CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 8.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
151 CVE-2012-1999 +Info 2013-03-11 2019-10-09
8.5
None Remote Low Single system Complete Complete None
Unspecified vulnerability in HP Systems Insight Manager (SIM) before 7.0 allows remote authenticated users to obtain sensitive information or modify data via unknown vectors.
152 CVE-2012-2287 287 Bypass 2012-09-25 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
The authentication functionality in EMC RSA Authentication Agent 7.1 and RSA Authentication Client 3.5 on Windows XP and Windows Server 2003, when an unspecified configuration exists, allows remote authenticated users to bypass an intended token-authentication step, and establish a login session to a remote host, by leveraging Windows credentials for that host.
153 CVE-2012-2441 310 2012-04-27 2017-12-13
8.5
None Remote Medium Single system Complete Complete Complete
RuggedCom Rugged Operating System (ROS) before 3.3 has a factory account with a password derived from the MAC Address field in a banner, which makes it easier for remote attackers to obtain access by performing a calculation on this address value, and then establishing a (1) SSH or (2) HTTPS session, a different vulnerability than CVE-2012-1803.
154 CVE-2012-3001 78 Exec Code 2012-10-22 2013-03-01
8.5
None Remote Medium Single system Complete Complete Complete
Mutiny Standard before 4.5-1.12 allows remote attackers to execute arbitrary commands via the network-interface menu, related to a "command injection vulnerability."
155 CVE-2012-3008 119 Exec Code Overflow 2012-07-20 2017-12-21
8.5
None Remote Medium Single system Complete Complete Complete
Stack-based buffer overflow in OSIsoft PI OPC DA Interface before 2.3.20.9 allows remote authenticated users to execute arbitrary code by sending packet data during the processing of messages associated with OPC items.
156 CVE-2012-3009 264 2012-08-16 2012-08-16
8.5
None Remote Medium Single system Complete Complete Complete
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls.
157 CVE-2012-3022 264 2013-04-16 2013-04-16
8.5
None Remote Medium Single system Complete Complete Complete
The SaveToFile method in a certain ActiveX control in TrendDisplay.dll in Canary Labs TrendLink 9.0.2.27051 and earlier does not properly restrict the creation of files, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted web site.
158 CVE-2012-3268 200 +Info 2013-02-01 2018-08-13
8.5
None Remote Medium Single system Complete Complete Complete
Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei Firewall/Gateway, Router, Switch, and Wireless products do not properly implement access control as defined in h3c-user.mib 2.0 and hh3c-user.mib 2.0, which allows remote authenticated users to discover credentials in UserInfoEntry values via an SNMP request with the read-only community.
159 CVE-2012-4078 287 Bypass 2013-09-24 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656.
160 CVE-2012-4826 119 Exec Code Overflow 2012-10-20 2013-03-01
8.5
None Remote Medium Single system Complete Complete Complete
Stack-based buffer overflow in the SQL/PSM (aka SQL Persistent Stored Module) Stored Procedure (SP) infrastructure in IBM DB2 9.1, 9.5, 9.7 before FP7, 9.8, and 10.1 might allow remote authenticated users to execute arbitrary code by debugging a stored procedure.
161 CVE-2012-4991 22 1 Dir. Trav. 2012-12-13 2012-12-13
8.5
None Remote Low Single system Complete Complete None
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a ..%5C (encoded dot dot backslash) in a URI.
162 CVE-2012-5487 264 Exec Code Bypass 2014-09-30 2014-10-01
8.5
None Remote Medium Single system Complete Complete Complete
The sandbox whitelisting function (allowmodule.py) in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain privileges to bypass the Python sandbox restriction and execute arbitrary Python code via vectors related to importing.
163 CVE-2012-5493 94 Exec Code Bypass 2014-09-30 2014-10-01
8.5
None Remote Medium Single system Complete Complete Complete
gtbn.py in Plone before 4.2.3 and 4.3 before beta 1 allows remote authenticated users with certain permissions to bypass the Python sandbox and execute arbitrary Python code via unspecified vectors.
