CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14051 CVE-2007-0321 Exec Code Overflow 2007-02-22 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Update Service Agent ActiveX Control in isusweb.dll for Macrovision FLEXnet Connect (formerly InstallShield Update Service) allows remote attackers to execute arbitrary code via the Download method.
14052 CVE-2007-0320 119 Exec Code Overflow 2007-02-22 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in (a) an ActiveX control (iftw.dll) and (b) Netscape plug-in (npiftw32.dll) for Macrovision (formerly InstallShield) InstallFromTheWeb allow remote attackers to execute arbitrary code via crafted HTML documents.
14053 CVE-2007-0315 119 DoS Exec Code Overflow 2007-01-17 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the registry, and (2) the transfer queue (QueueCtrl.cpp). NOTE: some of these details are obtained from third party information.
14054 CVE-2007-0313 2007-01-17 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.
14055 CVE-2007-0303 2007-01-17 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Zina 1.0rc1 and earlier have unknown impact and attack vectors related to "Potential security bugs."
14056 CVE-2007-0261 2007-01-16 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
snews.php in sNews 1.5.30 and earlier does not properly exit when authentication fails, which allows remote attackers to perform unauthorized administrative actions, as demonstrated by changing an administrative password via the changeup task, and by uploading PHP code via the imagefile parameter.
14057 CVE-2007-0255 DoS Exec Code 2007-01-16 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
XINE 0.99.4 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a certain M3U file that contains a long #EXTINF line and contains format string specifiers in an invalid udp:// URI, possibly a variant of CVE-2007-0017.
14058 CVE-2007-0254 Exec Code 2007-01-16 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the errors_create_window function in errors.c in xine-ui allows attackers to execute arbitrary code via unknown vectors.
14059 CVE-2007-0245 119 Exec Code Overflow 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in OpenOffice.org (OOo) 2.2.1 and earlier allows remote attackers to execute arbitrary code via a RTF file with a crafted prtdata tag with a length parameter inconsistency, which causes vtable entries to be overwritten.
14060 CVE-2007-0239 Exec Code 2007-03-21 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
OpenOffice.org (OOo) Office Suite allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a prepared link in a crafted document.
14061 CVE-2007-0238 119 Exec Code Overflow 2007-03-21 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in filter\starcalc\scflt.cxx in the StarCalc parser in OpenOffice.org (OOo) Office Suite before 2.2, and 1.x before 1.1.5 Patch, allows user-assisted remote attackers to execute arbitrary code via a document with a long Note.
14062 CVE-2007-0236 119 DoS Exec Code Overflow 2007-01-16 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
14063 CVE-2007-0219 Exec Code 2007-02-13 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
14064 CVE-2007-0218 94 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function.
14065 CVE-2007-0217 Exec Code 2007-02-13 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
14066 CVE-2007-0216 20 Exec Code 2008-02-12 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted section length headers, aka "Microsoft Works File Converter Input Validation Vulnerability."
14067 CVE-2007-0214 Exec Code 2007-02-13 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
The HTML Help ActiveX control (Hhctrl.ocx) in Microsoft Windows 2000 SP3, XP SP2 and Professional, 2003 SP1 allows remote attackers to execute arbitrary code via unspecified functions, related to uninitialized parameters.
14068 CVE-2007-0213 Exec Code 2007-05-08 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Exchange Server 2000 SP3, 2003 SP1 and SP2, and 2007 does not properly decode certain MIME encoded e-mails, which allows remote attackers to execute arbitrary code via a crafted base64-encoded MIME e-mail message.
14069 CVE-2007-0209 94 Exec Code Mem. Corr. 2007-02-13 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via a Word file with a malformed drawing object, which leads to memory corruption.
14070 CVE-2007-0208 20 Exec Code 2007-02-13 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Word in Office 2000 SP3, XP SP3, Office 2003 SP2, Works Suite 2004 to 2006, and Office 2004 for Mac does not correctly check the properties of certain documents and warn the user of macro content, which allows user-assisted remote attackers to execute arbitrary code.
14071 CVE-2007-0203 2007-01-11 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpMyAdmin before 2.9.2-rc1 have unknown impact and attack vectors.
14072 CVE-2007-0201 Exec Code Overflow 2007-01-11 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the cmd_usr function in ftp-gw in TIS Internet Firewall Toolkit (FWTK) allows remote attackers to execute arbitrary code via a long destination hostname (dest).
14073 CVE-2007-0127 94 Exec Code 2007-01-08 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
The Javascript SVG support in Opera before 9.10 does not properly validate object types in a createSVGTransformFromMatrix request, which allows remote attackers to execute arbitrary code via JavaScript code that uses an invalid object in this request that causes a controlled pointer to be referenced during the virtual function call.
14074 CVE-2007-0126 119 Exec Code Overflow 2007-01-08 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Opera 9.02 allows remote attackers to execute arbitrary code via a JPEG file with an invalid number of index bytes in the Define Huffman Table (DHT) marker.
14075 CVE-2007-0117 +Priv 2007-01-08 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
14076 CVE-2007-0100 2007-01-08 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server.
14077 CVE-2007-0099 362 DoS Exec Code Mem. Corr. 2007-01-08 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Race condition in the msxml3 module in Microsoft XML Core Services 3.0, as used in Internet Explorer 6 and other applications, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via many nested tags in an XML document in an IFRAME, when synchronous document rendering is frequently disrupted with asynchronous events, as demonstrated using a JavaScript timer, which can trigger NULL pointer dereferences or memory corruption, aka "MSXML Memory Corruption Vulnerability."
14078 CVE-2007-0097 Exec Code Overflow 2007-01-05 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the (1) LoadTree and (2) ReadHeader functions in PAISO.DLL 1.7.3.0 (1.7.3 beta) in ConeXware PowerArchiver 2006 9.64.02 allow user-assisted attackers to execute arbitrary code via a crafted ISO file containing a file within several nested directories.
