CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12851 CVE-2008-0228 352 CSRF 2008-01-10 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Cross-site request forgery (CSRF) vulnerability in apply.cgi in the Linksys WRT54GL Wireless-G Broadband Router with firmware 4.30.9 allows remote attackers to perform actions as administrators.
12852 CVE-2008-0223 119 Exec Code Overflow 2008-01-10 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in JustSystems JSFC.DLL, as used in multiple JustSystems products such as Ichitaro, allows remote attackers to execute arbitrary code via a crafted .JTD file.
12853 CVE-2008-0221 22 Dir. Trav. 2008-01-10 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
12854 CVE-2008-0215 264 2008-02-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in HP Storage Essentials Storage Resource Management (SRM) before 6.0.0 allow remote attackers to obtain unspecified access to a managed device via unknown attack vectors.
12855 CVE-2008-0176 119 Exec Code Overflow 2008-01-28 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in w32rtr.exe in GE Fanuc CIMPLICITY HMI SCADA system 7.0 before 7.0 SIM 9, and earlier versions before 6.1 SP6 Hot fix - 010708_162517_6106, allow remote attackers to execute arbitrary code via unknown vectors.
12856 CVE-2008-0151 119 DoS Exec Code Overflow 2008-01-08 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit WAC Server 2.1.0.910, 2.0 Build 3503, and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a Telnet request with long options.
12857 CVE-2008-0148 264 Exec Code 2008-01-08 2017-10-18
10.0
None Remote Low Not required Complete Complete Complete
TUTOS 1.3 does not restrict access to php/admin/cmd.php, which allows remote attackers to execute arbitrary shell commands via the cmd parameter in a direct request.
12858 CVE-2008-0122 189 DoS Exec Code Mem. Corr. 2008-01-15 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted input that triggers memory corruption.
12859 CVE-2008-0121 399 Exec Code Mem. Corr. 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
A "memory calculation error" in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with an invalid picture index that triggers memory corruption, aka "Memory Calculation Vulnerability."
12860 CVE-2008-0120 399 Exec Code Overflow Mem. Corr. 2008-08-12 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Microsoft PowerPoint Viewer 2003 allows remote attackers to execute arbitrary code via a PowerPoint file with a malformed picture index that triggers memory corruption, related to handling of CString objects, aka "Memory Allocation Vulnerability."
12861 CVE-2008-0119 94 Exec Code Mem. Corr. 2008-05-13 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Publisher in Office 2000 and XP SP3, 2003 SP2 and SP3, and 2007 SP1 and earlier allows remote attackers to execute arbitrary code via a Publisher file with crafted object header data that triggers memory corruption, aka "Publisher Object Handler Validation Vulnerability."
12862 CVE-2008-0118 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, Excel Viewer 2003 up to SP3, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a crafted Office document that triggers memory corruption from an "allocation error," aka "Microsoft Office Memory Corruption Vulnerability."
12863 CVE-2008-0117 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 and 2002 SP2, and Office 2004 and 2008 for Mac, allows user-assisted remote attackers to execute arbitrary code via crafted conditional formatting values, aka "Excel Conditional Formatting Vulnerability."
12864 CVE-2008-0116 20 Exec Code 2008-03-11 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, Compatibility Pack, and Office 2004 and 2008 for Mac allows user-assisted remote attackers to execute arbitrary code via malformed tags in rich text, aka "Excel Rich Text Validation Vulnerability."
12865 CVE-2008-0115 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via malformed formulas, aka "Excel Formula Parsing Vulnerability."
12866 CVE-2008-0114 94 Exec Code Mem. Corr. 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office for Mac 2004 allows user-assisted remote attackers to execute arbitrary code via crafted Style records that trigger memory corruption.
12867 CVE-2008-0113 94 Exec Code Mem. Corr. 2008-03-11 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office Excel Viewer 2003 up to SP3 allows user-assisted remote attackers to execute arbitrary code via an Excel document with malformed cell comments that trigger memory corruption from an "allocation error," aka "Microsoft Office Cell Parsing Memory Corruption Vulnerability."
12868 CVE-2008-0112 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3, and Office for Mac 2004 and 2008 allows user-assisted remote attackers to execute arbitrary code via a crafted .SLK file that is not properly handled when importing the file, aka "Excel File Import Vulnerability."
