-31 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Dictionary (rtgdictionary) extension 0.1.9 and earlier for TYPO3 allows attackers to execute arbitrary code via unknown vectors.
12231 CVE-2008-5791 2008-12-31 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in PrestaShop e-Commerce Solution before 1.1 Beta 2 (aka 1.1.0.1) have unknown impact and attack vectors, related to the (1) bankwire module, (2) cheque module, and other components.
12232 CVE-2008-5764 94 Exec Code File Inclusion 2008-12-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in calendar.php in WorkSimple 1.2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
12233 CVE-2008-5756 119 DoS Exec Code Overflow 2008-12-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in BreakPoint Software Hex Workshop 5.1.4 allows user-assisted attackers to cause a denial of service and possibly execute arbitrary code via a long mapping reference in a Color Mapping (.cmap) file.
12234 CVE-2008-5755 119 Exec Code Overflow 2008-12-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in IntelliTamper 2.07 and 2.08 allows remote attackers to execute arbitrary code via a MAP file containing a long URL, possibly a related issue to CVE-2006-2494.
12235 CVE-2008-5754 119 Exec Code Overflow 2008-12-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
12236 CVE-2008-5753 119 Exec Code Overflow 2008-12-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
12237 CVE-2008-5735 119 Exec Code Overflow 2008-12-26 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
12238 CVE-2008-5722 119 DoS Exec Code Overflow 2008-12-26 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in SAWStudio 3.9i allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long SAWSTUDIO PREFERENCES STRUCT value in a .prf (preferences) file.
12239 CVE-2008-5718 78 Exec Code 2008-12-26 2009-04-02
9.3
Admin Remote Medium Not required Complete Complete Complete
The papd daemon in Netatalk before 2.0.4-beta2, when using certain variables in a pipe command for the print file, allows remote attackers to execute arbitrary commands via shell metacharacters in a print request, as demonstrated using a crafted Title.
12240 CVE-2008-5711 119 Exec Code Overflow 2008-12-24 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Facebook PhotoUploader ActiveX control 5.0.14.0 and earlier allows remote attackers to execute arbitrary code via a long FileMask property value.
12241 CVE-2008-5709 20 Exec Code 2008-12-24 2017-08-07
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in the web management interface in Avaya Communication Manager (CM) 3.1 before 3.1.4 SP2, 4.0 before 4.0.3 SP1, and 5.0 before 5.0 SP3 allow remote authenticated users to execute arbitrary code via unknown attack vectors in the (1) Set Static Routes and (2) Backup History components.
12242 CVE-2008-5705 20 Exec Code 2008-12-22 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
The cTrigger::DoIt function in src/ctrigger.cpp in the trigger mechanism in the daemon in Verlihub 0.9.8d-RC2 and earlier, when user triggers are enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in an argument.
12243 CVE-2008-5696 255 2008-12-19 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Novell NetWare 6.5 before Support Pack 8, when an OES2 Linux server is installed into the NDS tree, does not require a password for the ApacheAdmin console, which allows remote attackers to reconfigure the Apache HTTP Server via console operations.
12244 CVE-2008-5694 94 Exec Code File Inclusion 2008-12-19 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in lib/jpgraph/jpgraph_errhandler.inc.php in Sandbox 1.4.1 might allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the issue, if any, may be located in Aditus JpGraph rather than Sandbox. If so, then this should not be treated as an issue in Sandbox.
12245 CVE-2008-5691 119 Exec Code Overflow 2008-12-19 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
12246 CVE-2008-5685 DoS 2008-12-19 2010-07-13
10.0
Admin Remote Low Not required Complete Complete Complete
Sun ScApp firmware 5.18.x, 5.19.x, and 5.20.0 through 5.20.10 on Sun Fire and Netra platforms allows remote attackers to access the System Controller (SC), the system console, and possibly the host OS, and cause a denial of service (shutdown or reboot), via spoofed IP packets.
12247 CVE-2008-5680 119 Exec Code Overflow 2008-12-19 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. NOTE: this might overlap CVE-2008-5178.
12248 CVE-2008-5679 399 Exec Code 2008-12-19 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption.
12249 CVE-2008-5675 264 2008-12-18 2009-01-06
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM WebSphere Portal 6.0 before 6.0.1.5 has unknown impact and attack vectors related to "Access problems with BasicAuthTAI."
12250 CVE-2008-5674 20 DoS 2008-12-18 2018-10-11
9.4
None Remote Low Not required Complete None Complete
Multiple array index errors in the HTTP server in Darkwet Network webcamXP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.