CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12551 CVE-2008-3411 287 2008-07-31 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The Axesstel AXW-D800 modem with D2_ETH_109_01_VEBR Jun-14-2006 software does not require authentication for (1) etc/config/System.html, (2) etc/config/Network.html, (3) etc/config/Security.html, (4) cgi-bin/sysconf.cgi, and (5) cgi-bin/route.cgi, which allows remote attackers to change the modem's configuration via direct requests.
12552 CVE-2008-3376 264 2008-07-30 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors.
12553 CVE-2008-3364 119 Exec Code Overflow 2008-07-30 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the ObjRemoveCtrl Class ActiveX control in OfficeScanRemoveCtrl.dll 7.3.0.1020 in Trend Micro OfficeScan Corp Edition (OSCE) Web-Deployment 7.0, 7.3 build 1343 Patch 4 and other builds, and 8.0; Client Server Messaging Security (CSM) 3.5 and 3.6; and Worry-Free Business Security (WFBS) 5.0 allows remote attackers to execute arbitrary code via a long string in the Server property, and possibly other properties. NOTE: some of these details are obtained from third party information.
12554 CVE-2008-3362 20 Exec Code 2008-07-30 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in upload.php in the Giulio Ganci Wp Downloads Manager module 0.2 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the upfile parameter, then accessing it via a direct request to the file in wp-content/plugins/downloads-manager/upload/.
12555 CVE-2008-3360 119 Exec Code Overflow 2008-07-29 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
12556 CVE-2008-3349 264 DoS Exec Code +Info 2008-07-28 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in NetApp Data ONTAP, as used on NetApp and IBM eServer platforms, allow remote attackers to execute arbitrary commands, cause a denial of service (system crash), or obtain sensitive information, probably related to insufficient access control for HTTP requests. NOTE: this may overlap CVE-2008-3160.
12557 CVE-2008-3338 119 Exec Code Overflow 2008-08-13 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
12558 CVE-2008-3335 94 2008-07-27 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PunBB before 1.2.19 allows remote attackers to inject arbitrary SMTP commands via unknown vectors.
12559 CVE-2008-3329 59 2008-07-27 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
12560 CVE-2008-3285 94 Exec Code 2008-07-24 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.
12561 CVE-2008-3282 189 DoS Exec Code Overflow 2008-08-29 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in the memory allocator in OpenOffice.org (OOo) 2.4.1, on 64-bit platforms, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted document, related to a "numeric truncation error," a different vulnerability than CVE-2008-2152.
12562 CVE-2008-3257 119 Exec Code Overflow 2008-07-22 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
12563 CVE-2008-3252 119 Exec Code Overflow 2008-07-21 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the read_article function in getarticle.c in newsx 1.6 allows remote attackers to execute arbitrary code via a news article containing a large number of lines starting with a period.
12564 CVE-2008-3246 94 Exec Code 2008-07-21 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the PDF distiller component in the BlackBerry Attachment Service in BlackBerry Unite! 1.0 SP1 (1.0.1) before bundle 36 and BlackBerry Enterprise Server 4.1 SP3 (4.1.3) through 4.1 SP5 (4.1.5) allows user-assisted remote attackers to execute arbitrary code via a crafted PDF file attachment.
12565 CVE-2008-3242 119 Exec Code Overflow 2008-07-21 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.
12566 CVE-2008-3239 20 Exec Code 2008-07-21 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in the writeLogEntry function in system/v_cron_proc.php in PHPizabi 0.848b C1 HFP1, when register_globals is enabled, allows remote attackers to upload and execute arbitrary code via a filename in the CONF[CRON_LOGFILE] parameter and file contents in the CONF[LOCALE_LONG_DATE_TIME] parameter.
12567 CVE-2008-3235 255 2008-07-21 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PropFilePasswordEncoder utility in the Security component in IBM WebSphere Application Server (WAS) 5.1 before 5.1.1.19 has unknown impact and attack vectors.
12568 CVE-2008-3232 94 Exec Code 2008-07-18 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in ecrire/images.php in Dotclear 1.2.7.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in images.
