CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14101 CVE-2007-0912 CSRF 2007-02-13 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.
14102 CVE-2007-0910 2007-02-13 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
14103 CVE-2007-0903 2007-02-13 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
14104 CVE-2007-0888 Dir. Trav. 2007-02-12 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
14105 CVE-2007-0886 119 DoS Exec Code Overflow 2007-02-12 2017-10-18
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
14106 CVE-2007-0882 94 2007-02-12 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
14107 CVE-2007-0879 Exec Code Overflow 2007-02-12 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14108 CVE-2007-0863 Exec Code File Inclusion 2007-02-08 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.
14109 CVE-2007-0851 Exec Code Overflow 2007-02-08 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
14110 CVE-2007-0841 2007-02-07 2008-11-13
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
14111 CVE-2007-0777 119 DoS Exec Code Overflow Mem. Corr. 2007-02-26 2018-10-19
9.3
Admin Remote Medium Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
14112 CVE-2007-0776 119 Exec Code Overflow 2007-02-26 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
14113 CVE-2007-0770 DoS Exec Code Overflow 2007-02-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
14114 CVE-2007-0766 DoS Exec Code Overflow 2007-02-05 2017-10-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
14115 CVE-2007-0754 Exec Code Overflow 2007-05-14 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
14116 CVE-2007-0750 DoS Exec Code Overflow 2007-05-24 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
14117 CVE-2007-0749 Exec Code Overflow 2007-05-13 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
14118 CVE-2007-0748 Exec Code Overflow 2007-05-13 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
14119 CVE-2007-0746 Exec Code Overflow 2007-04-24 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
14120 CVE-2007-0736 Exec Code Overflow 2007-04-24 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
14121 CVE-2007-0735 DoS Exec Code 2007-04-24 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
14122 CVE-2007-0733 DoS Exec Code Mem. Corr. 2007-03-13 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
14123 CVE-2007-0731 Exec Code Overflow 2007-03-13 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
14124 CVE-2007-0714 189 DoS Exec Code Overflow 2007-03-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
14125 CVE-2007-0712 119 DoS Exec Code Overflow 2007-03-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
14126 CVE-2007-0711 189 DoS Exec Code Overflow 2007-03-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
14127 CVE-2007-0671 Exec Code 2007-02-02 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
14128 CVE-2007-0655 Exec Code +Priv 2007-05-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
14129 CVE-2007-0654 Exec Code Overflow 2007-03-21 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
14130 CVE-2007-0653 Exec Code Overflow Mem. Corr. 2007-03-21 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
14131 CVE-2007-0640 Overflow 2007-01-31 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
14132 CVE-2007-0619 Exec Code Mem. Corr. 2007-01-31 2008-11-15
9.3
Admin Remote Medium Not required Complete Complete Complete
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
14133 CVE-2007-0585 Dir. Trav. 2007-01-30 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
14134 CVE-2007-0543 2007-01-29 2018-10-16
9.4
None Remote Low Not required Complete Complete None
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.
14135 CVE-2007-0528 +Info 2007-01-25 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
14136 CVE-2007-0515 DoS Exec Code Mem. Corr. 2007-01-25 2018-10-12
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
14137 CVE-2007-0510 Overflow 2007-01-25 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
14138 CVE-2007-0509 XSS +Info 2007-01-25 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.
14139 CVE-2007-0504 Exec Code 2007-01-25 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
14140 CVE-2007-0496 Exec Code File Inclusion 2007-01-25 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
14141 CVE-2007-0495 Exec Code File Inclusion 2007-01-25 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
14142 CVE-2007-0480 DoS Exec Code 2007-01-24 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco IOS 9.x, 10.x, 11.x, and 12.x and IOS XR 2.0.x, 3.0.x, and 3.2.x allows remote attackers to cause a denial of service or execute arbitrary code via a crafted IP option in the IP header in a (1) ICMP, (2) PIMv2, (3) PGM, or (4) URD packet.
14143 CVE-2007-0469 DoS Exec Code 2007-01-23 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
The extract_files function in installer.rb in RubyGems before 0.9.1 does not check whether files exist before overwriting them, which allows user-assisted remote attackers to overwrite arbitrary files, cause a denial of service, or execute arbitrary code via crafted GEM packages.
14144 CVE-2007-0466 Exec Code Mem. Corr. 2007-01-30 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Telestream Flip4Mac Windows Media Components for Quicktime 2.1.0.33 allows remote attackers to execute arbitrary code via a crafted ASF_File_Properties_Object size field in a WMV file, which triggers memory corruption.
14145 CVE-2007-0462 DoS Exec Code Mem. Corr. 2007-01-25 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The _GetSrcBits32ARGB function in Apple QuickDraw, as used by Quicktime 7.1.3 and other applications on Mac OS X 10.4.8 and earlier, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PICT image with a malformed Alpha RGB (ARGB) record, which triggers memory corruption.
14146 CVE-2007-0460 119 Overflow 2007-01-23 2010-09-15
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in ulogd for SUSE Linux 9.3 up to 10.1, and possibly other distributions, have unknown impact and attack vectors related to "improper string length calculations."
14147 CVE-2007-0449 119 Exec Code Overflow 2007-01-23 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in LGSERVER.EXE in CA BrightStor ARCserve Backup for Laptops and Desktops r11.0 through r11.1 SP1, Mobile Backup r4.0, Desktop and Business Protection Suite r2, and Desktop Management Suite (DMS) r11.0 and r11.1 allow remote attackers to execute arbitrary code via crafted packets to TCP port (1) 1900 or (2) 2200.
14148 CVE-2007-0448 Bypass 2007-05-24 2008-09-10
10.0
None Remote Low Not required Complete Complete Complete
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the srpath URI.
14149 CVE-2007-0447 119 Exec Code Overflow 2007-10-05 2012-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Decomposer component in multiple Symantec products allows remote attackers to execute arbitrary code via multiple crafted CAB archives.
14150 CVE-2007-0446 Exec Code Overflow 2007-02-08 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in magentproc.exe for Hewlett-Packard Mercury LoadRunner Agent 8.0 and 8.1, Performance Center Agent 8.0 and 8.1, and Monitor over Firewall 8.1 allows remote attackers to execute arbitrary code via a packet with a long server_ip_name field to TCP port 54345, which triggers the overflow in mchan.dll.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.