CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15751 CVE-2007-5755 119 Exec Code Overflow 2007-11-14 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.
15752 CVE-2007-5742 22 Dir. Trav. 2007-12-01 2017-07-29
9.0
None Remote Low Not required Partial Partial Complete
Directory traversal vulnerability in the WML engine preprocessor for Wesnoth 1.2.x before 1.2.8, and 1.3.x before 1.3.12, allows remote attackers to read arbitrary files via ".." sequences in unknown vectors.
15753 CVE-2007-5717 Exec Code 2007-10-30 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Sun Fire X2100 M2 and X2200 M2 Embedded Lights Out Manager (ELOM) on x86 before firmware 2.70 allows remote attackers to execute arbitrary commands as root on the Service Processor (SP) via unspecified vectors, a different vulnerability than CVE-2007-5170.
15754 CVE-2007-5709 119 Exec Code Overflow 2007-10-30 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.
15755 CVE-2007-5706 22 Dir. Trav. 2007-10-29 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Absolute path traversal vulnerability in download.php in Jeebles Directory 2.9.60 allows remote attackers to read arbitrary files via a full pathname in the query string. NOTE: some of these details are obtained from third party information.
15756 CVE-2007-5689 2007-10-29 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The Java Virtual Machine (JVM) in Sun Java Runtime Environment (JRE) in SDK and JRE 1.3.x through 1.3.1_20 and 1.4.x through 1.4.2_15, and JDK and JRE 5.x through 5.0 Update 12 and 6.x through 6 Update 2, allows remote attackers to execute arbitrary programs, or read or modify arbitrary files, via applets that grant privileges to themselves.
15757 CVE-2007-5687 119 Exec Code Overflow 2007-10-28 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the rich text processing functionality in JustSystems Ichitaro 2004 through 2007, 11 through 13, and other versions allow remote attackers to execute arbitrary code via a long (1) pard field or (2) font name in the fcharset0 field, which is not properly handled in (a) JSTARO4.OCX; or (3) a long title, which is not properly handled by (b) TJSVDA.DLL.
15758 CVE-2007-5663 94 Exec Code 2008-02-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.
15759 CVE-2007-5661 94 2008-04-04 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The Macrovision InstallShield InstallScript One-Click Install (OCI) ActiveX control 12.0 before SP2 does not validate the DLL files that are named as parameters to the control, which allows remote attackers to download arbitrary library code onto a client machine.
15760 CVE-2007-5660 Exec Code Overflow 2007-11-02 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Update Service ActiveX control in isusweb.dll before 6.0.100.65101 in MacroVision FLEXnet Connect and InstallShield 2008 allows remote attackers to execute arbitrary code via an unspecified "unsafe method," possibly involving a buffer overflow.
15761 CVE-2007-5659 119 Exec Code Overflow 2008-02-12 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
15762 CVE-2007-5658 20 Exec Code Overflow 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing size and copy-length values that trigger the overflow.
15763 CVE-2007-5657 20 Exec Code 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointer offsets.
15764 CVE-2007-5656 399 DoS Exec Code 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted requests that control loop operations related to memory.
15765 CVE-2007-5655 119 Exec Code Overflow 2008-01-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
TIBCO SmartSockets RTserver 6.8.0 and earlier, RTworks before 4.0.4, and Enterprise Message Service (EMS) 4.0.0 through 4.4.1 allows remote attackers to execute arbitrary code via crafted requests containing values that are used as pointers.
15766 CVE-2007-5653 78 Bypass 2007-10-23 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
15767 CVE-2007-5635 2007-10-23 2012-02-02
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Salford Software Support Incident Tracker (SiT!) before 3.30 have unknown impact and attack vectors.
15768 CVE-2007-5617 2007-10-21 2018-10-26
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.
15769 CVE-2007-5610 2008-06-04 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The DeleteSingleFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to delete an arbitrary file via a full pathname in the argument.
15770 CVE-2007-5608 2008-06-04 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
The DownloadFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to force a download of an arbitrary file onto a client machine via a URL in the first argument and a destination filename in the second argument, a different vulnerability than CVE-2008-0952 and CVE-2008-0953.
15771 CVE-2007-5606 Exec Code Overflow 2008-06-04 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the MoveFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5605, and CVE-2007-5607.
15772 CVE-2007-5605 Exec Code Overflow 2008-06-04 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the GetFileTime function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary code via a long argument, a different vulnerability than CVE-2007-5604, CVE-2007-5606, and CVE-2007-5607.
15773 CVE-2007-5603 119 Exec Code Overflow 2007-11-05 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the SonicWall SSL-VPN NetExtender NELaunchCtrl ActiveX control before 2.1.0.51, and 2.5.x before 2.5.0.56, allows remote attackers to execute arbitrary code via a long string in the second argument to the AddRouteEntry method.
15774 CVE-2007-5602 119 Exec Code Overflow 2008-02-05 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in SwiftView Viewer before 8.3.5, as used by SwiftView and SwiftSend, allow remote attackers to execute arbitrary code via unspecified vectors to the (1) svocx.ocx ActiveX control or the (2) npsview.dll plugin for Mozilla and Firefox.
15775 CVE-2007-5601 119 Exec Code Overflow 2007-10-20 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain playlist names, as demonstrated via the import method to the IERPCtl ActiveX control in ierpplug.dll.