12569 CVE-2008-3225 264 2008-07-18 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Joomla! before 1.5.4 allows attackers to access administration functionality, which has unknown impact and attack vectors related to a missing "LDAP security fix."
12570 CVE-2008-3224 2008-07-18 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 3.0.1 has unknown impact and attack vectors related to "urls gone through redirect() being used within login_box()."
12571 CVE-2008-3209 119 Exec Code Overflow 2008-07-18 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information.
12572 CVE-2008-3207 94 Exec Code File Inclusion 2008-07-18 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in cms/modules/form.lib.php in Pragyan CMS 2.6.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the (1) sourceFolder or (2) moduleFolder parameter.
12573 CVE-2008-3182 119 Exec Code Overflow 2008-07-15 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
12574 CVE-2008-3175 189 DoS Exec Code Overflow 2008-08-01 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in rxRPC.dll in the LGServer service in the server in CA ARCserve Backup for Laptops and Desktops 11.0 through 11.5 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted message that triggers a buffer overflow.
12575 CVE-2008-3169 119 DoS Exec Code Overflow 2008-07-14 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in Empire Server before 4.3.15 allow remote attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors, related to a "coordinate normalization bug." NOTE: some of these details are obtained from third party information.
12576 CVE-2008-3167 94 Exec Code File Inclusion 2008-07-14 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in BoonEx Dolphin 6.1.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dir[plugins] parameter to (a) HTMLSax3.php and (b) safehtml.php in plugins/safehtml/ and the (2) sIncPath parameter to (c) ray/modules/global/inc/content.inc.php. NOTE: vector 1 might be a problem in SafeHTML instead of Dolphin.
12577 CVE-2008-3166 94 Exec Code File Inclusion 2008-07-14 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in modules/global/inc/content.inc.php in BoonEx Ray 3.5, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the sIncPath parameter.
12578 CVE-2008-3162 119 DoS Exec Code Overflow 2008-07-14 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the str_read_packet function in libavformat/psxstr.c in FFmpeg before r13993 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted STR file that interleaves audio and video sectors.
12579 CVE-2008-3160 2008-07-14 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM Data ONTAP 7.1 before 7.1.3, as used by IBM System Storage N series Filer and IBM System Storage N series Gateway, have unknown impact and attack vectors.
12580 CVE-2008-3159 189 Exec Code Overflow 2008-07-14 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in ds.dlm, as used by dhost.exe, in Novell eDirectory 8.7.3.10 before 8.7.3 SP10b and 8.8 before 8.8.2 ftf2 allows remote attackers to execute arbitrary code via unspecified vectors that trigger a stack-based buffer overflow, related to "flawed arithmetic."
12581 CVE-2008-3156 264 2008-07-11 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan ActiveX Control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to download and execute arbitrary cabinet (CAB) files via unspecified URLs passed to the Update method.
12582 CVE-2008-3155 119 DoS Exec Code Overflow 2008-07-11 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ActiveX control (as2guiie.dll) in Panda ActiveScan before 1.02.00 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Update method.
12583 CVE-2008-3150 22 Exec Code Dir. Trav. Bypass 2008-07-11 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Neutrino Atomic Edition 0.8.4 allows remote attackers to read and modify files, as demonstrated by manipulating data/sess.php in (1) usb and (2) del_pag actions. NOTE: this can be leveraged for code execution by performing an upload that bypasses the intended access restrictions that were implemented in sess.php.
12584 CVE-2008-3146 119 DoS Exec Code Overflow 2008-09-02 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in packet_ncp2222.inc in Wireshark (formerly Ethereal) 0.9.7 through 1.0.2 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted NCP packet that causes an invalid pointer to be used.
12585 CVE-2008-3116 134 Exec Code 2008-07-10 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in dx8render.dll in Snail Game (aka Suzhou Snail Electronic Company) 5th street (aka Hot Step or High Street 5) allows remote attackers to execute arbitrary code via format string specifiers in a chat message.
