CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13301 CVE-2007-2132 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise 8.47.12 and 8.48.08 has unknown impact and attack vectors, aka PSE02.
13302 CVE-2007-2131 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.22.14, 8.47.12, and 8.48.08 has unknown impact and attack vectors, aka PSE01.
13303 CVE-2007-2130 2007-04-18 2018-10-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.
13304 CVE-2007-2129 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Agent component in Oracle Enterprise Manager 9.2.0.8 has unknown impact and remote attack vectors, aka EM01.
13305 CVE-2007-2128 2007-04-18 2018-10-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
13306 CVE-2007-2127 2007-04-18 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.0 have unknown impact and remote attack vectors via (1) Application Object Library (APPS04), iStore (2) APPS05 and (3) APPS06, (4) iSupport (APPS07), (5) Trade Management (APPS09), (6) Applications Manager (APPS10), and (7) Oracle Report Manager (APPS03).
13307 CVE-2007-2126 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle E-Business Suite 11.5.10CU2 has unknown impact and remote attack vectors in the (1) Common Applications (APPS01) and (2) iProcurement (APPS02).
13308 CVE-2007-2125 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Collaborative Workspace in Oracle Collaboration Suite 10.1.2 has unknown impact and attack vectors, aka OCS01.
13309 CVE-2007-2124 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.4.1.0 has unknown impact and remote attack vectors, aka AS05.
13310 CVE-2007-2123 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Portal component in Oracle Application Server 10.1.3 up to 10.1.3.2.0, 10.1.2 up to 10.1.2.2.0, and 9.0.4.3 has unknown impact and attack vectors, aka AS04.
13311 CVE-2007-2122 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Wireless component in Oracle Application Server 9.0.4.3 has unknown impact and attack vectors, aka AS03.
13312 CVE-2007-2121 2007-04-18 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the COREid Access component in Oracle Application Server 7.0.4.4 has unknown impact and attack vectors, aka AS02.
13313 CVE-2007-2116 Overflow 2007-04-18 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters.
13314 CVE-2007-2114 Overflow 2007-04-18 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).
13315 CVE-2007-2101 +Info 2007-04-18 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
FAC Guestbook 3.01 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/gbdb.mdb. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13316 CVE-2007-2100 2007-04-18 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
FAC Guestbook 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/Gdb.mdb.
13317 CVE-2007-2079 Exec Code Overflow 2007-04-17 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
The ADONewConnection Connect function in adodb.php in XAMPP 1.6.0a and earlier for Windows uses untrusted input for the database server hostname, which allows remote attackers to trigger a library buffer overflow and execute arbitrary code via a long host parameter, or have other unspecified impact. NOTE: it could be argued that this is an issue in mssql_connect (CVE-2007-1411.1) in PHP, or an issue in the ADOdb Library, and the proper fix should be in one of these products; if so, then this should not be treated as a vulnerability in XAMPP.
13318 CVE-2007-2062 Exec Code Overflow 2007-04-17 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in VCDGear 3.55 and 3.56 BETA allows user-assisted remote attackers to execute arbitrary code via a long FILE argument in a CUE file.
13319 CVE-2007-2059 Exec Code Overflow 2007-04-17 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.
13320 CVE-2007-2057 Exec Code Overflow 2007-04-17 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in aircrack-ng airodump-ng 0.7 allows remote attackers to execute arbitrary code via crafted 802.11 authentication packets.
13321 CVE-2007-2053 DoS Exec Code Overflow 2007-04-30 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
13322 CVE-2007-2036 2007-04-16 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The SNMP implementation in the Cisco Wireless LAN Controller (WLC) before 20070419 uses the default read-only community public, and the default read-write community private, which allows remote attackers to read and modify SNMP variables, aka Bug ID CSCse02384.
13323 CVE-2007-2034 +Priv 2007-04-16 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.
13324 CVE-2007-2031 Exec Code Overflow 2007-04-16 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the HTTP proxy service for 3proxy 0.5 to 0.5.3g, and 0.6b-devel before 20070413, might allow remote attackers to execute arbitrary code via crafted transparent requests.
