CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
2551 CVE-2008-6935 94 DoS 2009-08-11 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an im:// URI.
2552 CVE-2008-6937 94 DoS 2009-08-11 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Argument injection vulnerability in Exodus 0.10 allows remote attackers to inject arbitrary command line arguments, overwrite arbitrary files, and cause a denial of service via encoded spaces in an xmpp:// URI, a different vector than CVE-2008-6935 and CVE-2008-6936. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2553 CVE-2008-6973 2009-08-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM WebSphere Commerce 6.0 before 6.0.0.7 have unknown impact and attack vectors.
2554 CVE-2008-6993 310 2009-08-19 2009-08-21
10.0
None Remote Low Not required Complete Complete Complete
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2555 CVE-2008-7004 119 Overflow 2009-08-19 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
2556 CVE-2008-7010 264 1 +Priv 2009-08-19 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
2557 CVE-2008-7023 310 Bypass 2009-08-21 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
2558 CVE-2008-7031 119 DoS Exec Code Overflow 2009-08-24 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
2559 CVE-2008-7081 287 +Priv Bypass 2009-08-25 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
2560 CVE-2008-7109 287 Bypass 2009-08-28 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
2561 CVE-2008-7115 264 +Priv Bypass 2009-08-28 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
2562 CVE-2008-7122 2009-08-31 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple insecure method vulnerabilities in an ActiveX control in (epRegPro.ocx) in Evans Programming Registry Pro allow remote attackers to read and modify sensitive registry keys via the (1) About, (2) CreateKey, (3) DeleteBranch, (4) DeleteKey, (5) DeleteValue, (6) EnumKeys, (7) EnumValues, (8) QueryType, (9) QueryValue, (10) RenameKey, and (11) SetValue methods.
2563 CVE-2008-7126 189 DoS Exec Code Overflow 2009-08-31 2017-08-16
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
2564 CVE-2008-7144 2009-09-01 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
2565 CVE-2008-7148 Exec Code 2009-09-01 2009-09-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.
2566 CVE-2008-7149 2009-09-01 2009-09-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.
2567 CVE-2008-7158 78 Exec Code 2009-09-02 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.
2568 CVE-2008-7164 2009-09-04 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.
2569 CVE-2008-7170 264 Exec Code 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.
2570 CVE-2008-7173 264 DoS Exec Code 2009-09-08 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
2571 CVE-2008-7174 119 DoS Exec Code Overflow 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions.
2572 CVE-2008-7189 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes."
2573 CVE-2008-7190 XSS 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).
2574 CVE-2008-7196 2009-09-10 2009-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.
2575 CVE-2008-7197 2009-09-10 2009-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.
2576 CVE-2008-7198 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.
2577 CVE-2008-7200 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors.
2578 CVE-2008-7218 2009-09-13 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
2579 CVE-2008-7219 264 2009-09-13 2011-04-05
10.0
None Remote Low Not required Complete Complete Complete
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
2580 CVE-2008-7225 119 DoS Exec Code Overflow 2009-09-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
2581 CVE-2008-7228 134 2009-09-14 2009-12-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.
2582 CVE-2008-7230 2009-09-14 2009-09-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.
2583 CVE-2008-7232 119 Exec Code Overflow 2009-09-14 2017-08-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.
2584 CVE-2008-7252 310 2010-01-19 2011-01-28
10.0
None Remote Low Not required Complete Complete Complete
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
2585 CVE-2008-7319 77 Exec Code 2017-11-07 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
2586 CVE-2009-0012 119 Exec Code Overflow 2009-02-12 2011-01-06
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
2587 CVE-2009-0042 Bypass 2009-01-27 2018-10-30
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
2588 CVE-2009-0043 264 Exec Code 2009-01-08 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
2589 CVE-2009-0065 119 Overflow 2009-01-07 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
2590 CVE-2009-0086 189 Exec Code 2009-04-15 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
2591 CVE-2009-0119 119 DoS Exec Code Overflow Mem. Corr. 2009-01-14 2017-09-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.
2592 CVE-2009-0133 119 Exec Code Overflow 2009-01-15 2017-09-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
2593 CVE-2009-0137 20 2009-02-12 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Safari RSS in Apple Mac OS X 10.4.11 and 10.5.6, and Windows XP and Vista, allow remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed: URL, related to "input validation issues."
2594 CVE-2009-0138 287 2009-02-12 2009-08-19
10.0
Admin Remote Low Not required Complete Complete Complete
servermgrd (Server Manager) in Apple Mac OS X 10.5.6 does not properly validate authentication credentials, which allows remote attackers to modify the system configuration.
2595 CVE-2009-0165 189 Overflow 2009-04-23 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
2596 CVE-2009-0171 264 2009-01-16 2011-06-13
10.0
Admin Remote Low Not required Complete Complete Complete
The Sun SPARC Enterprise M4000 and M5000 Server, within a certain range of serial numbers, allows remote attackers to use the manufacturing root password, perform a root login to the eXtended System Control Facility Unit (aka XSCFU or Service Processor), and have unspecified other impact.
2597 CVE-2009-0178 2009-01-20 2017-08-07
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM Hardware Management Console (HMC) 7 release 3.2.0 SP1 has unknown impact and attack vectors.
2598 CVE-2009-0183 119 Exec Code Overflow 2009-02-03 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Remote Control Server in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allows remote attackers to execute arbitrary code via a long Authorization header in an HTTP request.
2599 CVE-2009-0208 94 Exec Code 2009-02-26 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Virtual Rooms Client before 7.0.1, when running on Windows, allows remote attackers to execute arbitrary code via unknown vectors.
2600 CVE-2009-0210 119 DoS Exec Code Overflow 2009-02-08 2018-10-11
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the MLF application in AREVA e-terrahabitat 5.7 and earlier allows remote attackers to execute arbitrary commands or cause a denial of service (system crash) via unspecified vectors, aka PD28578.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.