CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12451 CVE-2008-4654 119 Exec Code Overflow 2008-10-21 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
12452 CVE-2008-4652 119 Exec Code Overflow 2008-10-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
12453 CVE-2008-4645 94 Exec Code 2008-10-21 2017-09-28
9.0
Admin Remote Low Single system Complete Complete Complete
plugins/event_tracer/event_list.php in PhpWebGallery 1.7.2 and earlier allows remote authenticated administrators to execute arbitrary PHP code via PHP sequences in the sort parameter, which is processed by create_function.
12454 CVE-2008-4641 20 Exec Code 2008-10-21 2008-12-03
10.0
Admin Remote Low Not required Complete Complete Complete
The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
12455 CVE-2008-4631 119 DoS Exec Code Overflow 2008-10-20 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Message::AddToString function in message/Message.cpp in MUSCLE before 4.40 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted message. NOTE: some of these details are obtained from third party information.
12456 CVE-2008-4630 2008-10-20 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Midgard Components (MidCOM) Framework before 8.09.1 have unknown impact and attack vectors.
12457 CVE-2008-4624 94 Exec Code File Inclusion 2008-10-20 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in init.php in Fast Click SQL Lite 1.1.7, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CFG[CDIR] parameter.
12458 CVE-2008-4619 DoS 2008-10-20 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
12459 CVE-2008-4615 2008-10-20 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in i_utils.asp in PortalApp before 4.01a has unknown impact and attack vectors.
12460 CVE-2008-4595 2008-10-17 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Slaytanic Scripts Content Plus 2.1.1 have unknown impact and remote attack vectors.
12461 CVE-2008-4594 2008-10-17 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SNMPv3 component in Linksys WAP4400N firmware 1.2.14 on the Marvell Semiconductor 88W8361P-BEM1 chipset has unknown impact and attack vectors, probably remote.
12462 CVE-2008-4592 22 Dir. Trav. 2008-10-16 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Sports Clubs Web Panel 0.0.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.
12463 CVE-2008-4588 119 DoS Exec Code Overflow 2008-10-15 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FTP server in Etype Eserv 3.x, possibly 3.26, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long argument to the ABOR command.
12464 CVE-2008-4587 Exec Code 2008-10-15 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the MSVNClientDownloadManager61Lib.DownloadManager.1 ActiveX control (ISDM.exe 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the AddFile and RunScheduledJobs methods. NOTE: this could be leveraged for code execution by uploading executable files to Startup folders.
12465 CVE-2008-4586 2008-10-15 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the MVSNCLientWebAgent61.WebAgent.1 ActiveX control (isusweb.dll 6.1.100.61372) in Macrovision FLEXnet Connect 6.1 allows remote attackers to force the download and execution of arbitrary files via the DownloadAndExecute method.
12466 CVE-2008-4572 119 DoS Exec Code Overflow 2008-10-15 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
12467 CVE-2008-4564 119 Exec Code Overflow 2009-03-18 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.
12468 CVE-2008-4563 119 Exec Code Overflow 2009-03-11 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
12469 CVE-2008-4562 119 Exec Code Overflow 2009-02-08 2009-04-20
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ovlaunch CGI program in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 on Windows allows remote attackers to execute arbitrary code via a crafted Host parameter. NOTE: this issue may be partially covered by CVE-2009-0205.
12470 CVE-2008-4559 20 Exec Code 2009-02-08 2009-02-09
10.0
Admin Remote Low Not required Complete Complete Complete
HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via shell metacharacters in argument fields to the (1) webappmon.exe or (2) OpenView5.exe CGI program. NOTE: this issue may be partially covered by CVE-2009-0205.
12471 CVE-2008-4557 94 Exec Code 2008-10-14 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
plugins/wacko/highlight/html.php in Strawberry in CuteNews.ru 1.1.1 (aka Strawberry) allows remote attackers to execute arbitrary PHP code via the text parameter, which is inserted into an executable regular expression.
12472 CVE-2008-4556 119 Exec Code Overflow 2008-10-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
12473 CVE-2008-4548 119 Exec Code Overflow 2008-10-14 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.
12474 CVE-2008-4547 119 Exec Code Overflow 2008-10-14 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the PdvrAtl.PdvrOcx.1 ActiveX control (pdvratl.dll) in DVRHOST Web CMS OCX 1.0.1.25 allows remote attackers to execute arbitrary code via a long second argument to the TimeSpanFormat method.
12475 CVE-2008-4541 119 Exec Code Overflow 2008-10-13 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the FTP subsystem in Sun Java System Web Proxy Server 4.0 through 4.0.7 allows remote attackers to execute arbitrary code via a crafted HTTP GET request.
12476 CVE-2008-4526 22 Dir. Trav. 2008-10-09 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in CCMS 3.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skin parameter to (1) index.php, (2) forums.php, (3) admin.php, (4) header.php, (5) pages/story.php and (6) pages/poll.php.
12477 CVE-2008-4509 20 Exec Code 2008-10-09 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in processFiles.php in FOSS Gallery Admin and FOSS Gallery Public 1.0 beta allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the root directory.
12478 CVE-2008-4502 94 Exec Code File Inclusion 2008-10-08 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in DataFeedFile (DFF) PHP Framework API allow remote attackers to execute arbitrary PHP code via a URL in the DFF_config[dir_include] parameter to (1) DFF_affiliate_client_API.php, (2) DFF_featured_prdt.func.php, (3) DFF_mer.func.php, (4) DFF_mer_prdt.func.php, (5) DFF_paging.func.php, (6) DFF_rss.func.php, and (7) DFF_sku.func.php in include/.
