CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14451 CVE-2007-2417 Exec Code Overflow 2007-07-15 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via crafted packets. NOTE: this issue might overlap CVE-2007-3491.
14452 CVE-2007-2399 Exec Code Mem. Corr. 2007-06-25 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
WebKit in Apple Mac OS X 10.3.9, 10.4.9 and later, and iPhone before 1.0.1 performs an "invalid type conversion", which allows remote attackers to execute arbitrary code via unspecified frame sets that trigger memory corruption.
14453 CVE-2007-2397 Exec Code 2007-07-15 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
QuickTime for Java in Apple Quicktime before 7.2 does not properly check permissions, which allows remote attackers to disable security controls and execute arbitrary code via crafted Java applets.
14454 CVE-2007-2396 Exec Code 2007-07-15 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The JDirect support in QuickTime for Java in Apple Quicktime before 7.2 exposes certain dangerous interfaces, which allows remote attackers to execute arbitrary code via crafted Java applets.
14455 CVE-2007-2395 Exec Code Mem. Corr. 2007-11-07 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.3 allows remote attackers to execute arbitrary code via a crafted image description atom in a movie file, related to "memory corruption."
14456 CVE-2007-2394 Exec Code Overflow 2007-07-15 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via crafted (1) title and (2) author fields in an SMIL file, related to improper calculations for memory allocation.
14457 CVE-2007-2393 Exec Code Bypass 2007-07-15 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The design of QuickTime for Java in Apple Quicktime before 7.2 allows remote attackers to bypass certain security controls and write to process memory via Java applets, possibly leading to arbitrary code execution.
14458 CVE-2007-2392 Exec Code Mem. Corr. 2007-07-15 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Apple Quicktime before 7.2 on Mac OS X 10.3.9 and 10.4.9 allows user-assisted remote attackers to execute arbitrary code via a crafted movie file that triggers memory corruption.
14459 CVE-2007-2390 DoS Exec Code Overflow 2007-05-24 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in iChat in Apple Mac OS X 10.3.9 and 10.4.9 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
14460 CVE-2007-2388 264 Exec Code 2007-05-29 2011-05-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Apple QuickTime for Java 7.1.6 on Mac OS X and Windows does not properly restrict QTObject subclassing, which allows remote attackers to execute arbitrary code via a web page containing a user-defined class that accesses unsafe functions that can be leveraged to write to arbitrary memory locations.
14461 CVE-2007-2387 2007-06-04 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.
14462 CVE-2007-2386 DoS Exec Code Overflow 2007-05-24 2017-07-28
9.4
None Remote Low Not required Complete None Complete
Buffer overflow in mDNSResponder in Apple Mac OS X 10.4 up to 10.4.9 allows remote attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted UPnP Internet Gateway Device (IGD) packet.
14463 CVE-2007-2375 Exec Code 2007-04-30 2008-11-15
10.0
Admin Remote Low Not required Complete Complete Complete
The agent remote upgrade interface in Symantec Enterprise Security Manager (ESM) before 20070405 does not verify the authenticity of upgrades, which allows remote attackers to execute arbitrary code via software that implements the agent upgrade protocol.
14464 CVE-2007-2374 Exec Code 2007-04-30 2019-04-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Windows 2000, XP, and Server 2003 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors. NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.
14465 CVE-2007-2372 2007-04-30 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
admin/send_mod.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier prints a Location header but does not exit when administrative credentials are missing, which allows remote attackers to compose an e-mail message via a post with the subject, message, format, and list_id fields; and send the message via a direct request for the MsgId value under admin/.
14466 CVE-2007-2371 DoS 2007-04-30 2017-10-10
10.0
None Remote Low Not required Complete Complete Complete
admin/index.php in Gregory Kokanosky phpMyNewsletter 0.8 beta5 and earlier provides access to configuration modification before login, which allows remote attackers to cause a denial of service (loss of configuration data), and possibly perform direct static code injection, via a saveGlobalconfig action.
14467 CVE-2007-2367 DoS Overflow 2007-04-30 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in wserve_console.exe in Wserve HTTP Server (whttp) 4.6 allows remote attackers to cause a denial of service (forced application exit) via a long directory name in the URI.
14468 CVE-2007-2365 119 Exec Code Overflow 2007-04-30 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
14469 CVE-2007-2363 Exec Code Overflow 2007-04-30 2017-10-10
8.5
Admin Remote Medium Single system Complete Complete Complete
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
14470 CVE-2007-2362 DoS Exec Code Overflow 2007-04-30 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
14471 CVE-2007-2355 Exec Code 2007-04-30 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
14472 CVE-2007-2352 Exec Code 2007-04-30 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.
14473 CVE-2007-2333 2007-04-27 2008-11-13
10.0
Admin Remote Low Not required Complete Complete Complete
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 5_05.149, 5_05.3xx before 5_05.304, and 6.x before 6_05.140 includes the FIPSecryptedtest1219 and FIPSunecryptedtest1219 default accounts in the LDAP template, which might allow remote attackers to access the private network.
