CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12351 CVE-2009-1431 Exec Code 2009-04-29 2019-09-20
9.3
None Remote Medium Not required Complete Complete Complete
XFR.EXE in the Intel File Transfer service in the console in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary code by placing the code on a (1) share or (2) WebDAV server, and then sending the UNC share pathname to this service.
12352 CVE-2009-1430 119 Exec Code Overflow 2009-04-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in IAO.EXE in the Intel Alert Originator Service in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allow remote attackers to execute arbitrary code via (1) a crafted packet or (2) data that ostensibly arrives from the MsgSys.exe process.
12353 CVE-2009-1429 94 Exec Code 2009-04-29 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.
12354 CVE-2009-1422 +Priv 2009-07-14 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP ProCurve Threat Management Services zl Module (J9155A) ST.1.0.090213 and earlier allows remote attackers to gain privileges via unknown vectors, aka PR_41209.
12355 CVE-2009-1420 DoS Exec Code Overflow 2009-06-11 2009-07-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in rping in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53, when used with SNMP (aka HPOvNNM.HPOVSNMP) before 1.30.009 and MIB (aka HPOvNNM.HPOVMIB) before 1.30.009, allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
12356 CVE-2009-1394 119 Exec Code Overflow 2009-06-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Motorola Timbuktu Pro 8.6.5 on Windows allows remote attackers to execute arbitrary code by sending a long malformed string over the PlughNTCommand named pipe.
12357 CVE-2009-1392 94 DoS Exec Code Mem. Corr. 2009-06-12 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The browser engine in Mozilla Firefox 3 before 3.0.11, Thunderbird before 2.0.0.22, and SeaMonkey before 1.1.17 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to (1) nsEventStateManager::GetContentState and nsNativeTheme::CheckBooleanAttr; (2) UnhookTextRunFromFrames and ClearAllTextRunReferences; (3) nsTextFrame::ClearTextRun; (4) IsPercentageAware; (5) PL_DHashTableFinish; (6) nsListBoxBodyFrame::GetNextItemBox; (7) AtomTableClearEntry, related to the atom table, DOM mutation events, and Unicode surrogates; (8) nsHTMLEditor::HideResizers; and (9) nsWindow::SetCursor, related to changing the cursor; and other vectors.
12358 CVE-2009-1382 119 Exec Code Overflow 2009-07-14 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in mimetex.cgi in mimeTeX, when downloaded before 20090713, allow remote attackers to execute arbitrary code via a TeX file with long (1) picture, (2) circle, or (3) input tags.
12359 CVE-2009-1376 189 Exec Code Overflow 2009-05-26 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in the msn_slplink_process_msg functions in the MSN protocol handler in (1) libpurple/protocols/msn/slplink.c and (2) libpurple/protocols/msnp9/slplink.c in Pidgin (formerly Gaim) before 2.5.6 on 32-bit platforms allow remote attackers to execute arbitrary code via a malformed SLP message with a crafted offset value, leading to buffer overflows. NOTE: this issue exists because of an incomplete fix for CVE-2008-2927.
12360 CVE-2009-1372 119 DoS Exec Code Overflow 2009-04-23 2009-09-16
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.
12361 CVE-2009-1370 119 DoS Exec Code Overflow 2009-04-22 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in ape_plugin.plg in Xilisoft Video Converter 3.1.53.0704n and 5.1.23.0402 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .cue file.
12362 CVE-2009-1361 20 Exec Code 2009-04-22 2009-04-23
10.0
None Remote Low Not required Complete Complete Complete
dig.php in GScripts.net DNS Tools allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12363 CVE-2009-1358 2009-04-21 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
apt-get in apt before 0.7.21 does not check for the correct error code from gpgv, which causes apt to treat a repository as valid even when it has been signed with a key that has been revoked or expired, which might allow remote attackers to trick apt into installing malicious repositories.
12364 CVE-2009-1356 119 Exec Code Overflow 2009-04-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Elecard AVC HD Player allows remote attackers to execute arbitrary code via a long MP3 filename in a playlist (.xpl) file.
12365 CVE-2009-1352 119 DoS Exec Code Overflow 2009-04-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Dawningsoft PowerCHM 5.7 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an HTML file with a link to a long URL, as demonstrated by a .rar URL.
