CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13351 CVE-2007-5769 119 DoS Overflow 2007-12-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP protocol behavior. NOTE: the netkit-ftpd issue is covered by CVE-2007-6263.
13352 CVE-2007-5767 119 Exec Code Overflow 2007-11-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Client Trust application (clntrust.exe) in Novell BorderManager 3.8 before Update 1.5 allows remote attackers to execute arbitrary code via a validation request in which the Novell tree name is not properly delimited with a wide-character backslash or NULL character.
13353 CVE-2007-5760 Exec Code 2008-01-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
13354 CVE-2007-5755 119 Exec Code Overflow 2007-11-13 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
13355 CVE-2007-5742 22 Dir. Trav. 2007-12-01 2017-07-28
9.0
None Remote Low Not required Partial Partial Complete
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
13356 CVE-2007-5717 Exec Code 2007-10-30 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vulnerability than CVE-2007-5170.
13357 CVE-2007-5709 119 Exec Code Overflow 2007-10-30 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.
13358 CVE-2007-5706 22 Dir. Trav. 2007-10-29 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.
13359 CVE-2007-5689 2007-10-29 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
13360 CVE-2007-5687 119 Exec Code Overflow 2007-10-28 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
13361 CVE-2007-5663 94 Exec Code 2008-02-12 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
13362 CVE-2007-5661 94 2008-04-03 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
13363 CVE-2007-5660 Exec Code Overflow 2007-11-02 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
13364 CVE-2007-5659 119 Exec Code Overflow 2008-02-12 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
13365 CVE-2007-5658 20 Exec Code Overflow 2008-01-15 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
13366 CVE-2007-5657 20 Exec Code 2008-01-15 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
13367 CVE-2007-5656 399 DoS Exec Code 2008-01-15 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
13368 CVE-2007-5655 119 Exec Code Overflow 2008-01-15 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
13369 CVE-2007-5653 78 Bypass 2007-10-23 2017-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
13370 CVE-2007-5635 2007-10-23 2012-02-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
13371 CVE-2007-5617 2007-10-21 2018-10-26
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.
13372 CVE-2007-5610 2008-06-04 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.
13373 CVE-2007-5608 2008-06-04 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
13374 CVE-2007-5606 Exec Code Overflow 2008-06-04 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.
13375 CVE-2007-5605 Exec Code Overflow 2008-06-04 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.
13376 CVE-2007-5603 119 Exec Code Overflow 2007-11-05 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
13377 CVE-2007-5602 119 Exec Code Overflow 2008-02-04 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox.
13378 CVE-2007-5601 119 Exec Code Overflow 2007-10-20 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
13379 CVE-2007-5580 119 Exec Code Overflow 2007-12-14 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
13380 CVE-2007-5561 134 Exec Code 2007-10-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure.
13381 CVE-2007-5560 119 Exec Code Overflow 2007-10-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13382 CVE-2007-5559 119 Exec Code Overflow 2007-10-18 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13383 CVE-2007-5552 189 Exec Code Overflow 2007-10-18 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13384 CVE-2007-5546 119 DoS Exec Code Overflow 2007-10-18 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
13385 CVE-2007-5543 119 1 Exec Code Overflow 2009-03-18 2009-03-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590.
13386 CVE-2007-5542 119 1 Exec Code Overflow 2009-03-18 2009-03-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590.
13387 CVE-2007-5541 20 Exec Code 2007-10-17 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.
13388 CVE-2007-5539 +Priv 2007-10-17 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.
13389 CVE-2007-5538 119 DoS Exec Code Overflow 2007-10-17 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
13390 CVE-2007-5535 2007-10-17 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.
13391 CVE-2007-5534 2007-10-17 2012-10-22
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.
13392 CVE-2007-5531 2007-10-17 2019-07-31
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.
13393 CVE-2007-5530 2007-10-17 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.
13394 CVE-2007-5528 2007-10-17 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).
13395 CVE-2007-5526 2007-10-17 2012-10-22
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11.
13396 CVE-2007-5491 22 Dir. Trav. 2007-10-17 2008-09-05
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.
13397 CVE-2007-5487 119 Exec Code Overflow 2007-10-16 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
13398 CVE-2007-5483 2007-10-16 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.
13399 CVE-2007-5476 2007-10-17 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
13400 CVE-2007-5467 189 DoS Exec Code Overflow 2007-10-15 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.