CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13601 CVE-2007-2923 Exec Code 2007-06-18 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
The launch method in the LocalExec ActiveX control (LocalExec.ocx) in Novell exteNd Director 4.1 and Portal Services allows remote attackers to execute arbitrary commands.
13602 CVE-2007-2921 Exec Code Overflow 2007-06-14 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in acgm.dll in the Corel / Micrografx ActiveCGM Browser ActiveX control before 7.1.4.19 allow remote attackers to execute arbitrary code via unspecified vectors.
13603 CVE-2007-2920 Exec Code Overflow 2007-06-11 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Zoomify Viewer ActiveX control in ZActiveX.dll might allow remote attackers to execute arbitrary code via unspecified vectors.
13604 CVE-2007-2919 DoS Exec Code Overflow 2007-06-06 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the FViewerLoading ActiveX control (FlipViewerX.dll) in E-Book Systems FlipViewer before 4.1 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via long (1) UID, (2) Opf, (3) PAGENO, (4) LaunchMode, (5) SubID, (6) BookID, (7) LibraryID, (8) SubURL, and (9) LoadOpf properties.
13605 CVE-2007-2917 Exec Code Overflow 2007-05-31 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in a certain ActiveX control in odapi.dll in Authentium Command Antivirus before 4.93.8 allow remote attackers to execute arbitrary code via unspecified vectors.
13606 CVE-2007-2884 20 DoS Exec Code Overflow 2007-05-29 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Microsoft Visual Basic 6 allow user-assisted remote attackers to cause a denial of service (CPU consumption) or execute arbitrary code via a Visual Basic Project (vbp) file with a long (1) Description or (2) Company Name (VersionCompanyName) field.
13607 CVE-2007-2881 Exec Code Overflow 2007-05-29 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the SOCKS proxy support (sockd) in Sun Java Web Proxy Server before 4.0.5 allow remote attackers to execute arbitrary code via crafted packets during protocol negotiation.
13608 CVE-2007-2868 94 DoS Exec Code Mem. Corr. 2007-05-31 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.
13609 CVE-2007-2867 119 DoS Overflow 2007-05-31 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.
13610 CVE-2007-2865 XSS 2007-05-25 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in sqledit.php in phpPgAdmin 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the server parameter.
13611 CVE-2007-2864 Exec Code Overflow 2007-06-06 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a large invalid value of the coffFiles field in a .CAB file.
13612 CVE-2007-2863 Exec Code Overflow 2007-06-06 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Anti-Virus engine before content update 30.6 in multiple CA (formerly Computer Associates) products allows remote attackers to execute arbitrary code via a long filename in a .CAB file.
13613 CVE-2007-2856 119 Exec Code Overflow 2007-05-24 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.
13614 CVE-2007-2855 119 Exec Code Overflow 2007-05-24 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.
13615 CVE-2007-2853 Exec Code 2007-05-24 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The VCDAPILibApi ActiveX control in vc9api.DLL 9.0.0.57 in Virtual CD 9.0.0.2 allows remote attackers to execute arbitrary commands via a command line in the first argument to the VCDLaunchAndWait function.
13616 CVE-2007-2852 Exec Code Overflow 2007-05-24 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in ESET NOD32 Antivirus before 2.70.37.0 allow remote attackers to execute arbitrary code during (1) delete/disinfect or (2) rename operations via a crafted directory name.
13617 CVE-2007-2850 Bypass 2007-05-24 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The Session Reliability Service (XTE) in Citrix MetaFrame Presentation Server 3.0, Presentation Server 4.0, and Access Essentials 1.0 and 1.5, allows remote attackers to bypass network security policies and connect to arbitrary TCP ports via a modified address:port string.
13618 CVE-2007-2849 2007-05-24 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
KnowledgeTree Document Management (aka KnowledgeTree Open Source) before STABLE 3.3.7 does not require a password for an unregistered user, when the user exists in Active Directory, which allows remote attackers to log onto KTDMS without the intended authorization check.
13619 CVE-2007-2848 Exec Code Overflow 2007-05-24 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the SetPath function in the shComboBox ActiveX control (shcmb80.ocx) in Sky Software Shell MegaPack ActiveX 8.0 allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13620 CVE-2007-2847 XSS 2007-05-24 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple cross-site scripting (XSS) vulnerabilities in hlstats.php in HLstats 1.35, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) authusername or (2) authpassword parameter, different vectors than CVE-2007-0840 and CVE-2007-2812.
13621 CVE-2007-2846 119 Exec Code Overflow 2007-05-24 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SIS unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted SIS archive, resulting from an "integer cast around."
13622 CVE-2007-2845 Exec Code Overflow 2007-05-24 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the CAB unpacker in avast! Anti-Virus Managed Client before 4.7.700 allows user-assisted remote attackers to execute arbitrary code via a crafted CAB archive, resulting from an "integer cast around".
13623 CVE-2007-2844 2007-05-24 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite internal program memory and gain system access.