164 CVE-2012-6439 DoS 2013-01-24 2013-01-25
8.5
None Remote Low Not required None Partial Complete
Rockwell Automation EtherNet/IP products; 1756-ENBT, 1756-EWEB, 1768-ENBT, and 1768-EWEB communication modules; CompactLogix L32E and L35E controllers; 1788-ENBT FLEXLogix adapter; 1794-AENTR FLEX I/O EtherNet/IP adapter; ControlLogix 18 and earlier; CompactLogix 18 and earlier; GuardLogix 18 and earlier; SoftLogix 18 and earlier; CompactLogix controllers 19 and earlier; SoftLogix controllers 19 and earlier; ControlLogix controllers 20 and earlier; GuardLogix controllers 20 and earlier; and MicroLogix 1100 and 1400 allow remote attackers to cause a denial of service (control and communication outage) via a CIP message that modifies the (1) configuration or (2) network parameters.
165 CVE-2013-0136 22 DoS Dir. Trav. 2013-06-01 2013-06-03
8.5
None Remote Medium Single system Complete Complete Complete
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbitrary files, or cause a denial of service (file deletion or renaming) via (1) the uploadPath parameter in an UPLOAD operation; the paths[] parameter in a (2) DELETE, (3) CUT, or (4) COPY operation; or the newPath parameter in a (5) CUT or (6) COPY operation.
166 CVE-2013-0487 287 2013-03-27 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
The Java Console in IBM Domino 8.5.x allows remote authenticated users to hijack temporary credentials by leveraging knowledge of configuration details, aka SPR KLYH8TNNDN.
167 CVE-2013-0526 20 Exec Code 2013-08-21 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
168 CVE-2013-0664 Exec Code 2013-04-04 2013-04-04
8.5
None Remote Medium Single system Complete Complete Complete
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, and consequently execute arbitrary code, by embedding these messages in SOAP HTTP POST requests.
169 CVE-2013-1398 310 +Priv +Info 2014-03-14 2019-07-10
8.5
None Remote Medium Single system Complete Complete Complete
The pe_mcollective module in Puppet Enterprise (PE) before 2.7.1 does not properly restrict access to a catalog of private SSL keys, which allows remote authenticated users to obtain sensitive information and gain privileges by leveraging root access to a node, related to the master role.
170 CVE-2013-1668 78 1 Exec Code 2014-05-23 2014-06-27
8.5
None Remote Medium Single system Complete Complete Complete
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
171 CVE-2013-1900 189 2013-04-04 2017-10-19
8.5
None Remote Medium Single system Complete Complete Complete
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."
172 CVE-2013-3005 264 Bypass 2013-07-06 2017-09-18
8.5
None Remote Medium Single system Complete Complete Complete
The TFTP client in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, when RBAC is enabled, allows remote authenticated users to bypass intended file-ownership restrictions, and read or overwrite arbitrary files, via unspecified vectors.
173 CVE-2013-3365 78 Exec Code 2014-02-04 2014-02-05
8.5
None Remote Medium Single system Complete Complete Complete
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
174 CVE-2013-3462 119 Exec Code Overflow 2013-08-24 2016-11-07
8.5
None Remote Medium Single system Complete Complete Complete
Buffer overflow in Cisco Unified Communications Manager (Unified CM) 7.1(x) before 7.1(5b)su6, 8.5(x) before 8.5(1)su6, 8.6(x) before 8.6(2a)su3, and 9.x before 9.1(2) allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Bug ID CSCud54358.
175 CVE-2013-3600 20 +Priv 2013-09-06 2013-09-06
8.5
None Remote Medium Single system Complete Complete Complete
Coursemill Learning Management System (LMS) 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions.
176 CVE-2013-4049 Exec Code 2013-09-16 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
Unrestricted file upload vulnerability in IBM SPSS Analytical Decision Management 6.1 before IF1, 6.2 before IF1, and 7.0 before FP1 IF6 allows remote authenticated users to execute arbitrary code by uploading and accessing a JSP file.
