CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13051 CVE-2008-0948 119 DoS Exec Code Overflow 2008-03-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the RPC library (lib/rpc/rpc_dtablesize.c) used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.2.2, and probably other versions before 1.3, when running on systems whose unistd.h does not define the FD_SETSIZE macro, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by triggering a large number of open file descriptors.
13052 CVE-2008-0947 119 Exec Code Overflow 2008-03-18 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the RPC library used by libgssrpc and kadmind in MIT Kerberos 5 (krb5) 1.4 through 1.6.3 allows remote attackers to execute arbitrary code by triggering a large number of open file descriptors.
13053 CVE-2008-0935 119 Exec Code Overflow 2008-02-25 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Novell iPrint Control ActiveX control in ienipp.ocx in Novell iPrint Client before 4.34 allows remote attackers to execute arbitrary code via a long argument to the ExecuteRequest method.
13054 CVE-2008-0912 119 DoS Exec Code Overflow 2008-02-22 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in mlsrv10.exe in Sybase MobiLink 10.0.1.3629 and earlier, as used by SQL Anywhere Developer Edition 10.0.1.3415 and probably other products, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a long (1) username, (2) version, or (3) remote ID. NOTE: some of these details are obtained from third party information.
13055 CVE-2008-0892 20 Exec Code 2008-04-16 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands.
13056 CVE-2008-0888 119 DoS Exec Code Overflow 2008-03-17 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The NEEDBITS macro in the inflate_dynamic function in inflate.c for unzip can be invoked using invalid buffers, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger a free of uninitialized or previously-freed data.
13057 CVE-2008-0882 119 DoS Exec Code Overflow 2008-02-21 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer. NOTE: some of these details are obtained from third party information.
13058 CVE-2008-0860 2008-02-20 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs.
13059 CVE-2008-0824 2008-02-19 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors.
13060 CVE-2008-0823 287 2008-02-19 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors.
13061 CVE-2008-0805 264 Exec Code 2008-02-18 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in image.php in PHPizabi 0.848b C1 HFP1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension from the event page, then accessing it via a direct request to the file in system/cache/pictures.
13062 CVE-2008-0768 119 Exec Code Overflow 2008-02-13 2019-08-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based and heap-based buffer overflows in the Windows RPC components for IBM Informix Storage Manager (ISM), as used in Informix Dynamic Server (IDS) 10.00.xC8 and earlier and 11.10.xC2 and earlier, allow attackers to execute arbitrary code via crafted XDR requests.
13063 CVE-2008-0766 119 Exec Code Overflow 2008-02-13 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in RpmSrvc.exe in Brooks Remote Print Manager (RPM) 4.5.1.11 and earlier (Elite and Select) for Windows allows remote attackers to execute arbitrary code via a long filename in a "Receive data file" LPD command. NOTE: some of these details are obtained from third party information.
13064 CVE-2008-0764 134 Exec Code 2008-02-13 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.
13065 CVE-2008-0763 119 Exec Code Overflow 2008-02-13 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.
13066 CVE-2008-0748 119 Exec Code Overflow 2008-02-13 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Sony AxRUploadServer.AxRUploadControl.1 ActiveX control in AxRUploadServer.dll 1.0.0.38 in SonyISUpload.cab 1.0.0.38 for Sony ImageStation allows remote attackers to execute arbitrary code via a long argument to the SetLogging method. NOTE: some of these details are obtained from third party information.
13067 CVE-2008-0747 119 Exec Code Overflow 2008-02-13 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
13068 CVE-2008-0743 94 Exec Code File Inclusion 2008-02-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in members_help.php in Joovili 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the hlp parameter.
13069 CVE-2008-0741 264 2008-02-12 2009-06-17
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PropFilePasswordEncoder utility in IBM WebSphere Application Server (WAS) before 6.0.2 Fix Pack 25 (6.0.2.25) has unknown impact and attack vectors.
