CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13801 CVE-2008-0086 119 Exec Code Overflow 2008-07-08 2018-10-15
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary code via a crafted SQL expression.
13802 CVE-2008-0083 94 Exec Code 2008-04-08 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The (1) VBScript (VBScript.dll) and (2) JScript (JScript.dll) scripting engines 5.1 and 5.6, as used in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, do not properly decode script, which allows remote attackers to execute arbitrary code via unknown vectors.
13803 CVE-2008-0082 200 +Info 2008-08-12 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state," obtain contact information, and establish audio or video connections without notification via unknown vectors.
13804 CVE-2008-0081 Exec Code 2008-01-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Macro Validation Vulnerability," a different vulnerability than CVE-2007-3490.
13805 CVE-2008-0080 119 Exec Code Overflow 2008-02-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the WebDAV Mini-Redirector in Microsoft Windows XP SP2, Server 2003 SP1 and SP2, and Vista allows remote attackers to execute arbitrary code via a crafted WebDAV response.
13806 CVE-2008-0078 94 Exec Code Mem. Corr. 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in an ActiveX control (dxtmsft.dll) in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via a crafted image, aka "Argument Handling Memory Corruption Vulnerability."
13807 CVE-2008-0077 399 Exec Code Mem. Corr. 2008-02-12 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrated using the by property of an animateMotion SVG element, aka "Property Memory Corruption Vulnerability."
13808 CVE-2008-0076 94 Exec Code Mem. Corr. 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 5.01, 6 SP1 and SP2, and 7 allows remote attackers to execute arbitrary code via crafted HTML layout combinations, aka "HTML Rendering Memory Corruption Vulnerability."
13809 CVE-2008-0075 94 Exec Code 2008-02-12 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 through 6.0 allows remote attackers to execute arbitrary code via crafted inputs to ASP pages.
13810 CVE-2008-0067 119 Exec Code Overflow 2009-01-08 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) long string parameters to the OpenView5.exe CGI program; (2) a long string parameter to the OpenView5.exe CGI program, related to ov.dll; or a long string parameter to the (3) getcvdata.exe, (4) ovlaunch.exe, or (5) Toolbar.exe CGI program.
13811 CVE-2008-0066 119 Exec Code Overflow 2008-04-10 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in htmsr.dll in the HTML speed reader in Autonomy (formerly Verity) KeyView, as used by IBM Lotus Notes 7.0.2 and 7.0.3, allow remote attackers to execute arbitrary code via an HTML document with (1) "large chunks of data," or a long URL in the (2) BACKGROUND attribute of a BODY element or (3) SRC attribute of an IMG element.
13812 CVE-2008-0065 119 Exec Code Overflow 2008-01-22 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
13813 CVE-2008-0064 119 Exec Code Overflow 2008-01-31 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Pierre-emmanuel Gougelet (1) XnView 1.91 and 1.92, (2) NConvert 4.85, and (3) libgfl280.dll in GFL SDK 2.870 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted Radiance RGBE (.hdr) file.
13814 CVE-2008-0062 189 DoS Exec Code 2008-03-19 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
KDC in MIT Kerberos 5 (krb5kdc) does not set a global variable for some krb4 message types, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted messages that trigger a NULL pointer dereference or double-free.
13815 CVE-2008-0053 119 Exec Code Overflow 2008-03-18 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
13816 CVE-2008-0047 119 Exec Code Overflow 2008-03-18 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
13817 CVE-2008-0043 94 Exec Code 2008-02-07 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in Apple iPhoto before 7.1.2 allows remote attackers to execute arbitrary code via photocast subscriptions.
13818 CVE-2008-0040 399 DoS Exec Code Mem. Corr. 2008-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NFS in Apple Mac OS X 10.5 through 10.5.1 allows remote attackers to cause a denial of service (system shutdown) or execute arbitrary code via unknown vectors related to mbuf chains that trigger memory corruption.
13819 CVE-2008-0033 399 DoS Exec Code Mem. Corr. 2008-01-15 2018-10-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.4 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via a movie file with Image Descriptor (IDSC) atoms containing an invalid atom size, which triggers memory corruption.
13820 CVE-2008-0029 255 +Priv 2008-01-23 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco Application Velocity System (AVS) before 5.1.0 is installed with default passwords for some system accounts, which allows remote attackers to gain privileges.
13821 CVE-2008-0027 119 DoS Exec Code Overflow 2008-01-16 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM) 4.2 before 4.2(3)SR3 and 4.3 before 4.3(1)SR1, and CallManager 4.0 and 4.1 before 4.1(3)SR5c, allows remote attackers to cause a denial of service or execute arbitrary code via a long request.
13822 CVE-2008-0020 94 Exec Code Mem. Corr. 2009-07-07 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Load method in the IPersistStreamInit interface in the Active Template Library (ATL), as used in the Microsoft Video ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, aka "ATL Header Memcopy Vulnerability," a different vulnerability than CVE-2008-0015.
13823 CVE-2008-0017 119 DoS Exec Code Overflow Mem. Corr. 2008-11-13 2018-10-26
9.3
None Remote Medium Not required Complete Complete Complete
The http-index-format MIME type parser (nsDirIndexParser) in Firefox 3.x before 3.0.4, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13 does not check for an allocation failure, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP index response with a crafted 200 header, which triggers memory corruption and a buffer overflow.
13824 CVE-2008-0016 119 Exec Code Overflow 2008-09-24 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the URL parsing implementation in Mozilla Firefox before 2.0.0.17 and SeaMonkey before 1.1.12 allows remote attackers to execute arbitrary code via a crafted UTF-8 URL in a link.
