CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13251 CVE-2007-5005 22 Dir. Trav. 2007-10-01 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in rxRPC.dll in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to upload and overwrite arbitrary files via a ..\ (dot dot backslash) sequence in the destination filename argument to sub-function 8 in the rxrReceiveFileFromServer command.
13252 CVE-2007-5004 189 Exec Code Overflow 2007-10-01 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allows remote attackers to execute arbitrary code via a long username and a certain "useless" password.
13253 CVE-2007-5003 119 Exec Code Overflow 2007-10-01 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.5 allow remote attackers to execute arbitrary code via a long (1) username or (2) password to the rxrLogin command in rxRPC.dll, or a long (3) username argument to the GetUserInfo function.
13254 CVE-2007-4995 189 Exec Code 2007-10-12 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
13255 CVE-2007-4992 119 Exec Code Overflow 2007-10-10 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the process_packet function in fbserver.exe in Firebird SQL 2.0.2 allows remote attackers to execute arbitrary code via a long request to TCP port 3050.
13256 CVE-2007-4987 189 Exec Code 2007-09-24 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
13257 CVE-2007-4983 22 Exec Code Dir. Trav. 2007-09-19 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
13258 CVE-2007-4982 22 Dir. Trav. 2007-09-19 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.
13259 CVE-2007-4963 Dir. Trav. 2007-09-18 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged with a separate directory traversal vulnerability to trick a careful user into overwriting arbitrary files.
13260 CVE-2007-4962 22 Exec Code Dir. Trav. 2007-09-18 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file. NOTE: this can be leveraged for code execution by writing to a Startup folder.
13261 CVE-2007-4943 119 Exec Code Overflow 2007-09-18 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13262 CVE-2007-4940 189 DoS Exec Code Overflow 2007-09-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values.
13263 CVE-2007-4939 119 DoS Exec Code Overflow 2007-09-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values.
13264 CVE-2007-4926 310 +Info 2007-09-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
The AXIS 207W camera uses a base64-encoded cleartext username and password for authentication, which allows remote attackers to obtain sensitive information by sniffing the wireless network or by leveraging unspecified other vectors.
13265 CVE-2007-4916 119 DoS Exec Code Overflow 2007-09-17 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
13266 CVE-2007-4915 20 2007-09-17 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.
13267 CVE-2007-4910 2007-09-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in netInvoicing before 2.7.3 has unknown impact and attack vectors, related to "security check soap".
13268 CVE-2007-4909 264 2007-09-17 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Interpretation conflict in WinSCP before 4.0.4 allows remote attackers to perform arbitrary file transfers with a remote server via file-transfer commands in the final portion of a (1) scp, and possibly a (2) sftp or (3) ftp, URL, as demonstrated by a URL specifying login to the remote server with a username of scp, which is interpreted as an HTTP scheme name by the protocol handler in a web browser, but is interpreted as a username by WinSCP. NOTE: this is related to an incomplete fix for CVE-2006-3015.
13269 CVE-2007-4880 119 Exec Code Overflow 2007-09-27 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
13270 CVE-2007-4842 22 Exec Code Dir. Trav. 2007-09-12 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in Enriva Development Magellan Explorer 3.32 build 2305 and earlier allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a filename. NOTE: this can be leveraged for code execution by writing to a Startup folder.
13271 CVE-2007-4841 20 Exec Code 2007-09-12 2011-09-21
9.3
Admin Remote Medium Not required Complete Complete Complete
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file type handling on Windows XP with Internet Explorer 7 installed, a variant of CVE-2007-3845.
13272 CVE-2007-4821 119 Exec Code Overflow 2007-09-11 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different vulnerability than CVE-2007-3169.
13273 CVE-2007-4776 119 Exec Code Overflow 2007-09-10 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
13274 CVE-2007-4771 399 DoS Overflow 2008-01-28 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the doInterval function in regexcmp.cpp in libicu in International Components for Unicode (ICU) 3.8.1 and earlier allows context-dependent attackers to cause a denial of service (memory consumption) and possibly have unspecified other impact via a regular expression that writes a large amount of data to the backtracking stack. NOTE: some of these details are obtained from third party information.
13275 CVE-2007-4758 119 DoS Exec Code Overflow 2007-09-08 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the image-processing APIs in Cosminexus Developer's Kit for Java in Cosminexus 4 through 7 allow remote attackers to cause a denial of service or execute arbitrary code via unspecified vectors.
13276 CVE-2007-4750 310 Exec Code 2007-09-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.
13277 CVE-2007-4747 287 2007-09-06 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The telnet service in Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier does not require authentication, which allows remote attackers to perform administrative actions, aka CSCsj31729.
13278 CVE-2007-4746 264 2007-09-06 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
13279 CVE-2007-4743 119 Overflow 2007-09-06 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
The original patch for CVE-2007-3999 in svc_auth_gss.c in the RPCSEC_GSS RPC library in MIT Kerberos 5 (krb5) 1.4 through 1.6.2, as used by the Kerberos administration daemon (kadmind) and other applications that use krb5, does not correctly check the buffer length in some environments and architectures, which might allow remote attackers to conduct a buffer overflow attack.