13624 CVE-2007-2843 2007-05-24 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via Javascript, as demonstrated by a js script that accesses the location information of cross-domain web pages, probably involving setTimeout and timed events.
13625 CVE-2007-2834 189 Exec Code Overflow 2007-09-18 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the TIFF parser in OpenOffice.org (OOo) before 2.3; and Sun StarOffice 6, 7, and 8 Office Suite (StarSuite); allows remote attackers to execute arbitrary code via a TIFF file with crafted values of unspecified length fields, which triggers allocation of an incorrect amount of memory, resulting in a heap-based buffer overflow.
13626 CVE-2007-2831 119 DoS Exec Code Overflow 2007-05-23 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Array index error in the (1) ieee80211_ioctl_getwmmparams and (2) ieee80211_ioctl_setwmmparams functions in net80211/ieee80211_wireless.c in MadWifi before 0.9.3.1 allows local users to cause a denial of service (system crash), possibly obtain kernel memory contents, and possibly execute arbitrary code via a large negative array index value.
13627 CVE-2007-2827 119 Exec Code Overflow 2007-05-22 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property.
13628 CVE-2007-2824 Exec Code Sql 2007-05-22 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php.
13629 CVE-2007-2822 Bypass 2007-05-22 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php.
13630 CVE-2007-2815 264 Bypass 2007-05-22 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
13631 CVE-2007-2810 Exec Code Sql 2007-05-22 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13632 CVE-2007-2809 Exec Code Overflow 2007-05-22 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is not clear if this is the same issue as CVE-2007-2274.
13633 CVE-2007-2795 119 Exec Code Overflow 2009-01-27 2009-01-28
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
13634 CVE-2007-2791 2007-05-21 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Secure Shell (SSH) in HP Tru64 UNIX 5.1B-4 and 5.1B-3 allows remote attackers to identify valid users via unspecified vectors, probably related to timing attacks and AuthInteractiveFailureRandomTimeout.
13635 CVE-2007-2783 Exec Code Bypass 2007-05-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Rational Soft Hidden Administrator 1.7 and earlier allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors. NOTE: this issue has no actionable information, and perhaps should not be included in CVE.
13636 CVE-2007-2776 2007-05-21 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
AlstraSoft Template Seller Pro 3.25 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject a credential variable setting and obtain administrative access via a direct request to admin/changeinfo.php.
13637 CVE-2007-2775 2007-05-21 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
AlstraSoft Live Support 1.21 sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request to admin/managesettings.php.
13638 CVE-2007-2771 Exec Code Overflow 2007-05-21 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the LEAD Technologies LeadTools JPEG 2000 LEADJ2K.LEADJ2K.140 ActiveX control (LTJ2K14.ocx) 14.5.0.35 allows remote attackers to execute arbitrary code via a long BitmapDataPath property.
13639 CVE-2007-2770 Exec Code Overflow 2007-05-21 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
13640 CVE-2007-2763 Exec Code Overflow 2007-05-18 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the UnlockSupport function in the LockModules subsystem in a certain ActiveX control in ltmm15.dll in Sienzo Digital Music Mentor (DMM) 2.6.0.4 allows remote attackers to execute arbitrary code via a long string in the second argument, a different issue than CVE-2007-2564.
13641 CVE-2007-2760 +Priv 2007-05-18 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
13642 CVE-2007-2758 Exec Code Overflow Dir. Trav. 2007-05-18 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in WinImage 8.0.8000 allow user-assisted remote attackers to execute arbitrary code via a FAT image that contains long directory names in a deeply nested directory structure, which triggers (1) a stack-based buffer overflow during extraction, or (2) a heap-based buffer overflow during traversal.
13643 CVE-2007-2755 2007-05-17 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.
13644 CVE-2007-2741 119 DoS Exec Code Overflow 2007-05-17 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
13645 CVE-2007-2736 Exec Code File Inclusion 2007-05-17 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in index.php in Achievo 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config_atkroot parameter.
13646 CVE-2007-2719 287 2007-05-16 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Session fixation vulnerability in HP Systems Insight Manager (SIM) 4.2 and 5.0 SP4 and SP5 allows remote attackers to hijack web sessions by setting the JSESSIONID cookie.
13647 CVE-2007-2715 2007-05-16 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Admin/users.php in Snaps! Gallery 1.4.4 allows remote attackers to change arbitrary usernames and passwords via the (1) username, or the (2) password and password2 parameters in an edit action.
13648 CVE-2007-2714 2007-05-16 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in akismet.php in Matt Mullenweg Akismet before 2.0.2, a WordPress plugin, has unknown impact and attack vectors.
13649 CVE-2007-2713 2007-05-16 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
ifdate 2.x sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to obtain administrative access via a direct request for the admin/ URI.
13650 CVE-2007-2712 2007-05-16 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in MH Software Connect Daily before 3.3.3 has unknown impact and attack vectors.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.