15776 CVE-2007-5580 119 Exec Code Overflow 2007-12-15 2018-10-15
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in a certain driver in Cisco Security Agent 4.5.1 before 4.5.1.672, 5.0 before 5.0.0.225, 5.1 before 5.1.0.106, and 5.2 before 5.2.0.238 on Windows allows remote attackers to execute arbitrary code via a crafted SMB packet in a TCP session on port (1) 139 or (2) 445.
15777 CVE-2007-5561 134 Exec Code 2007-10-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the logging function in the Oracle OPMN daemon, as used on Oracle Enterprise Grid Console server 10.2.0.1, allows remote attackers to execute arbitrary code via format string specifiers in the URI in an HTTP request to port 6003, aka Oracle reference number 6296175. NOTE: this might be the same issue as CVE-2007-0282 or CVE-2007-0280, but there are insufficient details to be sure.
15778 CVE-2007-5560 119 Exec Code Overflow 2007-10-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Juniper HTTP Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
15779 CVE-2007-5559 119 Exec Code Overflow 2007-10-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the IBM ThinkVantage TPM Service allows remote attackers to execute arbitrary code via a crafted HTTP packet. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
15780 CVE-2007-5552 189 Exec Code Overflow 2007-10-18 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Cisco IOS allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
15781 CVE-2007-5546 119 DoS Exec Code Overflow 2007-10-18 2018-10-15
9.3
None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in TIBCO SmartPGM FX allow remote attackers to execute arbitrary code or cause a denial of service (service stop and file-transfer outage) via unspecified vectors. NOTE: as of 20071016, the only disclosure is a vague pre-advisory with no actionable information. However, since it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.
15782 CVE-2007-5543 119 1 Exec Code Overflow 2009-03-18 2009-03-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Miranda IM 0.6.8 and 0.7.0 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590.
15783 CVE-2007-5542 119 1 Exec Code Overflow 2009-03-18 2009-03-18
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Miranda IM 0.6.8 allows remote attackers to execute arbitrary code via a crafted Yahoo! Messenger packet. NOTE: this might overlap CVE-2007-5590.
15784 CVE-2007-5541 20 Exec Code 2007-10-18 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Opera before 9.24, when using an "external" newsgroup or e-mail client, allows remote attackers to execute arbitrary commands via unknown vectors.
15785 CVE-2007-5539 +Priv 2007-10-18 2017-07-29
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in Cisco Unified Intelligent Contact Management Enterprise (ICME), Unified ICM Hosted (ICMH), Unified Contact Center Enterprise (UCCE), Unified Contact Center Hosted (UCCH), and System Unified Contact Center Enterprise (SUCCE) 7.1(5) allows remote authenticated users to gain privileges, and read reports or change the SUCCE configuration, via certain web interfaces, aka CSCsj55686.
15786 CVE-2007-5538 119 DoS Exec Code Overflow 2007-10-18 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Centralized TFTP File Locator Service in Cisco Unified Communications Manager (CUCM, formerly CallManager) 5.1 before 5.1(3), and Unified CallManager 5.0, allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors involving the processing of filenames, aka CSCsh47712.
15787 CVE-2007-5535 2007-10-18 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in newbb_plus in RunCms 1.5.2 has unknown impact and attack vectors.
15788 CVE-2007-5534 2007-10-17 2012-10-23
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the HCM component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9 Bundle 13 9.0 Bundle 3 has unknown impact and remote attack vectors, aka PSE_HCM01.
15789 CVE-2007-5531 2007-10-17 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Help for Web, as used in Oracle Application Server, Oracle Database 10.2.0.3, and Enterprise Manager 10.1.0.6, has unknown impact and remote attack vectors, aka EM02.
15790 CVE-2007-5530 2007-10-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Database Control component in Oracle Database 10.1.0.5 and 10.2.0.3, and Enterprise Manager, has unknown impact and remote attack vectors, aka EM01.
15791 CVE-2007-5528 2007-10-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.2 have unknown impact and attack vectors related to (1) Public Sector Human Resources (APP03) and (2) Quoting component (APP06).
15792 CVE-2007-5526 2007-10-17 2012-10-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle Portal component in Oracle Application Server 10.1.2.0.2, 10.1.2.2, and 10.1.4.1, and Collaboration Suite 10.1.2, has unknown impact and remote attack vectors, aka AS11.
15793 CVE-2007-5491 22 Dir. Trav. 2007-10-17 2011-03-08
9.0
None Remote Low ??? Complete Complete Complete
Directory traversal vulnerability in the translation module (translator.php) in SiteBar 3.3.8 allows remote authenticated users to chmod arbitrary files to 0777 via ".." sequences in the lang parameter.
15794 CVE-2007-5487 119 Exec Code Overflow 2007-10-16 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
15795 CVE-2007-5483 2007-10-16 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Administrative Scripting Tools (such as wsadmin or ANT) in IBM WebSphere Application Server 5.x and 6.0.x has unknown impact and attack vectors.
15796 CVE-2007-5476 2007-10-18 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adobe Flash Player 9.0.47.0 and earlier, when running on Opera before 9.24 on Mac OS X, has unknown "Highly Severe" impact and unknown attack vectors.
15797 CVE-2007-5467 189 DoS Exec Code Overflow 2007-10-15 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
15798 CVE-2007-5466 119 Exec Code Overflow 2007-10-15 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
15799 CVE-2007-5452 89 Exec Code Sql 2007-10-14 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in php-stats.recjs.php in Php-Stats 0.1.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) ip or (2) t parameter.
15800 CVE-2007-5450 119 DoS Overflow 2007-10-14 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.