12869 CVE-2008-0111 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."
12870 CVE-2008-0110 94 Exec Code 2008-03-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Outlook in Office 2000 SP3, XP SP3, 2003 SP2 and Sp3, and Office System allows user-assisted remote attackers to execute arbitrary code via a crafted mailto URI.
12871 CVE-2008-0109 399 Exec Code Mem. Corr. 2008-02-12 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of a Word file, which triggers length calculation errors and memory corruption.
12872 CVE-2008-0108 119 Exec Code Overflow 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
12873 CVE-2008-0107 189 Exec Code Overflow Mem. Corr. 2008-07-08 2018-10-15
9.0
None Remote Low Single system Complete Complete Complete
Integer underflow in SQL Server 7.0 SP4, 2000 SP4, 2005 SP1 and SP2, 2000 Desktop Engine (MSDE 2000) SP4, 2005 Express Edition SP1 and SP2, and 2000 Desktop Engine (WMSDE); Microsoft Data Engine (MSDE) 1.0 SP4; and Internal Database (WYukon) SP2 allows remote authenticated users to execute arbitrary code via a (1) SMB or (2) WebDAV pathname for an on-disk file (aka stored backup file) with a crafted record size value, which triggers a heap-based buffer overflow, aka "SQL Server Memory Corruption Vulnerability."
12874 CVE-2008-0106 119 Exec Code Overflow 2008-07-08 2018-10-15
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement.
12875 CVE-2008-0105 20 Exec Code 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section header index table information, aka "Microsoft Works File Converter Index Table Vulnerability."
12876 CVE-2008-0104 94 Exec Code Mem. Corr. 2008-02-12 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, aka "Publisher Memory Corruption Vulnerability."
12877 CVE-2008-0103 399 Exec Code 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP2, and Office 2004 for Mac allows remote attackers to execute arbitrary code via an Office document that contains a malformed object, related to a "memory handling error," aka "Microsoft Office Execution Jump Vulnerability."
12878 CVE-2008-0102 399 Exec Code 2008-02-12 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Office Publisher 2000, 2002, and 2003 SP2 allows remote attackers to execute arbitrary code via a crafted .pub file, related to invalid "memory values," aka "Publisher Invalid Memory Reference Vulnerability."
12879 CVE-2008-0098 119 Exec Code Overflow 2008-01-07 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in RealPlayer 11 build 6.0.14.748 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: As of 20080103, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
12880 CVE-2008-0086 119 Exec Code Overflow 2008-07-08 2018-10-15
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
12881 CVE-2008-0083 94 Exec Code 2008-04-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
12882 CVE-2008-0082 200 +Info 2008-08-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
12883 CVE-2008-0081 Exec Code 2008-01-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
12884 CVE-2008-0080 119 Exec Code Overflow 2008-02-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
12885 CVE-2008-0078 94 Exec Code Mem. Corr. 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
12886 CVE-2008-0077 399 Exec Code Mem. Corr. 2008-02-12 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
12887 CVE-2008-0076 94 Exec Code Mem. Corr. 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
12888 CVE-2008-0075 94 Exec Code 2008-02-12 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
12889 CVE-2008-0067 119 Exec Code Overflow 2009-01-08 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.
12890 CVE-2008-0066 119 Exec Code Overflow 2008-04-10 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
12891 CVE-2008-0065 119 Exec Code Overflow 2008-01-22 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
12892 CVE-2008-0064 119 Exec Code Overflow 2008-01-31 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
12893 CVE-2008-0062 189 DoS Exec Code 2008-03-19 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
12894 CVE-2008-0053 119 Exec Code Overflow 2008-03-18 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
12895 CVE-2008-0047 119 Exec Code Overflow 2008-03-18 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
12896 CVE-2008-0043 94 Exec Code 2008-02-07 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.
12897 CVE-2008-0040 399 DoS Exec Code Mem. Corr. 2008-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.
12898 CVE-2008-0033 399 DoS Exec Code Mem. Corr. 2008-01-15 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
12899 CVE-2008-0029 255 +Priv 2008-01-23 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
12900 CVE-2008-0027 119 DoS Exec Code Overflow 2008-01-16 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.