12479 CVE-2008-4501 22 Dir. Trav. 2008-10-08 2017-09-28
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the FTP server in Serv-U 7.0.0.1 through 7.3, including 7.2.0.1, allows remote authenticated users to overwrite or create arbitrary files via a ..\ (dot dot backslash) in the RNTO command.
12480 CVE-2008-4499 22 Dir. Trav. 2008-10-08 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in PHP Web Explorer 0.99b and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) refer parameter to main.php and the (2) file parameter to edit.php.
12481 CVE-2008-4489 22 Dir. Trav. 2008-10-07 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the theme_chosen parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12482 CVE-2008-4486 22 Dir. Trav. 2008-10-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in SAC.php (SACphp), as used in Yerba 6.3 and earlier, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mod parameter.
12483 CVE-2008-4480 119 Exec Code Overflow 2008-10-14 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.x before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a crafted Netware Core Protocol opcode 0x24 message that triggers a calculation error that under-allocates a heap buffer.
12484 CVE-2008-4479 119 Exec Code Overflow 2008-10-14 2018-11-02
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.7.3 before 8.7.3.10 ftf1, allows remote attackers to execute arbitrary code via a SOAP request with a long Accept-Language header.
12485 CVE-2008-4478 189 Exec Code Overflow 2008-10-14 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple integer overflows in dhost.exe in Novell eDirectory 8.8 before 8.8.3, and 8.73 before 8.7.3.10 ftf1, allow remote attackers to execute arbitrary code via a crafted (1) Content-Length header in a SOAP request or (2) Netware Core Protocol opcode 0x0F message, which triggers a heap-based buffer overflow.
12486 CVE-2008-4473 119 Exec Code Overflow 2008-10-17 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Adobe Flash CS3 Professional on Windows and Flash MX 2004 allow remote attackers to execute arbitrary code via an SWF file containing long control parameters.
12487 CVE-2008-4472 264 2008-10-07 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
12488 CVE-2008-4471 22 Dir. Trav. 2008-10-07 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
12489 CVE-2008-4470 119 DoS Exec Code Overflow 2008-10-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Numark CUE 5.0 rev2 allows user-assisted attackers to cause a denial of service (application crash) or execute arbitrary code via an M3U playlist file that contains a long absolute pathname.
12490 CVE-2008-4453 264 Exec Code 2008-10-06 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
12491 CVE-2008-4452 119 DoS Exec Code Overflow 2008-10-06 2017-09-28
9.0
None Remote Low Not required Partial Partial Complete
Buffer overflow in Cambridge Computer Corporation vxFtpSrv 2.0.3 allows remote attackers to cause a denial of service (crash and hang) and possibly execute arbitrary code via a long CWD request.
12492 CVE-2008-4449 119 Exec Code Overflow 2008-10-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
12493 CVE-2008-4439 94 Exec Code File Inclusion 2008-10-03 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in admin/bin/patch.php in MartinWood Datafeed Studio before 1.6.3 allows remote attackers to execute arbitrary PHP code via a URL in the INSTALL_FOLDER parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
12494 CVE-2008-4434 119 DoS Exec Code Overflow 2008-10-03 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in (1) uTorrent 1.7.7 build 8179 and earlier and (2) BitTorrent 6.0.3 build 8642 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Created By field in a .torrent file.
12495 CVE-2008-4429 DoS 2008-10-03 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SOURCENEXT Virus Security ZERO 9.5.0173 and earlier and Virus Security 9.5.0173 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via malformed compressed files. NOTE: some of these details are obtained from third party information.
12496 CVE-2008-4428 20 Exec Code 2008-10-03 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.
12497 CVE-2008-4420 119 Exec Code Overflow 2009-04-13 2010-06-04
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in DZIP32.DLL before 5.0.0.8 in DynaZip Max and DZIPS32.DLL before 6.0.0.5 in DynaZip Max Secure; as used in HP OpenView Performance Agent C.04.60, HP Performance Agent C.04.70 and C.04.72, TurboZIP 6.0, and other products; allow user-assisted attackers to execute arbitrary code via a long filename in a ZIP archive during a (1) Fix (aka Repair), (2) Add, (3) Update, or (4) Freshen action, a related issue to CVE-2006-3985.
12498 CVE-2008-4415 264 Exec Code 2008-11-17 2012-10-30
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in HP Service Manager (HPSM) before 7.01.71 allows remote authenticated users to execute arbitrary code via unknown vectors.
12499 CVE-2008-4404 20 DoS 2008-10-03 2008-10-03
10.0
Admin Remote Low Not required Complete Complete Complete
The IPv6 Neighbor Discovery Protocol (NDP) implementation on IBM zSeries servers does not validate the origin of Neighbor Discovery messages, which allows remote attackers to cause a denial of service (loss of connectivity) or read private network traffic via a spoofed message that modifies the Forward Information Base (FIB), a related issue to CVE-2008-2476.
12500 CVE-2008-4402 119 Exec Code Overflow 2008-10-03 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in CGI modules in the server in Trend Micro OfficeScan 8.0 SP1 before build 2439 and 8.0 SP1 Patch 1 before build 3087 allow remote attackers to execute arbitrary code via unspecified vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.