13070 CVE-2008-0735 89 Exec Code Sql 2008-02-12 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in mod/gallery/ajax/gallery_data.php in AuraCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the albums parameter.
13071 CVE-2008-0728 399 2008-02-12 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
13072 CVE-2008-0726 189 Exec Code Overflow Mem. Corr. 2008-02-12 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via crafted arguments to the printSepsWithParams, which triggers memory corruption.
13073 CVE-2008-0725 119 DoS Exec Code Overflow 2008-02-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in the (1) FTP service and (2) administration service in Titan FTP Server 6.0.5.549 allow remote attackers to cause a denial of service (daemon hang) and possibly execute arbitrary code via a long command. NOTE: the USER and PASS commands for the FTP service are covered by CVE-2008-0702.
13074 CVE-2008-0715 119 Exec Code Overflow 2008-02-11 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ACDSee Photo Manager 8.1, 9.0, and 10.0 allows user-assisted remote attackers to execute arbitrary code via a malformed XBM file. NOTE: this might be the same as CVE-2007-6009.
13075 CVE-2008-0704 264 2008-03-28 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.
13076 CVE-2008-0702 119 DoS Exec Code Overflow 2008-02-11 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
13077 CVE-2008-0699 Exec Code 2008-02-11 2018-11-01
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the ADMIN_SP_C procedure (SYSPROC.ADMIN_SP_C) in IBM DB2 UDB before 8.2 Fixpak 16, 9.1 before FP4a, and 9.5 before FP1 allows remote authenticated users to execute arbitrary code via unspecified attack vectors.
13078 CVE-2008-0671 119 Exec Code Overflow 2008-02-11 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the add_line_buffer function in TinTin++ 1.97.9 and WinTin++ 1.97.9 allows remote attackers to execute arbitrary code via a long chat message, related to conversion from LF to CRLF.
13079 CVE-2008-0668 189 Exec Code Overflow 2008-02-11 2008-09-10
9.3
Admin Remote Medium Not required Complete Complete Complete
The excel_read_HLINK function in plugins/excel/ms-excel-read.c in Gnome Office Gnumeric before 1.8.1 allows user-assisted remote attackers to execute arbitrary code via a crafted XLS file containing XLS HLINK opcodes, possibly because of an integer signedness error that leads to an integer overflow. NOTE: some of these details are obtained from third party information.
13080 CVE-2008-0660 119 Exec Code Overflow 2008-02-07 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.6.17.0, 4.5.70.0, and 4.5.126.0, and ImageUploader5 5.0.10.0, as used by Facebook PhotoUploader 4.5.57.0, allow remote attackers to execute arbitrary code via long (1) ExtractExif and (2) ExtractIptc properties.
13081 CVE-2008-0659 119 Exec Code Overflow 2008-02-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Aurigma Image Uploader ActiveX control (ImageUploader4.ocx) 4.5.70 and earlier, as used in MySpace MySpaceUploader.ocx 1.0.0.4, allows remote attackers to execute arbitrary code via a long Action property.
13082 CVE-2008-0657 264 +Priv 2008-02-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Java Runtime Environment in Sun JDK and JRE 6 Update 1 and earlier, and 5.0 Update 13 and earlier, allow context-dependent attackers to gain privileges via an untrusted (1) application or (2) applet, as demonstrated by an application or applet that grants itself privileges to (a) read local files, (b) write to local files, or (c) execute local programs.
13083 CVE-2008-0656 20 2008-02-07 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in dmclTrace.jsp in EMC Documentum Administrator 5.3.0.313 and Webtop 5.3.0.317 allows remote attackers to overwrite arbitrary files via the filename attribute.
13084 CVE-2008-0655 2008-02-07 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Reader and Acrobat before 8.1.2 have unknown impact and attack vectors.
