CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12701 CVE-2008-2332 399 DoS Exec Code Mem. Corr. 2008-09-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
ImageIO in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows context-dependent attackers to cause a denial of service (memory corruption and application crash) or execute arbitrary code via a crafted TIFF image.
12702 CVE-2008-2325 399 DoS Exec Code Mem. Corr. 2008-08-03 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
QuickLook in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office file, related to insufficient "bounds checking."
12703 CVE-2008-2322 189 DoS Exec Code Overflow 2008-08-03 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4.11, 10.5.2, and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF file with a long Type 1 font, which triggers a heap-based buffer overflow.
12704 CVE-2008-2321 399 DoS Exec Code Mem. Corr. 2008-08-03 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
12705 CVE-2008-2320 119 DoS Exec Code Overflow 2008-08-03 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.
12706 CVE-2008-2317 399 DoS Exec Code 2008-07-14 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
WebCore in Apple Safari does not properly perform garbage collection of JavaScript document elements, which allows remote attackers to execute arbitrary code or cause a denial of service (heap corruption and application crash) via a reference to the ownerNode property of a copied CSSStyleSheet object of a STYLE element, as originally demonstrated on Apple iPhone before 2.0 and iPod touch before 2.0, a different vulnerability than CVE-2008-1590.
12707 CVE-2008-2307 399 DoS Exec Code Mem. Corr. 2008-06-23 2011-03-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in WebKit in Apple Safari before 3.1.2, as distributed in Mac OS X before 10.5.4, and standalone for Windows and Mac OS X 10.4, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors involving JavaScript arrays that trigger memory corruption.
12708 CVE-2008-2306 264 Bypass 2008-06-23 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Apple Safari before 3.1.2 on Windows does not properly interpret the URLACTION_SHELL_EXECUTE_HIGHRISK Internet Explorer zone setting, which allows remote attackers to bypass intended access restrictions, and force a client system to download and execute arbitrary files.
12709 CVE-2008-2305 119 Exec Code Overflow 2008-09-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X 10.4.11 and 10.5 through 10.5.4 allows remote attackers to execute arbitrary code via a document containing a crafted font, related to "PostScript font names."
12710 CVE-2008-2303 189 DoS Exec Code 2008-07-14 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript array indices that trigger an out-of-bounds access, a different vulnerability than CVE-2008-2307.
12711 CVE-2008-2283 20 2008-05-18 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0.
12712 CVE-2008-2281 2008-05-18 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
12713 CVE-2008-2273 +Priv 2008-05-16 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the TACACS authentication component in Aruba Mobility Controller 3.1.x, 3.2.x, and 3.3.x allows remote authenticated users to gain privileges via unknown vectors.
12714 CVE-2008-2259 20 Exec Code 2008-08-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
12715 CVE-2008-2258 399 DoS Exec Code Mem. Corr. 2008-08-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order" with "particular functions ... performed on" document objects, aka "HTML Objects Memory Corruption Vulnerability" or "Table Layout Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2257.
12716 CVE-2008-2257 399 DoS Exec Code Mem. Corr. 2008-08-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory in certain conditions, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via vectors related to a document object "appended in a specific order," aka "HTML Objects Memory Corruption Vulnerability" or "XHTML Rendering Memory Corruption Vulnerability," a different vulnerability than CVE-2008-2258.
12717 CVE-2008-2256 20 DoS Exec Code Mem. Corr. 2008-08-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 does not properly handle objects that have been incorrectly initialized or deleted, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "Uninitialized Memory Corruption Vulnerability."
12718 CVE-2008-2255 399 DoS Exec Code Mem. Corr. 2008-08-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, a different vulnerability than CVE-2008-2254, aka "HTML Object Memory Corruption Vulnerability."
12719 CVE-2008-2254 399 DoS Exec Code Mem. Corr. 2008-08-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 7 accesses uninitialized memory, which allows remote attackers to cause a denial of service (crash) and execute arbitrary code via unknown vectors, aka "HTML Object Memory Corruption Vulnerability."
12720 CVE-2008-2253 94 Exec Code 2008-09-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Windows Media Player 11 allows remote attackers to execute arbitrary code via a crafted audio-only file that is streamed from a Server-Side Playlist (SSPL) on Windows Media Server, aka "Windows Media Player Sampling Rate Vulnerability."
12721 CVE-2008-2249 189 Exec Code Overflow 2008-12-10 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in GDI in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to execute arbitrary code via a malformed header in a crafted WMF file, which triggers a buffer overflow, aka "GDI Integer Overflow Vulnerability."
12722 CVE-2008-2245 119 Exec Code Overflow 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the InternalOpenColorProfile function in mscms.dll in Microsoft Windows Image Color Management System (MSCMS) in the Image Color Management (ICM) component on Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted image file.
12723 CVE-2008-2244 399 Exec Code 2008-07-09 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Office Word 2002 SP3 allows remote attackers to execute arbitrary code via a .doc file that contains malformed data, as exploited in the wild in July 2008, and as demonstrated by attachement.doc.
12724 CVE-2008-2241 22 Exec Code Dir. Trav. 2008-05-21 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in caloggerd in CA BrightStor ARCServe Backup 11.0, 11.1, and 11.5 allows remote attackers to append arbitrary data to arbitrary files via directory traversal sequences in unspecified input fields, which are used in log messages. NOTE: this can be leveraged for code execution in many installation environments by writing to a startup file or configuration file.