177 CVE-2013-4172 94 Exec Code 2013-08-23 2013-08-27
8.5
None Remote Medium Single system Complete Complete Complete
The Red Hat CloudForms Management Engine 5.1 allow remote administrators to execute arbitrary Ruby code via unspecified vectors.
178 CVE-2013-4401 264 +Priv 2013-11-02 2015-01-02
8.5
None Remote Medium Single system Complete Complete Complete
The virConnectDomainXMLToNative API function in libvirt 1.1.0 through 1.1.3 checks for the connect:read permission instead of the connect:write permission, which allows attackers to gain domain:write privileges and execute Qemu binaries via crafted XML. NOTE: some of these details are obtained from third party information.
179 CVE-2013-4629 255 2013-06-20 2013-06-21
8.5
None Remote Medium Single system Complete Complete Complete
The Huawei viewpoint VP9610 and VP9620 units for the Huawei Video Conference system do not update the Session ID upon successful establishment of a login session, which allows remote authenticated users to hijack sessions via an unspecified interception method.
180 CVE-2013-4987 264 +Priv 2013-11-07 2013-11-08
8.5
None Remote Medium Single system Complete Complete Complete
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
181 CVE-2013-5385 20 DoS +Info 2014-01-02 2014-01-27
8.5
None Remote Low Not required Partial None Complete
The OSPF implementation in IBM i 6.1 and 7.1, in z/OS on zSeries servers, and in Networking Operating System (aka NOS, formerly BLADE Operating System) does not properly validate Link State Advertisement (LSA) type 1 packets before performing operations on the LSA database, which allows remote attackers to cause a denial of service (routing disruption) or obtain sensitive packet information via a crafted LSA packet, a related issue to CVE-2013-0149.
182 CVE-2013-5542 399 DoS 2013-10-21 2013-10-21
8.5
None Remote Low Not required None Partial Complete
Cisco Adaptive Security Appliance (ASA) Software 8.4 before 8.4(7.2), 8.7 before 8.7(1.8), 9.0 before 9.0(3.6), and 9.1 before 9.1(2.8) allows remote attackers to cause a denial of service (firewall-session disruption or device reload) via crafted ICMP packets, aka Bug ID CSCui77398.
183 CVE-2013-5692 22 1 Dir. Trav. 2013-09-30 2013-10-01
8.5
None Remote Medium Single system Complete Complete Complete
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
184 CVE-2013-5948 78 Exec Code 2014-04-22 2015-09-17
8.5
None Remote Medium Single system Complete Complete Complete
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
185 CVE-2013-6012 287 Bypass 2013-10-28 2013-10-29
8.5
None Remote Medium Single system Complete Complete Complete
Juniper Junos 12.1X44 before 12.1.X44-D20 and 12.1X45 before 12.1X45-D15, when the no-validate option is enabled, does not properly handle configuration validation errors during the config commit phase of the boot-up sequence, which allows remote attackers to bypass authentication via unspecified vectors.
186 CVE-2013-6027 119 Exec Code Overflow 2013-10-19 2013-10-21
8.5
None Remote Medium Single system Complete Complete Complete
Stack-based buffer overflow in the RuntimeDiagnosticPing function in /bin/webs on D-Link DIR-100 routers might allow remote authenticated administrators to execute arbitrary commands via a long set/runtime/diagnostic/pingIp parameter to Tools/tools_misc.xgi.
187 CVE-2013-6215 Exec Code 2014-04-19 2019-10-09
8.5
None Remote Medium Single system Complete Complete Complete
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 10.01 and 10.10 allows remote authenticated users to execute arbitrary code via unknown vectors, aka ZDI-CAN-1977.
188 CVE-2013-6226 22 Dir. Trav. 2013-11-14 2017-08-28
8.5
None Remote Low Not required Complete None Partial
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files via unspecified vectors.
189 CVE-2013-6332 Exec Code 2014-02-06 2017-08-28
8.5
None Remote Medium Single system Complete Complete Complete
Unrestricted file upload vulnerability in IBM Algo One UDS 4.7.0 through 5.0.0 allows remote authenticated users to execute arbitrary code by uploading a .jsp file and then launching it.