14079 CVE-2007-0074 119 Exec Code Overflow 2008-11-17 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a folder read operation over RPC.
14080 CVE-2007-0073 119 Exec Code Overflow 2008-11-17 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a file read operation over RPC.
14081 CVE-2007-0072 119 Exec Code Overflow 2008-11-17 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in an unspecified procedure in Trend Micro ServerProtect 5.7 and 5.58 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a read operation over RPC.
14082 CVE-2007-0071 189 Exec Code Overflow 2008-04-09 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via a crafted SWF file with a negative Scene Count value, which passes a signed comparison, is used as an offset of a NULL pointer, and triggers a buffer overflow.
14083 CVE-2007-0069 DoS Exec Code Mem. Corr. 2008-01-08 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the kernel in Microsoft Windows XP SP2, Server 2003, and Vista allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via crafted (1) IGMPv3 and (2) MLDv2 packets that trigger memory corruption, aka "Windows Kernel TCP/IP/IGMPv3 and MLDv2 Vulnerability."
14084 CVE-2007-0068 +Priv 2007-06-06 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
IBM Lotus Domino 7.0.x before 7.0.3 does not revalidate the signature on a signed scheduled agent after the agent is modified, which allows remote authenticated users to gain privileges via a modified agent in a server database.
14085 CVE-2007-0065 94 Exec Code Overflow 2008-02-12 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Object Linking and Embedding (OLE) Automation in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Vista, Office 2004 for Mac, and Visual basic 6.0 SP6 allows remote attackers to execute arbitrary code via a crafted script request.
14086 CVE-2007-0064 119 Exec Code Overflow 2007-12-11 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Windows Media Format Runtime 7.1, 9, 9.5, 9.5 x64 Edition, 11, and Windows Media Services 9.1 for Microsoft Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via a crafted Advanced Systems Format (ASF) file.
14087 CVE-2007-0063 191 Exec Code Overflow 2007-09-21 2019-07-16
10.0
Admin Remote Low Not required Complete Complete Complete
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed DHCP packet that triggers a stack-based buffer overflow.
14088 CVE-2007-0062 119 DoS Exec Code Overflow 2007-09-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528; allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a malformed DHCP packet with a large dhcp-max-message-size that triggers a stack-based buffer overflow, related to servers configured to send many DHCP options to clients.
14089 CVE-2007-0061 119 Exec Code Overflow 2007-09-21 2019-07-16
10.0
Admin Remote Low Not required Complete Complete Complete
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows remote attackers to execute arbitrary code via a malformed packet that triggers "corrupt stack memory."
14090 CVE-2007-0060 Exec Code Overflow 2007-07-25 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Message Queuing Server (Cam.exe) in CA (formerly Computer Associates) Message Queuing (CAM / CAFT) software before 1.11 Build 54_4 on Windows and NetWare, as used in CA Advantage Data Transport, eTrust Admin, certain BrightStor products, certain CleverPath products, and certain Unicenter products, allows remote attackers to execute arbitrary code via a crafted message to TCP port 3104.
14091 CVE-2007-0057 255 2007-01-04 2018-11-01
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco Clean Access (CCA) 3.6.x through 3.6.4.2 and 4.0.x through 4.0.3.2 does not properly configure or allow modification of a shared secret authentication key, which causes all devices to have the same shared sercet and allows remote attackers to gain unauthorized access.
14092 CVE-2007-0043 119 Exec Code Overflow 2007-07-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The Just In Time (JIT) Compiler service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer," probably a buffer overflow, aka ".NET JIT Compiler Vulnerability".
14093 CVE-2007-0041 119 Exec Code Overflow 2007-07-10 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The PE Loader service in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to execute arbitrary code via unspecified vectors involving an "unchecked buffer" and unvalidated message lengths, probably a buffer overflow.
14094 CVE-2007-0040 Exec Code 2007-07-10 2019-04-30
10.0
Admin Remote Low Not required Complete Complete Complete
The LDAP service in Windows Active Directory in Microsoft Windows 2000 Server SP4, Server 2003 SP1 and SP2, Server 2003 x64 Edition and SP2, and Server 2003 for Itanium-based Systems SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted LDAP request with an unspecified number of "convertible attributes."
14095 CVE-2007-0038 119 DoS Exec Code Overflow Mem. Corr. 2007-03-30 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
14096 CVE-2007-0035 20 Exec Code Overflow 2007-05-08 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Word (or Word Viewer) in Microsoft Office 2000 SP3, XP SP3, 2003 SP2, 2004 for Mac, and Works Suite 2004, 2005, and 2006 does not properly handle data in a certain array, which allows user-assisted remote attackers to execute arbitrary code, aka the "Word Array Overflow Vulnerability."
14097 CVE-2007-0034 119 Exec Code Overflow Mem. Corr. 2007-01-09 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Advanced Search (Finder.exe) feature of Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted Outlook Saved Searches (OSS) file that triggers memory corruption, aka "Microsoft Outlook Advanced Find Vulnerability."
14098 CVE-2007-0033 Exec Code 2007-01-09 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Outlook 2002 and 2003 allows user-assisted remote attackers to execute arbitrary code via a malformed VEVENT record in an .iCal meeting request or ICS file.
14099 CVE-2007-0031 Exec Code Overflow 2007-01-09 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via a BIFF8 spreadsheet with a PALETTE record that contains a large number of entries.
14100 CVE-2007-0030 Exec Code 2007-01-09 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, 2004 for Mac, and v.X for Mac allows user-assisted remote attackers to execute arbitrary code via an Excel file with an out-of-range Column field in certain BIFF8 record types, which references arbitrary memory.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.