CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13001 CVE-2007-6092 119 Overflow 2007-11-21 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in libsrtp in Ingate Firewall before 4.6.0 and SIParator before 4.6.0 has unknown impact and attack vectors. NOTE: it is not clear whether this issue crosses privilege boundaries.
13002 CVE-2007-6089 94 Exec Code File Inclusion 2007-11-21 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in index.php in meBiblio 0.4.5 allows remote attackers to execute arbitrary PHP code via a URL in the action parameter.
13003 CVE-2007-6088 94 Exec Code File Inclusion 2007-11-21 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/functions_mod_user.php in phpBBViet 02.03.07 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
13004 CVE-2007-6086 22 Dir. Trav. 2007-11-21 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in index.php in VigileCMS 1.4 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the module parameter.
13005 CVE-2007-6082 94 Exec Code 2007-11-21 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Direct static code injection vulnerability in acp/savenews.php in Sciurus Hosting Panel, possibly 2.0.3, allows remote attackers to inject arbitrary PHP code via the filecontents parameter, which can be executed by accessing includes/news.php.
13006 CVE-2007-6060 20 DoS Exec Code 2007-11-20 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
AhnLab Antivirus 3 Internet Security 2008 Platinum appends data to a filename string at a location indicated by the "Filename length" field in a ZIP header, which allows remote attackers to cause a denial of service (machine crash) and possibly execute arbitrary code via a ZIP file in which this field's value is larger than the actual number of bytes in the filename.
13007 CVE-2007-6053 399 Mem. Corr. 2007-11-20 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
IBM DB2 UDB 9.1 before Fixpak 4 does not properly handle use of large numbers of file descriptors, which might allow attackers to have an unknown impact involving "memory corruption." NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
13008 CVE-2007-6051 264 2007-11-20 2012-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
IBM DB2 UDB 9.1 before Fixpak 4 assigns incorrect privileges to the (1) DB2ADMNS and (2) DB2USERS alternative groups, which has unknown impact. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
13009 CVE-2007-6048 264 2007-11-20 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
IBM DB2 UDB 9.1 before Fixpak 4 uses incorrect permissions on ACLs for DB2NODES.CFG, which has unknown impact and attack vectors. NOTE: the vendor description of this issue is too vague to be certain that it is security-related.
13010 CVE-2007-6047 264 Exec Code 2007-11-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the DB2DART tool in IBM DB2 UDB 9.1 before Fixpak 4 allows attackers to execute arbitrary commands as the DB2 instance owner, related to invocation of TPUT by DB2DART.
13011 CVE-2007-6045 2007-11-20 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in (1) DB2WATCH and (2) DB2FREEZE in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors.
13012 CVE-2007-6044 399 Mem. Corr. 2007-11-20 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM WebSphere MQ 6.0 have unknown impact and remote attack vectors involving "memory corruption." NOTE: as of 20071116, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13013 CVE-2007-6033 264 2007-11-19 2008-11-15
9.0
Admin Remote Low Single system Complete Complete Complete
Invensys Wonderware InTouch 8.0 creates a NetDDE share with insecure permissions (Everyone/Full Control), which allows remote authenticated attackers, and possibly anonymous users, to execute arbitrary programs.
13014 CVE-2007-6030 2007-11-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Weird Solutions BOOTPTurbo 1.2 has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
13015 CVE-2007-6026 119 Exec Code Overflow 2007-11-19 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Microsoft msjet40.dll 4.0.8618.0 (aka Microsoft Jet Engine), as used by Access 2003 in Microsoft Office 2003 SP3, allows user-assisted attackers to execute arbitrary code via a crafted MDB file database file containing a column structure with a modified column count. NOTE: this might be the same issue as CVE-2005-0944.
13016 CVE-2007-6021 119 Exec Code Overflow 2008-10-30 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a .PMD file with a crafted font structure.
13017 CVE-2007-6020 119 Exec Code Overflow 2008-04-10 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in foliosr.dll in the Folio Flat File speed reader in Autonomy (formerly Verity) KeyView 10.3.0.0, as used by IBM Lotus Notes, Symantec Mail Security, and activePDF DocConverter, allow remote attackers to execute arbitrary code via a long attribute value in a (1) DI, (2) FD, (3) FT, (4) JD, (5) JL, (6) LE, (7) OB, (8) OD, (9) OL, (10) PN, (11) PS, (12) PW, (13) RD, (14) QL, or (15) TS tag in a .fff file.