12725 CVE-2008-2240 119 DoS Exec Code Overflow 2008-05-22 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Web Server service in IBM Lotus Domino before 7.0.3 FP1, and 8.x before 8.0.1, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long Accept-Language HTTP header.
12726 CVE-2008-2238 119 Exec Code Overflow 2008-10-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 allow remote attackers to execute arbitrary code via crafted EMR records in an EMF file associated with a StarOffice/StarSuite document, which trigger a heap-based buffer overflow.
12727 CVE-2008-2237 119 Exec Code Overflow 2008-10-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 allows remote attackers to execute arbitrary code via a crafted WMF file associated with a StarOffice/StarSuite document.
12728 CVE-2008-2228 94 Exec Code File Inclusion 2008-05-14 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in portfolio/commentaires/derniers_commentaires.php in Cyberfolio 7.12, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the rep parameter.
12729 CVE-2008-2221 +Priv 2008-05-14 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.
12730 CVE-2008-2216 264 2008-05-14 2017-09-28
9.0
None Remote Low Single system Complete Complete Complete
Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.
12731 CVE-2008-2214 119 DoS Exec Code Overflow 2008-05-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.
12732 CVE-2008-2192 94 2008-05-14 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Static code injection vulnerability in box/minichat/boxpop.php in IT!CMS (aka itcms) 1.9 allows remote attackers to inject arbitrary PHP code into box/MiniChat/data/shouts.php via the shout parameter.
12733 CVE-2008-2161 119 Exec Code Overflow 2008-05-12 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in TFTP Server SP 1.4 and 1.5 on Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a long TFTP error packet. NOTE: some of these details are obtained from third party information.
12734 CVE-2008-2160 94 Exec Code 2008-05-12 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the JPEG (GDI+) and GIF image processing in Microsoft Windows CE 5.0 allow remote attackers to execute arbitrary code via crafted (1) JPEG and (2) GIF images.
12735 CVE-2008-2158 119 Exec Code Overflow 2008-05-29 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Command Line Interface process in the Server Agent in EMC AlphaStor 3.1 SP1 for Windows allow remote attackers to execute arbitrary code via crafted TCP packets to port 41025.
12736 CVE-2008-2157 20 Exec Code 2008-05-29 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
robotd in the Library Manager in EMC AlphaStor 3.1 SP1 for Windows allows remote attackers to execute arbitrary commands via an unspecified string field in a packet to TCP port 3500.
12737 CVE-2008-2152 189 Exec Code Overflow 2008-06-10 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the rtl_allocateMemory function in sal/rtl/source/alloc_global.c in OpenOffice.org (OOo) 2.0 through 2.4 allows remote attackers to execute arbitrary code via a crafted file that triggers a heap-based buffer overflow.
12738 CVE-2008-2144 DoS Exec Code 2008-05-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Solaris print service for Sun Solaris 8, 9, and 10 allow remote attackers to cause a denial of service or execute arbitrary code via unknown vectors.
12739 CVE-2008-2111 399 Exec Code Mem. Corr. 2008-05-07 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveX Control (yNotifier.dll) in Yahoo! Assistant 3.6 and earlier allows remote attackers to execute arbitrary code via unspecified vectors in the Ynoifier COM object that trigger memory corruption.
12740 CVE-2008-2097 119 Overflow +Priv 2008-06-05 2018-10-11
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the openwsman management service in VMware ESXi 3.5 and ESX 3.5 allows remote authenticated users to gain privileges via an "invalid Content-Length."
12741 CVE-2008-2086 94 Exec Code File Inclusion 2008-12-04 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Sun Java Web Start and Java Plug-in for JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier allow remote attackers to execute arbitrary code via a crafted jnlp file that modifies the (1) java.home, (2) java.ext.dirs, or (3) user.home System Properties, aka "Java Web Start File Inclusion" and CR 6694892.
12742 CVE-2008-2081 22 Dir. Trav. 2008-05-05 2017-09-28
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in index.php in Siteman 2.0.x2 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
12743 CVE-2008-2077 2008-05-05 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."
12744 CVE-2008-2069 119 DoS Exec Code Overflow 2008-05-02 2018-10-11
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
12745 CVE-2008-2064 2008-05-02 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in PhpGedView before 4.1.5 have unknown impact and attack vectors related to "a fundamental design flaw in the interface (API) to connect phpGedView with external programs like content management systems."
12746 CVE-2008-2054 Exec Code 2008-05-29 2017-08-07
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Cisco CiscoWorks Common Services 3.0.3 through 3.1.1 allows remote attackers to execute arbitrary code on a client machine via unknown vectors.
12747 CVE-2008-2053 2008-05-22 2017-08-07
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Unified Customer Voice Portal (CVP) 4.0.x before 4.0(2)_ES14, 4.1.x before 4.1(1)_ES11, and 7.x before 7.0(1) allows remote authenticated users with administrator role privileges to create, modify, or delete a superuser account.
12748 CVE-2008-2051 2008-05-05 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The escapeshellcmd API function in PHP before 5.2.6 has unknown impact and context-dependent attack vectors related to "incomplete multibyte chars."
12749 CVE-2008-2050 119 Overflow 2008-05-05 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
12750 CVE-2008-2042 20 Exec Code Overflow 2008-05-07 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that invokes app.checkForUpdate with a malicious callback function.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.