13280 CVE-2007-4740 264 2007-09-06 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
The HPRevolutionRegistryManager ActiveX control in Hp.Revolution.RegistryManager.dll 1 in Telecom Italy Alice Messenger allows remote attackers to create registry keys and values via the arguments to the WriteRegistry method.
13281 CVE-2007-4735 119 Exec Code Overflow 2007-09-06 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Next Generation Software Virtual DJ (VDJ) 5.0 allows user-assisted remote attackers to execute arbitrary code via a long file path in an m3u file.
13282 CVE-2007-4733 264 2007-09-06 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
The Aztech DSL600EU router, when WAN access to the web interface is disabled, does not properly block inbound traffic on TCP port 80, which allows remote attackers to connect to the web interface by guessing a TCP sequence number, possibly involving spoofing of an ARP packet, a related issue to CVE-1999-0077.
13283 CVE-2007-4731 119 Exec Code Overflow 2007-09-11 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the TMregChange function in TMReg.dll in Trend Micro ServerProtect before 5.58 Security Patch 4 allows remote attackers to execute arbitrary code via a crafted packet to TCP port 5005.
13284 CVE-2007-4710 399 DoS Exec Code Mem. Corr. 2007-12-19 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ColorSync in Apple Mac OS X 10.4.11 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via an image with a crafted ColorSync profile, which triggers memory corruption.
13285 CVE-2007-4708 134 Exec Code 2007-12-19 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in Address Book in Apple Mac OS X 10.4.11 allows remote attackers to execute arbitrary code via the URL handler.
13286 CVE-2007-4707 119 Exec Code Overflow 2007-12-14 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Flash media handler in Apple QuickTime before 7.3.1 allow remote attackers to execute arbitrary code or have other unspecified impacts via a crafted QuickTime movie.
13287 CVE-2007-4704 Bypass 2007-11-15 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5 does not apply changed settings to processes that are started by launchd until the processes are restarted, which might allow attackers to bypass intended access restrictions.
13288 CVE-2007-4703 Bypass 2007-11-15 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5 does not prevent a root process from accepting incoming connections, even when "Block incoming connections" has been set for its associated executable, which might allow remote attackers or local root processes to bypass intended access restrictions.
13289 CVE-2007-4702 Bypass 2007-11-15 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
The Application Firewall in Apple Mac OS X 10.5, when "Block all incoming connections" is enabled, does not prevent root processes or mDNSResponder from accepting connections, which might allow remote attackers or local root processes to bypass intended access restrictions.
13290 CVE-2007-4691 264 Bypass 2007-11-14 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
The NSURL component in Apple Mac OS X 10.4 through 10.4.10 performs case-sensitive comparisons that allow attackers to bypass intended restrictions for local file system URLs.
13291 CVE-2007-4690 399 Exec Code 2007-11-14 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
13292 CVE-2007-4689 399 DoS Exec Code 2007-11-14 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the Networking component in Apple Mac OS X 10.4 through 10.4.10 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via crafted IPV6 packets.
13293 CVE-2007-4687 16 2007-11-14 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
The remote_cmds component in Apple Mac OS X 10.4 through 10.4.10 contains a symbolic link from the tftpboot private directory to the root directory, which allows tftpd users to escape the private directory and access arbitrary files.
13294 CVE-2007-4677 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via an invalid color table size when parsing the color table atom (CTAB) in a movie file, related to the CTAB RGB values.
13295 CVE-2007-4676 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via malformed elements when parsing (1) Poly type (0x0070 through 0x0074) and (2) PackBitsRgn field (0x0099) opcodes in a PICT image.
13296 CVE-2007-4675 119 Exec Code Overflow 2007-11-07 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the QuickTime VR extension 7.2.0.240 in QuickTime.qts in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a QTVR (QuickTime Virtual Reality) movie file containing a large size field in the atom header of a panorama sample atom.
13297 CVE-2007-4673 78 Exec Code 2007-10-04 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Argument injection vulnerability in Apple QuickTime 7.2 for Windows XP SP2 and Vista allows remote attackers to execute arbitrary commands via a URL in the qtnext field in a crafted QTL file. NOTE: this issue may be related to CVE-2006-4965 or CVE-2007-5045.
13298 CVE-2007-4646 94 DoS Exec Code Overflow 2007-08-31 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
13299 CVE-2007-4642 119 DoS Exec Code Overflow 2007-08-31 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allow remote attackers to execute arbitrary code via a long chat (PKT_CHAT) message that is not properly handled by the (1) D_NetPlayerEvent function in d_net.c or the (2) Msg_Write function in net_msg.c, or (3) many commands that are not properly handled by the NetSv_ReadCommands function in d_netsv.c; or (4) cause a denial of service (daemon crash) via a chat (PKT_CHAT) message without a final '\0' character.
13300 CVE-2007-4634 89 Exec Code Sql 2007-08-31 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Cisco CallManager and Unified Communications Manager (CUCM) before 3.3(5)sr2b, 4.1 before 4.1(3)sr5, 4.2 before 4.2(3)sr2, and 4.3 before 4.3(1)sr1 allow remote attackers to execute arbitrary SQL commands via the lang variable to the (1) user or (2) admin logon page, aka CSCsi64265.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.