CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14851 CVE-2006-5601 119 Exec Code Overflow 2006-10-27 2017-07-19
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.
14852 CVE-2006-6071 2006-12-01 2017-07-19
9.0
None Remote Low Single system Complete Complete Complete
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14853 CVE-2006-6284 Dir. Trav. 2006-12-04 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter.
14854 CVE-2006-6424 Exec Code Overflow 2006-12-26 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Novell NetMail before 3.52e FTF2 allow remote attackers to execute arbitrary code (1) by appending literals to certain IMAP verbs when specifying command continuation requests to IMAPD, resulting in a heap overflow; and (2) via crafted arguments to the STOR command to the Network Messaging Application Protocol (NMAP) daemon, resulting in a stack overflow.
14855 CVE-2006-6425 Exec Code Overflow 2006-12-26 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to execute arbitrary code via unspecified vectors involving the APPEND command.
14856 CVE-2006-6652 119 Exec Code Overflow 2006-12-19 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
14857 CVE-2006-7200 Bypass 2007-04-30 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
14858 CVE-2007-0313 2007-01-17 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in GONICUS System Administration (GOsa) before 2.5.8 allows remote authenticated users to modify certain settings, including the admin password, via crafted POST requests.
14859 CVE-2007-0528 +Info 2007-01-25 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
14860 CVE-2007-0957 Exec Code Overflow 2007-04-05 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
14861 CVE-2007-0960 +Priv 2007-02-15 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco PIX 500 and ASA 5500 Series Security Appliances 7.2.2, when configured to use the LOCAL authentication method, allows remote authenticated users to gain privileges via unspecified vectors.
14862 CVE-2007-0968 Bypass 2007-02-15 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Firewall Services Module (FWSM) before 2.3(4.7) and 3.x before 3.1(3.1) causes the access control entries (ACE) in an ACL to be improperly evaluated, which allows remote authenticated users to bypass intended certain ACL protections.
14863 CVE-2007-1003 Exec Code Overflow Mem. Corr. 2007-04-05 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Integer overflow in ALLOCATE_LOCAL in the ProcXCMiscGetXIDList function in the XC-MISC extension in the X.Org X11 server (xserver) 7.1-1.1.0, and other versions before 20070403, allows remote authenticated users to execute arbitrary code via a large expression, which results in memory corruption.
14864 CVE-2007-1301 Exec Code Overflow 2007-03-06 2017-10-10
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
14865 CVE-2007-1309 264 Bypass 2007-03-06 2008-11-13
9.0
None Remote Low Single system Complete Complete Complete
Novell Access Management 3 SSLVPN Server allows remote authenticated users to bypass VPN restrictions by making policy.txt read-only, disconnecting, then manually modifying policy.txt.
14866 CVE-2007-1437 Exec Code Bypass 2007-03-13 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in LedgerSMB before 1.1.5 and SQL-Ledger before 2.6.25 allows remote attackers to overwrite files and possibly bypass authentication, and remote authenticated users to execute unauthorized code, by calling a custom error function that returns from execution.
14867 CVE-2007-1455 2007-03-14 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple absolute path traversal vulnerabilities in Fantastico, as used with cPanel 10.x, allow remote authenticated users to include and execute arbitrary local files via (1) the userlanguage parameter to includes/load_language.php or (2) the fantasticopath parameter to includes/mysqlconfig.php and certain other files.
14868 CVE-2007-1635 2007-03-23 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Static code injection vulnerability in admin/settings.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote authenticated users to inject arbitrary PHP code via the xtop parameter in a "ConfigSave" op to admin.php, which can later be accessed via a "Configure" op to admin.php.
14869 CVE-2007-1836 Exec Code 2007-04-02 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
The command line administration interface in Data Domain OS before 4.0.3.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in certain arguments to various commands, as demonstrated by the interface argument to the (1) ifconfig and (2) ping commands.
14870 CVE-2007-2034 +Priv 2007-04-16 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Wireless Control System (WCS) before 4.0.87.0 allows remote authenticated users to gain the privileges of the SuperUsers group, and manage the application and its networks, related to the group membership of user accounts, aka Bug ID CSCsg05190.