190 CVE-2013-6349 94 Exec Code 2013-11-02 2013-11-04
8.5
None Remote Medium Single system Complete Complete Complete
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
191 CVE-2013-6744 264 +Priv 2014-05-30 2017-08-28
8.5
User Remote Medium Single system Complete Complete Complete
The Stored Procedure infrastructure in IBM DB2 9.5, 9.7 before FP9a, 10.1 before FP3a, and 10.5 before FP3a on Windows allows remote authenticated users to gain privileges by leveraging the CONNECT privilege and the CREATE_EXTERNAL_ROUTINE authority.
192 CVE-2013-6859 287 +Priv 2013-11-23 2013-11-25
8.5
None Remote Medium Single system Complete Complete Complete
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3. 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 does not properly perform authorization, which allows remote authenticated users to gain privileges via unspecified vectors.
193 CVE-2014-0629 264 +Priv +Info 2014-03-06 2014-03-07
8.5
None Remote Medium Single system Complete Complete Complete
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote authenticated users to obtain sensitive information and gain privileges in opportunistic circumstances by leveraging an incorrect group-addition implementation.
194 CVE-2014-1813 94 Exec Code 2014-05-14 2018-10-12
8.5
None Remote Medium Single system Complete Complete Complete
Microsoft Web Applications 2010 SP1 and SP2 allows remote authenticated users to execute arbitrary code via crafted page content, aka "Web Applications Page Content Vulnerability."
195 CVE-2014-2084 264 2 DoS +Info 2014-05-17 2014-06-13
8.5
None Remote Low Not required Partial None Complete
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
196 CVE-2014-2119 264 Exec Code 2014-03-20 2018-10-30
8.5
None Remote Medium Single system Complete Complete Complete
The End User Safelist/Blocklist (aka SLBL) service in Cisco AsyncOS Software for Email Security Appliance (ESA) before 7.6.3-023 and 8.x before 8.0.1-023 and Cisco Content Security Management Appliance (SMA) before 7.9.1-110 and 8.x before 8.1.1-013 allows remote authenticated users to execute arbitrary code with root privileges via an FTP session that uploads a modified SLBL database file, aka Bug IDs CSCug79377 and CSCug80118.
197 CVE-2014-2126 264 +Priv 2014-04-10 2014-04-10
8.5
None Remote Medium Single system Complete Complete Complete
Cisco Adaptive Security Appliance (ASA) Software 8.2 before 8.2(5.47), 8.4 before 8.4(7.5), 8.7 before 8.7(1.11), 9.0 before 9.0(3.10), and 9.1 before 9.1(3.4) allows remote authenticated users to gain privileges by leveraging level-0 ASDM access, aka Bug ID CSCuj33496.
198 CVE-2014-2127 20 +Priv 2014-04-10 2014-04-10
8.5
None Remote Medium Single system Complete Complete Complete
Cisco Adaptive Security Appliance (ASA) Software 8.x before 8.2(5.48), 8.3 before 8.3(2.40), 8.4 before 8.4(7.9), 8.6 before 8.6(1.13), 9.0 before 9.0(4.1), and 9.1 before 9.1(4.3) does not properly process management-session information during privilege validation for SSL VPN portal connections, which allows remote authenticated users to gain privileges by establishing a Clientless SSL VPN session and entering crafted URLs, aka Bug ID CSCul70099.
199 CVE-2014-2331 94 Exec Code 2015-08-31 2015-09-01
8.5
None Remote Medium Single system Complete Complete Complete
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers by leveraging CVE-2014-2330.
200 CVE-2014-2406 2014-04-15 2014-04-16
8.5
None Remote Medium Single system Complete Complete Complete
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors related to "Advisor" and "Select Any Dictionary" privileges.
Total number of vulnerabilities : 542   Page : 1 2 3 4 (This Page)5 6 7 8 9 10 11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.