CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3551 CVE-2011-5003 119 1 Exec Code Overflow 2011-12-24 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Phonetic Indexer (AvidPhoneticIndexer.exe) in Avid Media Composer 5.5.3 and earlier allows remote attackers to execute arbitrary code via a long request to TCP port 4659.
3552 CVE-2011-5007 119 1 Exec Code Overflow 2011-12-24 2013-05-20
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
3553 CVE-2011-5010 264 1 Exec Code 2011-12-24 2012-02-16
10.0
None Remote Low Not required Complete Complete Complete
apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.
3554 CVE-2011-5012 119 1 Exec Code Overflow 2011-12-24 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Reflection FTP Client (rftpcom.dll 7.2.0.106 and possibly other versions), as used in Attachmate Reflection 2008, Reflection 2011 R1 before 15.3.2.569 and R1 SP1 before, Reflection 2011 R2 before 15.4.1.327, Reflection Windows Client 7.2 SP1 before hotfix 7.2.1186, and Reflection 14.1 SP1 before 14.1.1.206, allows remote FTP servers to execute arbitrary code via a long directory name in a response to a LIST command.
3555 CVE-2011-5059 119 Exec Code Overflow 2012-01-10 2012-01-13
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Final Draft 8 before 8.02 allows remote attackers to execute arbitrary code via a crafted SmartType element, a different vulnerability than CVE-2011-5002. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
3556 CVE-2011-5089 119 DoS Exec Code Overflow 2012-04-18 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Security Login ActiveX controls in ICONICS GENESIS32 8.05, 9.0, 9.1, and 9.2 and BizViz 8.05, 9.0, 9.1, and 9.2 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long password.
3557 CVE-2011-5096 119 Exec Code Overflow 2012-07-03 2012-07-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in cstore.exe in the Media Application Server (MAS) in Avaya Aura Application Server 5300 (formerly Nortel Media Application Server) 1.x before 1.0.2 and 2.0 before Patch Bundle 10 allows remote attackers to execute arbitrary code via a crafted cs_anams parameter in a CONTENT_STORE_ADMIN_REQ packet.
3558 CVE-2011-5121 310 2012-08-25 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not properly check whether unspecified X.509 certificates are revoked, which has unknown impact and remote attack vectors.
3559 CVE-2011-5123 310 2012-08-25 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
The Antivirus component in Comodo Internet Security before 5.3.175888.1227 does not check whether X.509 certificates in signed executable files have been revoked, which has unknown impact and remote attack vectors.
3560 CVE-2011-5124 119 Exec Code Overflow 2012-08-26 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the BCAAA component before build 60258, as used by Blue Coat ProxySG 4.2.3 through 6.1 and ProxyOne, allows remote attackers to execute arbitrary code via a large packet to the synchronization port (16102/tcp).
3561 CVE-2011-5127 22 Exec Code Dir. Trav. 2012-08-26 2012-08-27
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.
3562 CVE-2011-5133 2012-08-30 2012-09-13
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."
3563 CVE-2011-5227 119 Exec Code Overflow 2012-10-25 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
3564 CVE-2011-5254 2013-01-11 2013-01-23
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Connections plugin before 0.7.1.6 for WordPress has unknown impact and attack vectors.
3565 CVE-2011-5322 255 2015-08-04 2018-03-27
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Centricity Analytics Server 1.1 has a default password of (1) V0yag3r for the SQL Server sa user, (2) G3car3s for the analyst user, (3) G3car3s for the ccg user, (4) V0yag3r for the viewer user, and (5) geservice for the geservice user in the Webmin interface, which has unspecified impact and attack vectors.
3566 CVE-2011-5323 255 2015-08-04 2015-08-06
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions has a password of A11enda1e for the sa SQL server user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
3567 CVE-2011-5324 255 2015-08-04 2015-08-04
10.0
None Remote Low Not required Complete Complete Complete
The TeraRecon server, as used in GE Healthcare Centricity PACS-IW 3.7.3.7, 3.7.3.8, and possibly other versions, has a password of (1) shared for the shared user and (2) scan for the scan user, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.
3568 CVE-2012-0121 DoS Exec Code 2012-03-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1392.
3569 CVE-2012-0122 DoS Exec Code 2012-03-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1393.
3570 CVE-2012-0123 DoS Exec Code 2012-03-13 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1498.
3571 CVE-2012-0124 DoS Exec Code 2012-03-13 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Data Protector Express (aka DPX) 5.0.00 before build 59287 and 6.0.00 before build 11974 allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors.
3572 CVE-2012-0127 Exec Code 2012-03-31 2017-12-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP Performance Manager 9.00 allows remote attackers to execute arbitrary code via unknown vectors.
3573 CVE-2012-0131 DoS 2012-04-05 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Distributed Computing Environment (DCE) 1.8 and 1.9 on HP HP-UX B.11.11 and B.11.23 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
3574 CVE-2012-0202 119 DoS Exec Code Overflow 2012-05-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
3575 CVE-2012-0229 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-03
10.0
None Remote Low Not required Complete Complete Complete
The Data Archiver service in GE Intelligent Platforms Proficy Historian 4.5 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted session on TCP port 14000 to (1) ihDataArchiver.exe or (2) ihDataArchiver_x64.exe.