13085 CVE-2008-0647 119 Exec Code Overflow 2008-02-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the HanGamePluginCn18.HanGamePluginCn18.1 ActiveX control in HanGamePluginCn18.dll in Ourgame GLWorld 2.6.1.29 (aka Lianzong Game Platform) allow remote attackers to execute arbitrary code via long arguments to the (1) hgs_startGame and (2) hgs_startNotify methods, as exploited in the wild as of February 2008. NOTE: some of these details are obtained from third party information.
13086 CVE-2008-0640 287 Exec Code 2008-02-07 2011-07-25
10.0
Admin Remote Low Not required Complete Complete Complete
Symantec Ghost Solution Suite 1.1 before 1.1 patch 2, 2.0.0, and 2.0.1 does not authenticate connections between the console and the Ghost Management Agent, which allows remote attackers to execute arbitrary commands via unspecified RPC requests in conjunction with ARP spoofing.
13087 CVE-2008-0639 119 Exec Code Overflow 2008-02-13 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the EnumPrinters function in the Spooler service (nwspool.dll) in Novell Client 4.91 SP2, SP3, and SP4 for Windows allows remote attackers to execute arbitrary code via a crafted RPC request, aka Novell bug 353138, a different vulnerability than CVE-2006-5854. NOTE: this issue exists because of an incomplete fix for CVE-2007-6701.
13088 CVE-2008-0638 119 Exec Code Overflow 2008-02-21 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.
13089 CVE-2008-0632 264 Exec Code 2008-02-06 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Unrestricted file upload vulnerability in cp_upload_image.php in LightBlog 9.5 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the blog's root directory.
13090 CVE-2008-0620 119 DoS Overflow 2008-02-06 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to cause a denial of service (crash) via a 0x53 LPD command, which causes the server to terminate.
13091 CVE-2008-0619 119 DoS Exec Code Overflow 2008-02-06 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
13092 CVE-2008-0610 119 1 DoS Exec Code Overflow 2008-02-06 2012-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the ClientConnection::NegotiateProtocolVersion function in vncviewer/ClientConnection.cpp in vncviewer for UltraVNC 1.0.2 and 1.0.4 before 01252008, when in LISTENING mode or when using the DSM plugin, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a modified size value.
13093 CVE-2008-0599 Exec Code 2008-05-05 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
13094 CVE-2008-0590 119 DoS Exec Code Overflow 2008-02-05 2019-08-13
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
13095 CVE-2008-0568 +Priv 2008-02-04 2008-11-22
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the IP-authentication feature in the Secure Site 5.x-1.0 and 4.7.x-1.0 module for Drupal allows remote attackers to gain the privileges of a user who has authenticated from behind the same proxy server as the attacker.
13096 CVE-2008-0551 94 Exec Code 2008-02-01 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
The NamoInstaller.NamoInstall.1 ActiveX control in NamoInstaller.dll 3.0.0.1 and earlier in Namo Web Editor in Sejoong Namo ActiveSquare 6 allows remote attackers to execute arbitrary code via a URL in the argument to the Install method. NOTE: some of these details are obtained from third party information.
13097 CVE-2008-0550 189 DoS Exec Code Overflow 2008-02-01 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.
13098 CVE-2008-0544 119 DoS Exec Code Overflow 2008-02-01 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the IMG_LoadLBM_RW function in IMG_lbm.c in SDL_image before 1.2.7 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted IFF ILBM file. NOTE: some of these details are obtained from third party information.
13099 CVE-2008-0532 119 Exec Code Overflow 2008-03-14 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in securecgi-bin/CSuserCGI.exe in User-Changeable Password (UCP) before 4.2 in Cisco Secure Access Control Server (ACS) for Windows and ACS Solution Engine allow remote attackers to execute arbitrary code via a long argument located immediately after the Logout argument, and possibly unspecified other vectors.
13100 CVE-2008-0531 119 Exec Code Overflow 2008-02-14 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Cisco Unified IP Phone 7940, 7940G, 7960, and 7960G running SIP firmware might allow remote SIP servers to execute arbitrary code via a crafted challenge/response message.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.