CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13701 CVE-2009-3871 119 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the setBytePixels function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via crafted arguments, aka Bug Id 6872358.
13702 CVE-2009-3869 119 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
13703 CVE-2009-3868 119 Overflow +Priv 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 does not properly parse color profiles, which allows remote attackers to gain privileges via a crafted image file, aka Bug Id 6862970.
13704 CVE-2009-3867 119 Exec Code Overflow 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
13705 CVE-2009-3866 264 Exec Code 2009-11-05 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute arbitrary code by modifying a certain JNLP file to have a URL field that points to an unintended trusted application, aka Bug Id 6872824.
13706 CVE-2009-3865 94 Exec Code 2009-11-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The launch method in the Deployment Toolkit plugin in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 6 before Update 17 allows remote attackers to execute arbitrary commands via a crafted web page, aka Bug Id 6869752.
13707 CVE-2009-3859 119 1 DoS Exec Code Overflow 2009-11-04 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in eEye Retina WiFi Scanner 1.0.8.68, as used in Retina Network Security Scanner 5.10.14, allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .rws file with a long RWS010 entry.
13708 CVE-2009-3855 2009-11-04 2009-11-18
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) UNIX and (2) Linux backup-archive clients, and the (3) OS/400 API client, in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.6, 5.4 before 5.4.2, and 5.5 before 5.5.1, when the MAILPROG option is enabled, allow attackers to read, modify, or delete arbitrary files via unknown vectors.
13709 CVE-2009-3854 119 Exec Code Overflow 2009-11-04 2009-11-18
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the traditional client scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7 and 5.4 before 5.4.2 allows remote attackers to execute arbitrary code via unspecified vectors.
13710 CVE-2009-3853 119 Exec Code Overflow 2009-11-04 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the client acceptor daemon (CAD) scheduler in the client in IBM Tivoli Storage Manager (TSM) 5.3 before 5.3.6.7, 5.4 before 5.4.3, 5.5 before 5.5.2.2, and 6.1 before 6.1.0.2, and TSM Express 5.3.3.0 through 5.3.6.6, allows remote attackers to execute arbitrary code via crafted data in a TCP packet.
13711 CVE-2009-3850 94 Exec Code 2009-11-06 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Blender 2.34, 2.35a, 2.40, and 2.49b allows remote attackers to execute arbitrary code via a .blend file that contains Python statements in the onLoad action of a ScriptLink SDNA.
13712 CVE-2009-3849 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long Template parameter to nnmRptConfig.exe, related to the strcat function; or (2) a long Oid parameter to snmp.exe.
13713 CVE-2009-3848 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long Template parameter, related to the vsprintf function.
13714 CVE-2009-3847 Exec Code 2009-12-10 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via unknown vectors.
13715 CVE-2009-3846 119 Exec Code Overflow 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple heap-based buffer overflows in ovlogin.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via a long (1) userid or (2) passwd parameter.
13716 CVE-2009-3845 Exec Code 2009-12-10 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
The port-3443 HTTP server in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary commands via shell metacharacters in the hostname parameter to unspecified Perl scripts.
13717 CVE-2009-3844 119 DoS Exec Code Overflow 2009-12-08 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
13718 CVE-2009-3843 264 Exec Code 2009-11-24 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
HP Operations Manager 8.10 on Windows contains a "hidden account" in the XML file that specifies Tomcat users, which allows remote attackers to conduct unrestricted file upload attacks, and thereby execute arbitrary code, by using the org.apache.catalina.manager.HTMLManagerServlet class to make requests to manager/html/upload.
13719 CVE-2009-3842 DoS 2009-11-20 2009-12-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability on the HP Color LaserJet M3530 Multifunction Printer with firmware 05.058.4 and the Color LaserJet CP3525 Printer with firmware 53.021.2 allows remote attackers to obtain "access to data" or cause a denial of service via unknown vectors.
13720 CVE-2009-3841 Exec Code 2009-11-17 2009-11-24
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in HP Discovery & Dependency Mapping Inventory (DDMI) 2.5x, 7.5x, and 7.60 on Windows allows remote authenticated users to execute arbitrary code via unknown vectors.
13721 CVE-2009-3838 119 1 DoS Exec Code Overflow 2009-11-02 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pegasus Mail (PMail) 4.41 and possibly 4.51 allows remote POP3 servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long error message.
13722 CVE-2009-3837 119 Exec Code Overflow 2009-11-02 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
13723 CVE-2009-3831 94 DoS Exec Code Mem. Corr. 2009-10-30 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted domain name.