3576 CVE-2012-0230 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
PRRDS.exe in the Proficy Remote Data Service in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12299.
3577 CVE-2012-0231 119 DoS Exec Code Overflow Mem. Corr. 2012-03-15 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
PRLicenseMgr.exe in the Proficy Server License Manager in GE Intelligent Platforms Proficy Plant Applications 5.0 and earlier allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted TCP session on port 12401.
3578 CVE-2012-0238 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.
3579 CVE-2012-0240 287 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.
3580 CVE-2012-0242 134 Exec Code 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.
3581 CVE-2012-0243 119 Exec Code Overflow 2012-02-21 2018-01-04
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.
3582 CVE-2012-0245 119 Exec Code Overflow 2012-03-09 2012-10-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in RobNetScanHost.exe in ABB Robot Communications Runtime before 5.14.02, as used in ABB Interlink Module, IRC5 OPC Server, PC SDK, PickMaster 3 and 5, RobView 5, RobotStudio, WebWare SDK, and WebWare Server, allow remote attackers to execute arbitrary code via a crafted (1) 0xA or (2) 0xE Netscan packet.
3583 CVE-2012-0261 94 Exec Code 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for an install action.
3584 CVE-2012-0262 94 Exec Code 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
3585 CVE-2012-0264 264 2013-12-31 2014-01-02
10.0
None Remote Low Not required Complete Complete Complete
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
3586 CVE-2012-0271 189 Exec Code Overflow 2012-09-19 2013-04-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
3587 CVE-2012-0275 119 Exec Code Overflow 2012-09-04 2017-08-28
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Photoshop.exe in Adobe Photoshop CS5 12.x before 12.0.5, CS5.1 12.1.x before 12.1.1, and CS6 13.x before 13.0.1 allows remote attackers to execute arbitrary code via a crafted TIFF image with SGI24LogLum compression.
3588 CVE-2012-0290 2012-02-06 2018-01-05
10.0
None Remote Low Not required Complete Complete Complete
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."
3589 CVE-2012-0297 264 Exec Code 2012-05-21 2017-12-04
10.0
None Remote Low Not required Complete Complete Complete
The management GUI in Symantec Web Gateway 5.0.x before 5.0.3 does not properly restrict access to application scripts, which allows remote attackers to execute arbitrary code by (1) injecting crafted data or (2) including crafted data.
3590 CVE-2012-0299 264 Exec Code 2012-05-21 2017-12-04
10.0
None Remote Low Not required Complete Complete Complete
The file-management scripts in the management GUI in Symantec Web Gateway 5.0.x before 5.0.3 allow remote attackers to upload arbitrary code to a designated pathname, and possibly execute this code, via unspecified vectors.
3591 CVE-2012-0411 Exec Code 2012-12-24 2013-01-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Novell iPrint Client before 5.82 allows remote attackers to execute arbitrary code via an op-client-interface-version action.
3592 CVE-2012-0417 189 Exec Code Overflow 2012-09-28 2013-02-13
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before Support Pack 3 and 2012 before Support Pack 1 allows remote attackers to execute arbitrary code via unspecified vectors.
3593 CVE-2012-0432 119 Overflow 2012-12-25 2013-01-08
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
3594 CVE-2012-0434 264 2013-12-01 2014-03-04
10.0
None Remote Low Not required Complete Complete Complete
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
3595 CVE-2012-0442 119 DoS Exec Code Overflow Mem. Corr. 2012-02-01 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
3596 CVE-2012-0443 DoS Exec Code Mem. Corr. 2012-02-01 2017-09-18
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
3597 CVE-2012-0444 DoS Exec Code Mem. Corr. 2012-02-01 2018-01-10
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 do not properly initialize nsChildView data structures, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted Ogg Vorbis file.
3598 CVE-2012-0449 119 DoS Exec Code Overflow Mem. Corr. 2012-02-01 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a malformed XSLT stylesheet that is embedded in a document.
3599 CVE-2012-0467 DoS Exec Code Mem. Corr. 2012-04-25 2018-01-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox 4.x through 11.0, Firefox ESR 10.x before 10.0.4, Thunderbird 5.0 through 11.0, Thunderbird ESR 10.x before 10.0.4, and SeaMonkey before 2.9 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unknown vectors.
3600 CVE-2012-0468 119 DoS Exec Code Overflow Mem. Corr. 2012-04-25 2017-12-28
10.0
None Remote Low Not required Complete Complete Complete
The browser engine in Mozilla Firefox 4.x through 11.0, Thunderbird 5.0 through 11.0, and SeaMonkey before 2.9 allows remote attackers to cause a denial of service (assertion failure and memory corruption) or possibly execute arbitrary code via vectors related to jsval.h and the js::array_shift function.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.