12366 CVE-2009-1351 119 DoS Exec Code Overflow 2009-04-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.
12367 CVE-2009-1350 20 Exec Code 2009-04-21 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in xtagent.exe in Novell NetIdentity Client before 1.2.4 allows remote attackers to execute arbitrary code by establishing an IPC$ connection to the XTIERRPCPIPE named pipe, and sending RPC messages that trigger a dereference of an arbitrary pointer.
12368 CVE-2009-1331 189 DoS Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft Windows Media Player (WMP) 11.0.5721.5260 allows remote attackers to cause a denial of service (application crash) via a crafted .mid file, as demonstrated by crash.mid.
12369 CVE-2009-1330 119 Exec Code Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
12370 CVE-2009-1329 119 Exec Code Overflow 2009-04-17 2017-12-12
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
12371 CVE-2009-1328 119 Exec Code Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM-MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
12372 CVE-2009-1327 119 Exec Code Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
12373 CVE-2009-1326 119 Exec Code Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
12374 CVE-2009-1325 119 Exec Code Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
12375 CVE-2009-1324 119 Exec Code Overflow 2009-04-17 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
12376 CVE-2009-1314 Exec Code 2009-04-16 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.
12377 CVE-2009-1313 399 DoS Exec Code Mem. Corr. 2009-04-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The nsTextFrame::ClearTextRun function in layout/generic/nsTextFrameThebes.cpp in Mozilla Firefox 3.0.9 allows remote attackers to cause a denial of service (memory corruption) and probably execute arbitrary code via unspecified vectors. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2009-1302.
12378 CVE-2009-1301 189 DoS Exec Code 2009-04-16 2009-04-29
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in the store_id3_text function in the ID3v2 code in mpg123 before 1.7.2 allows remote attackers to cause a denial of service (out-of-bounds memory access) and possibly execute arbitrary code via an ID3 tag with a negative encoding value. NOTE: some of these details are obtained from third party information.
12379 CVE-2009-1300 20 2009-04-16 2018-10-03
10.0
None Remote Low Not required Complete Complete Complete
apt 0.7.20 does not check when the date command returns an "invalid date" error, which can prevent apt from loading security updates in time zones for which DST occurs at midnight.
12380 CVE-2009-1291 119 Exec Code Overflow 2009-04-30 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in TIBCO SmartSockets before 6.8.2, SmartSockets Product Family (aka RTworks) before 4.0.5, and Enterprise Message Service (EMS) 4.0.0 through 5.1.1, as used in SmartSockets Server and RTworks Server (aka RTserver), SmartSockets client libraries and add-on products, RTworks libraries and components, EMS Server (aka tibemsd), SmartMQ, iProcess Engine, ActiveMatrix products, and CA Enterprise Communicator, allows remote attackers to execute arbitrary code via "inbound data," as demonstrated by requests to the UDP interface of the RTserver component, and data injection into the TCP stream to tibemsd.
12381 CVE-2009-1266 2009-04-21 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Wireshark before 1.0.7 has unknown impact and attack vectors.
12382 CVE-2009-1260 119 DoS Exec Code Overflow 2009-04-07 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
12383 CVE-2009-1257 119 DoS Exec Code Overflow 2009-04-07 2017-09-28
9.0
None Remote Low Not required Partial Partial Complete
Heap-based buffer overflow in Magic ISO Maker 5.5 build 0274 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted CCD file.
12384 CVE-2009-1251 119 DoS Exec Code Overflow 2009-04-08 2011-01-26
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the cache manager in the client in OpenAFS 1.0 through 1.4.8 and 1.5.0 through 1.5.58 on Unix platforms allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via an RX response containing more data than specified in a request, related to use of XDR arrays.
12385 CVE-2009-1240 Bypass 2009-04-03 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IBM Proventia engine 4.9.0.0.44 20081231, as used in IBM Proventia Network Mail Security System, Network Mail Security System Virtual Appliance, Desktop Endpoint Security, Network Multi-Function Security (MFS), and possibly other products, allows remote attackers to bypass detection of malware via a modified RAR archive.
12386 CVE-2009-1236 119 DoS Overflow 2009-04-02 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a ZIP NOTIFY (aka ZIPOP_NOTIFY) packet that overwrites a certain ifPort structure member.