14474 CVE-2007-2332 2007-04-27 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
14475 CVE-2007-2325 Exec Code File Inclusion 2007-04-26 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include.php in MyNewsGroups :) allows remote attackers to execute arbitrary PHP code via a URL in the myng_root parameter.
14476 CVE-2007-2323 Exec Code Overflow 2007-04-26 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the WinDVDX ActiveX control in InterVideo Home Theater 2.1.13.0 and 2.5.13.58 allow remote attackers to execute arbitrary code via a long string argument to the (1) GetDiscType or (2) AddFileList method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14477 CVE-2007-2321 2007-04-26 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the search functionality in SilverStripe 2.0.0 has unknown impact and attack vectors.
14478 CVE-2007-2318 Exec Code 2007-04-26 2008-11-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple format string vulnerabilities in FileZilla before 2.2.32 allow remote attackers to execute arbitrary code via format string specifiers in (1) FTP server responses or (2) data sent by an FTP server. NOTE: some of these details are obtained from third party information.
14479 CVE-2007-2316 2007-04-26 2008-11-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the admin script in Open Business Management (OBM) before 2.0.0 allows remote attackers to have an unknown impact by calling the script "in txt mode from a browser."
14480 CVE-2007-2296 189 Exec Code Overflow 2007-04-26 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the FlipFileTypeAtom_BtoN function in Apple Quicktime 7.1.5, and other versions before 7.2, allows remote attackers to execute arbitrary code via a crafted M4V (MP4) file.
14481 CVE-2007-2295 119 Exec Code Overflow 2007-04-26 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.
14482 CVE-2007-2284 Exec Code Overflow 2007-04-26 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in ABC-View Manager 1.42 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.
14483 CVE-2007-2283 Exec Code Overflow 2007-04-26 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.
14484 CVE-2007-2282 2007-04-26 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Cisco Network Services (CNS) NetFlow Collection Engine (NFC) before 6.0 has an nfcuser account with the default password nfcuser, which allows remote attackers to modify the product configuration and, when installed on Linux, obtain login access to the host operating system.
14485 CVE-2007-2281 189 Exec Code Overflow 2009-12-18 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the _ncp32._NtrpTCPReceiveMsg function in rds.exe in the Cell Manager Database Service in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via a large value in the size parameter.
14486 CVE-2007-2280 119 Exec Code Overflow 2009-12-18 2009-12-23
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.
14487 CVE-2007-2279 264 Exec Code Bypass 2007-06-04 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
The Scheduler Service (VxSchedService.exe) in Symantec Storage Foundation for Windows 5.0 allows remote attackers to bypass authentication and execute arbitrary code via certain requests to the service socket that create (1) PreScript or (2) PostScript registry values under Veritas\VxSvc\CurrentVersion\Schedules specifying future command execution.
14488 CVE-2007-2271 Dir. Trav. 2007-04-25 2017-10-10
9.4
None Remote Low Not required Complete Complete None
Directory traversal vulnerability in Rajneel Lal TotaRam USP FOSS Distribution 1.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the dnld parameter.
14489 CVE-2007-2266 2007-04-25 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Progress Webspeed Messenger allows remote attackers to read, create, modify, and execute arbitrary files by invoking webutil/_cpyfile.p in the WService parameter to (1) cgiip.exe or (2) wsisa.dll in scripts/, as demonstrated by using the save,editor options to create a new file using the fileName parameter.
14490 CVE-2007-2264 119 Exec Code Overflow 2007-10-31 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA header.
14491 CVE-2007-2263 119 Exec Code Overflow 2007-10-31 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
14492 CVE-2007-2244 119 Exec Code Overflow 2007-04-25 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file.
14493 CVE-2007-2239 DoS Exec Code Overflow 2007-05-07 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
14494 CVE-2007-2238 119 Exec Code Overflow 2009-04-16 2017-07-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the Whale Client Components ActiveX control (WhlMgr.dll), as used in Microsoft Intelligent Application Gateway (IAG) before 3.7 SP2, allow remote attackers to execute arbitrary code via long arguments to the (1) CheckForUpdates or (2) UpdateComponents methods.
14495 CVE-2007-2224 119 Exec Code Overflow 2007-08-14 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Object linking and embedding (OLE) Automation, as used in Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP1 and SP2, Office 2004 for Mac, and Visual Basic 6.0 allows remote attackers to execute arbitrary code via the substringData method on a TextNode object, which causes an integer overflow that leads to a buffer overflow.
14496 CVE-2007-2223 119 Exec Code Overflow 2007-08-14 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft XML Core Services (MSXML) 3.0 through 6.0 allows remote attackers to execute arbitrary code via the substringData method on a (1) TextNode or (2) XMLDOM object, which causes an integer overflow that leads to a buffer overflow.
14497 CVE-2007-2222 119 1 Exec Code Overflow Mem. Corr. 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
14498 CVE-2007-2221 2007-05-08 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability."
14499 CVE-2007-2219 Exec Code 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Win32 API on Microsoft Windows 2000, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via certain parameters to an unspecified function.
14500 CVE-2007-2218 DoS Exec Code 2007-06-12 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Windows Schannel Security Package for Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2, allows remote servers to execute arbitrary code or cause a denial of service via crafted digital signatures that are processed during an SSL handshake.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.