13325 CVE-2007-1993 119 Exec Code Overflow 2007-04-12 2017-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."
13326 CVE-2007-1959 Overflow 2007-04-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the process_cmdent function in command.cpp in TinyMUX before 2.4 has unknown impact and attack vectors, related to lack of the "'other half' of buffer overflow protection."
13327 CVE-2007-1955 Exec Code Overflow 2007-04-10 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the SignKorea SKCrypAX ActiveX control module 5.4.1.2 allow remote attackers to execute arbitrary code via a long string in unspecified arguments to the (1) DownloadCert, (2) DecryptFileByKey, and (3) EncryptFileByKey functions, a different module and vectors than CVE-2007-1722. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13328 CVE-2007-1948 DoS Exec Code Overflow 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in IrfanView 3.99 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via the (1) xoffset or (2) yoffset RLE command, or (3) large non-RLE encoded blocks in a crafted BMP image, as demonstrated by rle8of3.bmp and rle8of4.bmp.
13329 CVE-2007-1946 DoS Exec Code Overflow 2007-04-10 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in Windows Explorer in Microsoft Windows XP SP1 might allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large width dimension in a crafted BMP image, as demonstrated by w4intof.bmp.
13330 CVE-2007-1943 DoS Exec Code Overflow 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in ACDSee Photo Manager 9.0 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via large width image sizes in a crafted BMP image, as demonstrated by w3intof.bmp and w4intof.bmp.
13331 CVE-2007-1942 DoS Exec Code Overflow 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in FastStone Image Viewer 2.9 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted BMP image, as demonstrated by wh3intof.bmp and wh4intof.bmp.
13332 CVE-2007-1922 20 Exec Code Mem. Corr. 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.
13333 CVE-2007-1921 Exec Code Mem. Corr. 2007-04-10 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT file that contains a value that is used as an offset, which triggers memory corruption.
13334 CVE-2007-1917 Exec Code Overflow 2007-04-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SYSTEM_CREATE_INSTANCE function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
13335 CVE-2007-1916 Exec Code Overflow 2007-04-10 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the RFC_START_GUI function in the SAP RFC Library 6.40 and 7.00 before 20061211 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended.
13336 CVE-2007-1892 Exec Code Overflow 2007-04-17 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) before 2.2.1.0 allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2007-1891.
13337 CVE-2007-1891 Exec Code Overflow 2007-04-17 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the GetPrivateProfileSectionW function in Akamai Technologies Download Manager ActiveX Control (DownloadManagerV2.ocx) after 2.0.4.4 but before 2.2.1.0 allows remote attackers to execute arbitrary code, related to misinterpretation of the nSize parameter as a byte count instead of a wide character count.
13338 CVE-2007-1879 2007-04-05 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
The StartUploading function in KL.SysInfo ActiveX control (AxKLSysInfo.dll) in Kaspersky Anti-Virus 6.0 and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows remote attackers to read arbitrary files by triggering an outbound anonymous FTP session that invokes the PUT command. NOTE: this issue might be related to CVE-2007-1112.
13339 CVE-2007-1868 DoS Exec Code 2007-04-04 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The management service in IBM Tivoli Provisioning Manager for OS Deployment before 5.1 Fix Pack 2 does not properly handle multipart/form-data in HTTP POST requests, which allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via crafted POST requests to port 8080/tcp or 443/tcp.
13340 CVE-2007-1867 Exec Code Overflow 2007-04-04 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in IrfanView 3.99 allows remote attackers to execute arbitrary code via a crafted animated cursor (ANI) file.
13341 CVE-2007-1866 Exec Code Overflow 2007-04-04 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465.
13342 CVE-2007-1836 Exec Code 2007-04-02 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.
13343 CVE-2007-1823 2007-04-02 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
13344 CVE-2007-1822 2007-04-02 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
13345 CVE-2007-1821 2007-04-02 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).
13346 CVE-2007-1820 2007-04-02 2008-11-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).
13347 CVE-2007-1819 119 Exec Code Overflow 2007-04-02 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
13348 CVE-2007-1796 2007-04-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 have unspecified attack vectors and impact.
13349 CVE-2007-1795 Exec Code 2007-04-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13350 CVE-2007-1794 Exec Code 2007-04-02 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary object that is still being used. NOTE: this issue might be related to CVE-2006-3805.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.