13018 CVE-2007-6019 Exec Code 2008-04-09 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
13019 CVE-2007-6016 119 Exec Code Overflow 2008-02-29 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the PVATLCalendar.PVCalendar.1 ActiveX control in pvcalendar.ocx in the scheduler component in the Media Server in Symantec Backup Exec for Windows Server (BEWS) 11d 11.0.6235 and 11.0.7170, and 12.0 12.0.1364, allow remote attackers to execute arbitrary code via a long (1) _DOWText0, (2) _DOWText1, (3) _DOWText2, (4) _DOWText3, (5) _DOWText4, (6) _DOWText5, (7) _DOWText6, (8) _MonthText0, (9) _MonthText1, (10) _MonthText2, (11) _MonthText3, (12) _MonthText4, (13) _MonthText5, (14) _MonthText6, (15) _MonthText7, (16) _MonthText8, (17) _MonthText9, (18) _MonthText10, or (19) _MonthText11 property value when executing the Save method. NOTE: the vendor states "Authenticated user involvement required," but authentication is not needed to attack a client machine that loads this control.
13020 CVE-2007-6015 119 Exec Code Overflow 2007-12-13 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
13021 CVE-2007-6011 287 Bypass 2007-11-15 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in main.php of BugHotel Reservation System before 4.9.9 P3 allows remote attackers to bypass authentication and gain administrative access via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13022 CVE-2007-6009 119 Exec Code Overflow 2007-11-15 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in ACD products allow user-assisted remote attackers to execute arbitrary code via a long section string in a (1) XBM or (2) XPM file to (a) ID_X.apl or (b) IDE_ACDStd.apl. NOTE: the PSP and LHA vectors are already covered by CVE-2007-4344 and CVE-2007-6007. NOTE: these might be integer overflows rather than buffer overflows.
13023 CVE-2007-6008 119 Exec Code Overflow 2007-11-15 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in emlsr.dll before 2.0.0.4 in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK allows remote attackers to execute arbitrary code via a long Content-Type header line in an EML file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13024 CVE-2007-6006 287 2007-11-15 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
TestLink before 1.7.1 does not enforce an unspecified authorization mechanism, which has unknown impact and attack vectors.
13025 CVE-2007-5972 119 Overflow 2007-12-05 2010-05-27
9.0
Admin Remote Low Single system Complete Complete Complete
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master key, and so the attacker must have privileges to store this key.
13026 CVE-2007-5959 DoS Exec Code Mem. Corr. 2007-11-26 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption.
13027 CVE-2007-5941 119 DoS Exec Code Overflow 2007-11-13 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
13028 CVE-2007-5939 119 Overflow 2007-12-06 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
The gss_userok function in appl/ftp/ftpd/gss_userok.c in Heimdal 0.7.2 does not allocate memory for the ticketfile pointer before calling free, which allows remote attackers to have an unknown impact via an invalid username. NOTE: the vulnerability was originally reported for ftpd.c, but this is incorrect.
13029 CVE-2007-5929 119 DoS Exec Code Overflow 2007-11-09 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in OpenBase 10.0.5 and earlier might allow remote authenticated users to execute arbitrary code or cause a denial of service (daemon crash) by creating a stored procedure with a long name and invoking this procedure, which triggers heap corruption.
13030 CVE-2007-5928 119 Overflow 2007-11-09 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
OpenBase 10.0.5 and earlier allows remote authenticated users to trigger a free of an arbitrary memory location via long strings in a SELECT statement. NOTE: this might be a buffer overflow, but it is not clear.
13031 CVE-2007-5927 22 Exec Code Dir. Trav. 2007-11-09 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
13032 CVE-2007-5926 20 Exec Code 2007-11-09 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
13033 CVE-2007-5910 119 Exec Code Overflow 2007-11-09 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, wp6sr.dll in IBM Lotus Notes 8.0 and before 7.0.3, Symantec Mail Security, and other products, allows remote attackers to execute arbitrary code via a crafted WordPerfect (WPD) file.