14871 CVE-2007-2114 Overflow 2007-04-18 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 and 10.2.0.2 have unknown impact and remote authenticated attack vectors, related to (1) Change Data Capture (CDC), aka DB08, and (2) Oracle Instant Client, aka DB11. NOTE: as of 20070424, oracle has not disputed reliable claims that these issues are buffer overflows using a long CHANGE_TABLE_NAME parameter to the DBMS_CDC_IPUBLISH.CHGTAB_CACHE procedure (DB08) and Oracle Instant Client genezi utility (DB11).
14872 CVE-2007-2116 Overflow 2007-04-18 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 has unknown impact and attack vectors, aka DB10. NOTE: as of 20070424, Oracle has not disputed claims that these are buffer overflows in kkzi.o for the SYS.DBMS_SNAP_INTERNAL package using the (1) SNAP_OWNER or (2) SNAP_NAME parameters.
14873 CVE-2007-2128 2007-04-18 2018-10-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the Sales Online component for Oracle E-Business Suite 11.5.10 has unknown impact and remote authenticated attack vectors, aka APPS08.
14874 CVE-2007-2130 2007-04-18 2018-10-16
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Workflow Cartridge, as used in Oracle Database Server 9.2.0.1, 10.1.0.2, and 10.2.0.1; Application Server 9.0.4.3 and 10.1.2.0.2; Collaboration Suite 10.1.2; and E-Business Suite; has unknown impact and remote authenticated attack vectors, aka OWF01.
14875 CVE-2007-2332 2007-04-27 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Nortel VPN Router (aka Contivity) 1000, 2000, 4000, and 5000 before 6_05.140 uses a fixed DES key to encrypt passwords, which allows remote authenticated users to obtain a password via a brute force attack on a hash from the LDAP store.
14876 CVE-2007-2362 DoS Exec Code Overflow 2007-04-30 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
14877 CVE-2007-2760 +Priv 2007-05-18 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
The canUpdate function in model/MRole.java in Adempiere before 3.1.6 does not properly validate user roles, which allows remote authenticated read-only users to gain read-write privileges. NOTE: some of these details are obtained from third party information.
14878 CVE-2007-2795 119 Exec Code Overflow 2009-01-27 2009-01-28
9.0
None Remote Low Single system Complete Complete Complete
Multiple buffer overflows in Ipswitch IMail before 2006.21 allow remote attackers or authenticated users to execute arbitrary code via (1) the authentication feature in IMailsec.dll, which triggers heap corruption in the IMail Server, or (2) a long SUBSCRIBE IMAP command, which triggers a stack-based buffer overflow in the IMAP Daemon.
14879 CVE-2007-3039 119 Exec Code Overflow 2007-12-11 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
14880 CVE-2007-3094 Exec Code 2007-06-06 2018-10-30
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the authentication mechanism in Solaris Management Console (SMC) on Sun Solaris 8 through 10 before 20070605 allows remote authenticated users to execute arbitrary code via unspecified vectors, related to the WBEM server.
14881 CVE-2007-3095 Bypass 2007-06-06 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, allows attackers to "disable the authentication system" and bypass authentication via unknown vectors.
14882 CVE-2007-3260 +Priv 2007-06-19 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
HP System Management Homepage (SMH) before 2.1.9 for Linux, when used with Novell eDirectory, assigns the eDirectory members to the root group, which allows remote authenticated eDirectory users to gain privileges.
14883 CVE-2007-3266 Dir. Trav. 2007-06-19 2018-10-16
9.0
None Remote Low Not required Complete Partial Partial
Directory traversal vulnerability in webif.cgi in ifnet WEBIF allows remote attackers to include and execute arbitrary local files a .. (dot dot) in the outconfig parameter.
14884 CVE-2007-3280 2007-06-19 2018-10-16
9.0
Admin Remote Low Single system Complete Complete Complete
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any library, as demonstrated by using the system function in libc.so.6 to gain shell access.