12586 CVE-2008-3113 264 2008-07-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Java Web Start in JDK and JRE 5.0 before Update 16 and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create or delete arbitrary files via an untrusted application, aka CR 6704077.
12587 CVE-2008-3112 264 Dir. Trav. 2008-07-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Sun Java Web Start in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows remote attackers to create arbitrary files via the writeManifest method in the CacheEntry class, aka CR 6703909.
12588 CVE-2008-3111 20 Overflow +Priv 2008-07-09 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Web Start in JDK and JRE 6 before Update 4, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allow context-dependent attackers to gain privileges via an untrusted application, as demonstrated by (a) an application that grants itself privileges to (1) read local files, (2) write to local files, or (3) execute local programs; and as demonstrated by (b) a long value associated with a java-vm-args attribute in a j2se tag in a JNLP file, which triggers a stack-based buffer overflow in the GetVMArgsOption function; aka CR 6557220.
12589 CVE-2008-3108 119 Overflow +Priv 2008-07-09 2019-07-31
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Sun Java Runtime Environment (JRE) in JDK and JRE 5.0 before Update 10, SDK and JRE 1.4.x before 1.4.2_18, and SDK and JRE 1.3.x before 1.3.1_23 allows context-dependent attackers to gain privileges via unspecified vectors related to font processing.
12590 CVE-2008-3107 264 +Priv 2008-07-09 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Virtual Machine in Sun Java Runtime Environment (JRE) in JDK and JRE 6 before Update 7, JDK and JRE 5.0 before Update 16, and SDK and JRE 1.4.x before 1.4.2_18 allows context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
12591 CVE-2008-3103 264 2008-07-09 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Java Management Extensions (JMX) management agent in Sun Java Runtime Environment (JRE) in JDK and JRE 6 Update 6 and earlier and JDK and JRE 5.0 Update 15 and earlier, when local monitoring is enabled, allows remote attackers to "perform unauthorized operations" via unspecified vectors.
12592 CVE-2008-3079 Exec Code 2008-07-08 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.51 on Windows allows attackers to execute arbitrary code via unknown vectors.
12593 CVE-2008-3076 78 Exec Code 2009-02-21 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the netrw.v2 and netrw.v3 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712.
12594 CVE-2008-3075 94 Exec Code 2009-02-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a ZIP archive and possibly (2) the filename of the first file in a ZIP archive, which is not properly handled by zip.vim in the VIM ZIP plugin (zipPlugin.vim) v.11 through v.21, as demonstrated by the zipplugin and zipplugin.v2 test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3074. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
12595 CVE-2008-3074 78 Exec Code 2009-02-21 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The shellescape function in Vim 7.0 through 7.2, including 7.2a.10, allows user-assisted attackers to execute arbitrary code via the "!" (exclamation point) shell metacharacter in (1) the filename of a tar archive and possibly (2) the filename of the first file in a tar archive, which is not properly handled by the VIM TAR plugin (tar.vim) v.10 through v.22, as demonstrated by the shellescape, tarplugin.v2, tarplugin, and tarplugin.updated test cases. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2008-2712. NOTE: this issue has the same root cause as CVE-2008-3075. NOTE: due to the complexity of the associated disclosures and the incomplete information related to them, there may be inaccuracies in this CVE description and in external mappings to this identifier.
12596 CVE-2008-3066 119 Exec Code Overflow 2008-07-28 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a media library and then deleting this file.
12597 CVE-2008-3064 264 2008-07-28 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerability."
12598 CVE-2008-3042 264 2008-07-07 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the DAM Frontend (dam_frontend) extension 0.1.0 and earlier for TYPO3 has unknown impact and attack vectors related to "Improper Error Handling."
12599 CVE-2008-3033 287 2008-07-07 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
12600 CVE-2008-3021 399 Exec Code 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Office 2000 SP3, XP SP3, and 2003 SP2; Office Converter Pack; and Works 8 do not properly parse the length of a PICT file, which allows remote attackers to execute arbitrary code via a crafted PICT file with an invalid bits_per_pixel field, aka the "PICT Filter Parsing Vulnerability," a different vulnerability than CVE-2008-3018.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.