13034 CVE-2007-5909 119 Exec Code Overflow 2007-11-09 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView Viewer, Filter, and Export SDK before 9.2.0.12, as used by ActivePDF DocConverter, IBM Lotus Notes before 7.0.3, Symantec Mail Security, and other products, allow remote attackers to execute arbitrary code via a crafted (1) AG file to kpagrdr.dll, (2) AW file to awsr.dll, (3) DLL or (4) EXE file to exesr.dll, (5) DOC file to mwsr.dll, (6) MIF file to mifsr.dll, (7) SAM file to lasr.dll, or (8) RTF file to rtfsr.dll. NOTE: the WPD (wp6sr.dll) vector is covered by CVE-2007-5910.
13035 CVE-2007-5902 189 Overflow 2007-12-05 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
13036 CVE-2007-5894 2007-12-05 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
** DISPUTED ** The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misidentifies the conditions under which the uninitialized variable is used. NOTE: the vendor disputes this issue, stating " The 'length' variable is only uninitialized if 'auth_type' is neither the 'KERBEROS_V4' nor 'GSSAPI'; this condition cannot occur in the unmodified source code."
13037 CVE-2007-5892 119 Exec Code Overflow 2007-11-07 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the pdg2.dll ActiveX control in SSReader 4.0 and earlier allow remote attackers to execute arbitrary code via a long argument to the Register method. NOTE: some details were obtained from third party sources.
13038 CVE-2007-5890 Dir. Trav. 2007-11-07 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in index.php in easyGB 2.1.1 allows remote attackers to include arbitrary files via the DatabaseType parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13039 CVE-2007-5889 Exec Code File Inclusion 2007-11-07 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in IDMOS 1.0 Alpha (aka Phoenix) allow remote attackers to execute arbitrary PHP code via a URL in the site_absolute_path parameter to (1) admin.php, (2) menu_add.php, and (3) menu_operation.php in administrator/, different vectors than CVE-2007-5294.
13040 CVE-2007-5863 310 Exec Code 2007-12-19 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
13041 CVE-2007-5862 287 Bypass 2007-12-18 2008-09-05
9.4
None Remote Low Not required Complete Complete None
Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet.
13042 CVE-2007-5859 399 DoS Exec Code Mem. Corr. 2007-12-19 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Safari RSS in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted feed: URL that triggers memory corruption.
13043 CVE-2007-5856 264 +Info 2007-12-19 2017-07-28
9.4
None Remote Low Not required Complete Complete None
Quick Look Apple Mac OS X 10.5.1, when previewing an HTML file, does not prevent plug-ins from making network requests, which might allow remote attackers to obtain sensitive information.
13044 CVE-2007-5853 DoS Exec Code Mem. Corr. 2007-12-19 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in IO Storage Family in Apple Mac OS X 10.4.11 allows user-assisted attackers to cause a denial of service (system shutdown) or execute arbitrary code via a disk image with crafted GUID partition maps, which triggers memory corruption.
13045 CVE-2007-5849 189 Exec Code Overflow 2007-12-19 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
13046 CVE-2007-5826 22 Dir. Trav. 2007-11-05 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
13047 CVE-2007-5820 22 Dir. Trav. 2007-11-05 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in index.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the module parameter.
13048 CVE-2007-5815 22 Dir. Trav. 2007-11-05 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Absolute path traversal vulnerability in the WebCacheCleaner ActiveX control 1.3.0.3 in SonicWall SSL-VPN 200 before 2.1, and SSL-VPN 2000/4000 before 2.5, allows remote attackers to delete arbitrary files via a full pathname in the argument to the FileDelete method.
13049 CVE-2007-5814 119 Exec Code Overflow 2007-11-05 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allow remote attackers to execute arbitrary code via a long (1) serverAddress, (2) sessionId, (3) clientIPLower, (4) clientIPHigher, (5) userName, (6) domainName, or (7) dnsSuffix Unicode property value. NOTE: the AddRouteEntry vector is covered by CVE-2007-5603.
13050 CVE-2007-5791 287 DoS 2007-11-01 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
The Vonage Motorola Phone Adapter VT 2142-VD does not properly verify that a SIP INVITE message originated from a legitimate server, which allows remote attackers to send spoofed INVITE messages, as demonstrated by a flood of messages triggering a denial of service, and by phone calls with malicious content.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.