14885 CVE-2007-3312 Dir. Trav. 2007-06-21 2017-10-10
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in admin/plugin_manager.php in Jasmine CMS 1.0 allows remote authenticated administrators to include and execute arbitrary local files a .. (dot dot) in the u parameter. NOTE: a separate vulnerability could be leveraged to make this issue exploitable by remote unauthenticated attackers.
14886 CVE-2007-3510 119 Exec Code Overflow 2007-10-29 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Buffer overflow in the IMAP service in IBM Lotus Domino before 6.5.6 FP2, and 7.x before 7.0.3, allows remote authenticated users to execute arbitrary code via a long mailbox name.
14887 CVE-2007-3841 Exec Code 2007-07-17 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Pidgin (formerly Gaim) 2.0.2 for Linux allows remote authenticated users, who are listed in a users list, to execute certain commands via unspecified vectors, aka ZD-00000035. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
14888 CVE-2007-4060 Exec Code Overflow 2007-07-30 2017-09-28
9.0
None Remote Low Not required Partial Partial Complete
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
14889 CVE-2007-4285 DoS +Info 2007-08-09 2017-09-28
9.0
None Remote Low Not required Partial Partial Complete
Unspecified vulnerability in Cisco IOS and Cisco IOS XR 12.x up to 12.3, including some versions before 12.3(15) and 12.3(14)T, allows remote attackers to obtain sensitive information (partial packet contents) or cause a denial of service (router or component crash) via crafted IPv6 packets with a Type 0 routing header.
14890 CVE-2007-4620 119 Exec Code Overflow 2008-04-07 2018-10-15
9.0
Admin Remote Low Single system Complete Complete Complete
Multiple stack-based buffer overflows in Computer Associates (CA) Alert Notification Service (Alert.exe) 8.1.586.0, 8.0.450.0, and 7.1.758.0, as used in multiple CA products including Anti-Virus for the Enterprise 7.1 through r11.1 and Threat Manager for the Enterprise 8.1 and r8, allow remote authenticated users to execute arbitrary code via crafted RPC requests.
14891 CVE-2007-4690 399 Exec Code 2007-11-14 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Double free vulnerability in the NFS component in Apple Mac OS X 10.4 through 10.4.10 allows remote authenticated users to execute arbitrary code via a crafted AUTH_UNIX RPC packet.
14892 CVE-2007-4746 264 2007-09-06 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
The Cisco Video Surveillance IP Gateway Encoder/Decoder (Standalone and Module) firmware 1.8.1 and earlier, Video Surveillance SP/ISP Decoder Software firmware 1.11.0 and earlier, and the Video Surveillance SP/ISP firmware 1.23.7 and earlier have default passwords for the sypixx and root user accounts, which allows remote attackers to perform administrative actions, aka CSCsj34681.
14893 CVE-2007-5008 287 2007-09-20 2017-09-28
9.0
None Remote Low Single system Complete Complete Complete
The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.
14894 CVE-2007-5066 20 Exec Code 2007-09-24 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Webmin before 1.370 on Windows allows remote authenticated users to execute arbitrary commands via a crafted URL.
14895 CVE-2007-5491 22 Dir. Trav. 2007-10-17 2008-09-05
9.0
None Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.
14896 CVE-2007-5534 2007-10-17 2012-10-22
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.
14897 CVE-2007-5539 +Priv 2007-10-17 2017-07-28
9.0
None Remote Low Single system Complete Complete Complete
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.
14898 CVE-2007-5742 22 Dir. Trav. 2007-12-01 2017-07-28
9.0
None Remote Low Not required Partial Partial Complete
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
14899 CVE-2007-5926 20 Exec Code 2007-11-09 2017-07-28
9.0
Admin Remote Low Single system Complete Complete Complete
OpenBase 10.0.5 and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in arguments to the (1) AsciiBackup, (2) OEMLicenseInstall, and possibly other stored procedures.
14900 CVE-2007-5927 22 Exec Code Dir. Trav. 2007-11-09 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Directory traversal vulnerability in OpenBase 10.0.5 and earlier allows remote authenticated users to create files with arbitrary contents via a .. (dot dot) in the first argument to the GlobalLog stored procedure. NOTE: this can be leveraged to execute arbitrary code using CVE-2007-5926.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.