13825 CVE-2008-0015 119 Exec Code Overflow 2009-07-07 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
13826 CVE-2008-0014 119 Exec Code Overflow 2008-11-17 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0013.
13827 CVE-2008-0013 119 Exec Code Overflow 2008-11-17 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0012 and CVE-2008-0014.
13828 CVE-2008-0012 119 Exec Code Overflow 2008-11-17 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to the product's configuration, a different vulnerability than CVE-2008-0013 and CVE-2008-0014.
13829 CVE-2008-0011 119 Exec Code Overflow 2008-06-11 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft DirectX 8.1 through 9.0c, and DirectX on Microsoft XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008, does not properly perform MJPEG error checking, which allows remote attackers to execute arbitrary code via a crafted MJPEG stream in a (1) AVI or (2) ASF file, aka the "MJPEG Decoder Vulnerability."
13830 CVE-2008-0003 119 Exec Code Overflow 2008-01-08 2018-10-15
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the PAMBasicAuthenticator::PAMCallback function in OpenPegasus CIM management server (tog-pegasus), when compiled to use PAM and without PEGASUS_USE_PAM_STANDALONE_PROC defined, might allow remote attackers to execute arbitrary code via unknown vectors, a different vulnerability than CVE-2007-5360.
13831 CVE-2007-6757 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Centricity DMS 4.2, 4.1, and 4.0 has a password of Muse!Admin for the Museadmin user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
13832 CVE-2007-6732 119 Exec Code Overflow 2009-09-13 2009-09-14
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.
13833 CVE-2007-6731 94 Exec Code Overflow Bypass 2009-09-13 2009-09-14
10.0
None Remote Low Not required Complete Complete Complete
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
13834 CVE-2007-6730 352 CSRF 2009-09-10 2009-09-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in the ZyXEL P-330W router allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote router management via goform/formRmtMgt or (2) modify the administrator password via goform/formPasswordSetup.
13835 CVE-2007-6721 2009-03-29 2012-11-15
10.0
None Remote Low Not required Complete Complete Complete
The Legion of the Bouncy Castle Java Cryptography API before release 1.38, as used in Crypto Provider Package before 1.36, has unknown impact and remote attack vectors related to "a Bleichenbacher vulnerability in simple RSA CMS signatures without signed attributes."
13836 CVE-2007-6713 2008-04-16 2017-08-07
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Flip4Mac WMV before 2.2.0.49 has unknown impact and attack vectors related to malformed WMV files.
13837 CVE-2007-6711 264 +Priv 2008-03-24 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in customer.php in FreeWebshop.org 2.2.5, 2.2.6 and 2.2.7WIP1/2 allows remote attackers to gain administrator privileges via unknown vectors.
13838 CVE-2007-6706 94 Exec Code 2008-03-08 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in nlnotes.dll in the client in IBM Lotus Notes 6.5, 7.0.x before 7.0.2 CCH or 7.0.3, and possibly 8.0 allows remote attackers to execute arbitrary code via crafted text in an e-mail message sent over SMTP.
13839 CVE-2007-6703 DoS 2008-03-04 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in vdccm before 0.10.1 in SynCE (SynCE-dccm) might allow attackers to cause a denial of service via unspecified vectors.
13840 CVE-2007-6701 119 Exec Code Overflow 2008-02-13 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Spooler service (nwspool.dll) in Novell Client 4.91 SP4 for Windows allow remote attackers to execute arbitrary code via long arguments to multiple unspecified RPC functions, aka Novell bug 287919, a different vulnerability than CVE-2007-2954.
13841 CVE-2007-6693 2008-01-16 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the WebCam module in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to a "proxied request."
13842 CVE-2007-6691 2008-01-16 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to (1) "hotlink protection" in the URL rewrite module, (2) a WebDAV view in the WebDAV module, (3) a comment view in the Comment module, (4) unspecified "item information disclosure attacks" in the Core module Gallery application, (5) the slideshow in the Slideshow module, and (6) multiple Print modules.
13843 CVE-2007-6690 264 2008-01-16 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
The Gallery Remote module in Menalto Gallery before 2.2.4 does not check permissions for unspecified GR commands, which has unknown impact and attack vectors.
13844 CVE-2007-6688 2008-01-16 2017-08-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Installation application in Menalto Gallery before 2.2.4 has unknown impact and attack vectors related to "web-accessibility protection of the storage folder."
13845 CVE-2007-6686 2008-01-16 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
The URL rewrite module in Menalto Gallery before 2.2.4 allows attackers to include and execute arbitrary local files via unknown vectors related to the admin controller.
13846 CVE-2007-6685 264 2008-01-16 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Publish XP module Menalto Gallery before 2.2.4 allows attackers to create albums and upload files via unknown vectors.
13847 CVE-2007-6679 2008-01-09 2011-04-07
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Console in IBM WebSphere Application Server 6.1 before Fix Pack 13 has unknown impact and attack vectors, related to "security concerns with monitor role users." NOTE: it was later reported that 6.0.2 before Fix Pack 25 is also affected.
13848 CVE-2007-6654 119 Exec Code Overflow 2008-01-04 2017-09-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
13849 CVE-2007-6638 264 +Info 2008-01-03 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
March Networks DVR 3204 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, passwords, device names, and IP addresses via a direct request for scripts/logfiles.tar.gz.
13850 CVE-2007-6610 Exec Code 2008-01-03 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.