12387 CVE-2009-1231 2009-04-02 2009-04-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors.
12388 CVE-2009-1227 119 DoS Exec Code Overflow 2009-04-02 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port 18624. NOTE: the vendor has disputed this issue, stating "Check Point Security Alert Team has analyzed this report. We've tried to reproduce the attack on all VPN-1 versions from NG FP2 and above with and without HFAs. The issue was not reproduced. We have conducted a thorough analysis of the relevant code and verified that we are secure against this attack. We consider this attack to pose no risk to Check Point customers." In addition, the original researcher, whose reliability is unknown as of 20090407, also states that the issue "was discovered during a pen-test where the client would not allow further analysis."
12389 CVE-2009-1216 Exec Code 2009-04-01 2019-04-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in (1) unlzh.c and (2) unpack.c in the gzip libraries in Microsoft Windows Server 2008, Windows Services for UNIX 3.0 and 3.5, and the Subsystem for UNIX-based Applications (SUA); as used in gunzip, gzip, pack, pcat, and unpack 7.x before 7.0.1701.48, 8.x before 8.0.1969.62, and 9.x before 9.0.3790.2076; allow remote attackers to execute arbitrary code via unknown vectors.
12390 CVE-2009-1210 134 Exec Code 2009-04-01 2018-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the PROFINET/DCP (PN-DCP) dissector in Wireshark 1.0.6 and earlier allows remote attackers to execute arbitrary code via a PN-DCP packet with format string specifiers in the station name. NOTE: some of these details are obtained from third party information.
12391 CVE-2009-1209 119 Exec Code Overflow 2009-04-01 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
12392 CVE-2009-1178 2009-03-31 2009-04-01
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the server in IBM Tivoli Storage Manager (TSM) 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."
12393 CVE-2009-1177 119 Overflow 2009-03-31 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in maptemplate.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 have unknown impact and remote attack vectors.
12394 CVE-2009-1176 119 Overflow 2009-03-31 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
mapserv.c in mapserv in MapServer 4.x before 4.10.4 and 5.x before 5.2.2 does not ensure that the string holding the id parameter ends in a '\0' character, which allows remote attackers to conduct buffer-overflow attacks or have unspecified other impact via a long id parameter in a query action.
12395 CVE-2009-1174 310 2009-03-31 2016-09-07
10.0
Admin Remote Low Not required Complete Complete Complete
The Web Services Security component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.35 and 7.0 before 7.0.0.3 has an unspecified "security problem" in the XML digital-signature specification, which has unknown impact and attack vectors.
12396 CVE-2009-1172 20 2009-03-31 2014-10-24
10.0
None Remote Low Not required Complete Complete Complete
The JAX-RPC WS-Security runtime in the Web Services Security component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 and 7.0 before 7.0.0.3, when APAR PK41002 is installed, does not properly validate UsernameToken objects, which has unknown impact and attack vectors.
12397 CVE-2009-1169 399 DoS Exec Code 2009-03-26 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
12398 CVE-2009-1167 2009-07-29 2009-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the Cisco Wireless LAN Controller (WLC) platform 4.x before 4.2.205.0 and 5.x before 5.2.191.0, as used in Cisco 1500 Series, 2000 Series, 2100 Series, 4100 Series, 4200 Series, and 4400 Series Wireless Services Modules (WiSM), WLC Modules for Integrated Services Routers, and Catalyst 3750G Integrated Wireless LAN Controllers, allows remote attackers to modify the configuration via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCsy44672.
12399 CVE-2009-1161 22 Dir. Trav. 2009-05-21 2009-06-09
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the TFTP service in Cisco CiscoWorks Common Services (CWCS) 3.0.x through 3.2.x on Windows, as used in Cisco Unified Service Monitor, Security Manager, TelePresence Readiness Assessment Manager, Unified Operations Manager, Unified Provisioning Manager, and other products, allows remote attackers to access arbitrary files via unspecified vectors.
12400 CVE-2009-1141 399 Exec Code Mem. Corr. 2009-06-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 for Windows XP SP2 and SP3 and Server 2003 SP2 allows remote attackers to execute arbitrary code via unspecified DHTML function calls related to a tr element and the "insertion, deletion and attributes of a table cell," which trigger memory corruption when the window is destroyed, aka "DHTML Object Memory Corruption Vulnerability."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.