13724 CVE-2009-3829 189 DoS Exec Code Overflow 2009-10-30 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
13725 CVE-2009-3819 Exec Code 2009-10-28 2011-12-14
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Random Images (maag_randomimage) extension 1.6.4 and earlier for TYPO3 allows remote attackers to execute arbitrary shell commands via unspecified vectors.
13726 CVE-2009-3818 2009-10-28 2009-10-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the session handling feature in freeCap CAPTCHA (sr_freecap) extension 1.2.0 and earlier for TYPO3 has unknown impact and attack vectors.
13727 CVE-2009-3812 119 2 Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.
13728 CVE-2009-3811 119 1 Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Music Tag Editor 1.61 build 212 allows remote attackers to execute arbitrary code via an MP3 file with a long ID3 tag. NOTE: some of these details are obtained from third party information.
13729 CVE-2009-3810 119 1 DoS Exec Code Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Acoustica MP3 Audio Mixer 2.471 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
13730 CVE-2009-3808 1 DoS Exec Code 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
MixSense DJ Studio 1.0.0.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string in an .mp3 playlist file.
13731 CVE-2009-3807 119 1 DoS Overflow 2009-10-27 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in MixVibes 7.043 Pro allows remote attackers to cause a denial of service (crash) via a long string in a .vib file.
13732 CVE-2009-3800 DoS Exec Code 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allow attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
13733 CVE-2009-3799 189 Exec Code Overflow Mem. Corr. 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the Verifier::parseExceptionHandlers function in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via an SWF file with a large exception_count value that triggers memory corruption, related to "generation of ActionScript exception handlers."
13734 CVE-2009-3798 399 Exec Code Mem. Corr. 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
13735 CVE-2009-3797 399 Exec Code Mem. Corr. 2009-12-10 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player 10.x before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors that trigger memory corruption.
13736 CVE-2009-3796 94 Exec Code 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 might allow attackers to execute arbitrary code via unspecified vectors, related to a "data injection vulnerability."
13737 CVE-2009-3794 119 Exec Code Overflow 2009-12-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Adobe Flash Player before 10.0.42.34 and Adobe AIR before 1.5.3 allows remote attackers to execute arbitrary code via crafted dimensions of JPEG data in an SWF file.
13738 CVE-2009-3793 399 DoS Exec Code 2010-06-15 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory consumption) or possibly execute arbitrary code via unknown vectors.
13739 CVE-2009-3792 22 Dir. Trav. 2009-12-21 2009-12-22
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Adobe Flash Media Server (FMS) before 3.5.3 allows attackers to load arbitrary DLL files via unspecified vectors.
13740 CVE-2009-3790 119 DoS Exec Code Overflow 2009-10-26 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
13741 CVE-2009-3743 189 DoS Exec Code Overflow Mem. Corr. 2010-08-26 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in the Ins_MINDEX function in the TrueType bytecode interpreter in Ghostscript before 8.71 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document that trigger an integer overflow and a heap-based buffer overflow.
13742 CVE-2009-3739 DoS 2010-01-19 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities on the Rockwell Automation AB Micrologix 1100 and 1400 controllers allow remote attackers to obtain privileged access or cause a denial of service (halt) via unknown vectors.
13743 CVE-2009-3737 94 Exec Code 2010-08-17 2011-07-26
9.3
None Remote Medium Not required Complete Complete Complete
The Oracle Siebel Option Pack for IE ActiveX control does not properly initialize memory that is used by the NewBusObj method, which allows remote attackers to execute arbitrary code via a crafted HTML document.
13744 CVE-2009-3735 94 Exec Code 2010-02-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive's digital signature before installation, which allows remote attackers to execute arbitrary code via a URL argument to an unspecified method.
13745 CVE-2009-3732 134 Exec Code 2010-04-12 2013-05-15
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
13746 CVE-2009-3717 119 1 DoS Exec Code Overflow 2009-10-16 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in LucVil PatPlayer 3.9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URI in a playlist (.m3u) file.
13747 CVE-2009-3711 119 1 DoS Exec Code Overflow 2009-10-16 2018-10-10
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the h_handlepeer function in http.cpp in httpdx 1.4, and possibly 1.4.3, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
13748 CVE-2009-3710 255 1 +Priv 2009-10-16 2009-10-19
10.0
None Remote Low Not required Complete Complete Complete
RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022.
13749 CVE-2009-3709 119 1 Exec Code Overflow 2009-10-16 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a TITLE tag.
13750 CVE-2009-3708 119 Exec Code Overflow 2009-10-16 2009-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Meta Content Optimizer in Konae Technologies Alleycode HTML Editor 2.21 allows user-assisted remote attackers to execute arbitrary code via a long value in a (1) description or (2) keyword META tag. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.