CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
13151 CVE-2010-4092 399 Exec Code 2010-11-05 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in an unspecified compatibility component in Adobe Shockwave Player before 11.5.9.620 allows user-assisted remote attackers to execute arbitrary code via a crafted web site, related to the Shockwave Settings window and an unloaded library. NOTE: some of these details are obtained from third party information.
13152 CVE-2010-4091 119 1 DoS Exec Code Overflow Mem. Corr. 2010-11-07 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
13153 CVE-2010-4090 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
13154 CVE-2010-4089 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file containing "duplicated LCSM entries in mmap record," a different vulnerability than CVE-2010-4087.
13155 CVE-2010-4088 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with "duplicated references to the same KEY* chunk," a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4086.
13156 CVE-2010-4087 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
IML32.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a .dir file with a crafted mmap record containing an invalid length of a VSWV entry, a different vulnerability than CVE-2010-4089.
13157 CVE-2010-4086 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Director (.dir) media file with an invalid element size, a different vulnerability than CVE-2010-2581, CVE-2010-2880, CVE-2010-4084, CVE-2010-4085, and CVE-2010-4088.
13158 CVE-2010-4085 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4084, CVE-2010-4086, and CVE-2010-4088.
13159 CVE-2010-4084 119 DoS Exec Code Overflow Mem. Corr. 2010-10-29 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
dirapi.dll in Adobe Shockwave Player before 11.5.9.615 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2581, CVE-2010-4085, CVE-2010-4086, and CVE-2010-4088.
13160 CVE-2010-4070 189 DoS Exec Code Overflow Mem. Corr. 2010-10-25 2010-10-27
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in librpc.dll in portmap.exe (aka the ISM Portmapper service) in ISM before 2.20.TC1.117 in IBM Informix Dynamic Server (IDS) 7.x before 7.31.xD11, 9.x before 9.40.xC10, 10.00 before 10.00.xC8, and 11.10 before 11.10.xC2 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted parameter size, aka idsdb00146931, idsdb00146930, idsdb00146929, and idsdb00138308.
13161 CVE-2010-4053 119 Exec Code Overflow 2010-10-23 2017-08-17
9.0
None Remote Low ??? Complete Complete Complete
Stack-based buffer overflow in an unspecified logging function in oninit.exe in IBM Informix Dynamic Server (IDS) 11.10 before 11.10.xC2W2 and 11.50 before 11.50.xC1 allows remote authenticated users to execute arbitrary code via a crafted EXPLAIN directive, aka idsdb00154125 and idsdb00154243.
13162 CVE-2010-4045 264 Exec Code XSS 2010-10-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Opera before 10.63 does not properly restrict web script in unspecified circumstances involving reloads and redirects, which allows remote attackers to spoof the Address Bar, conduct cross-site scripting (XSS) attacks, and possibly execute arbitrary code by leveraging the ability of a script to interact with a web page from (1) a different domain or (2) a different security context.
13163 CVE-2010-4035 20 DoS 2010-10-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.41 does not properly perform autofill operations for forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
13164 CVE-2010-4034 20 DoS 2010-10-21 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document.
13165 CVE-2010-4025 Exec Code 2010-10-28 2010-11-11
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Doc Viewer in HP Palm webOS 1.4.1 allows remote attackers to execute arbitrary code via a crafted document, as demonstrated by a Word document.
13166 CVE-2010-4009 189 DoS Exec Code Overflow 2010-12-09 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.6.9 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
13167 CVE-2010-3992 +Priv 2010-10-28 2010-11-11
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in HP Insight Control Server Migration before 6.2 allows remote authenticated users to gain privileges via unknown vectors.
13168 CVE-2010-3983 264 +Priv 2010-10-18 2010-11-03
9.0
None Remote Low ??? Complete Complete Complete
CmcApp in SAP BusinessObjects Enterprise XI 3.2 allows remote authenticated users to gain privileges via vectors involving the Program Job Server and the Program Login property.
13169 CVE-2010-3976 Exec Code 2010-10-19 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a file that is processed by Flash Player.
13170 CVE-2010-3975 Exec Code 2010-10-19 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Adobe Flash Player 9 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse schannel.dll that is located in the same folder as a file that is processed by Flash.
13171 CVE-2010-3973 94 1 Exec Code 2010-12-23 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The WMITools ActiveX control in WBEMSingleView.ocx 1.50.1131.0 in Microsoft WMI Administrative Tools 1.1 and earlier in Microsoft Windows XP SP2 and SP3 allows remote attackers to execute arbitrary code via a crafted argument to the AddContextRef method, possibly an untrusted pointer dereference, aka "Microsoft WMITools ActiveX Control Vulnerability."
13172 CVE-2010-3972 119 1 DoS Exec Code Overflow +Info 2010-12-23 2021-02-05
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
13173 CVE-2010-3971 399 2 DoS Exec Code Mem. Corr. 2010-12-22 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
13174 CVE-2010-3970 119 1 Exec Code Overflow 2010-12-22 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
13175 CVE-2010-3967 +Priv 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft Windows Movie Maker (WMM) 2.6 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Movie Maker (MSWMM) file, aka "Insecure Library Loading Vulnerability."
13176 CVE-2010-3966 +Priv 2010-12-16 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Microsoft Windows Server 2008 R2 and Windows 7, when BranchCache is supported, allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains an EML file, an RSS file, or a WPOST file, aka "BranchCache Insecure Library Loading Vulnerability."
13177 CVE-2010-3965 +Priv 2010-12-16 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in Windows Media Encoder 9 on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 allows local users to gain privileges via a Trojan horse DLL in the current working directory, as demonstrated by a directory that contains a Windows Media Profile (PRX) file, aka "Insecure Library Loading Vulnerability."
13178 CVE-2010-3962 399 2 Exec Code Mem. Corr. 2010-11-05 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
13179 CVE-2010-3958 20 Exec Code 2011-04-13 2020-09-28
9.3
None Remote Medium Not required Complete Complete Complete
The x86 JIT compiler in Microsoft .NET Framework 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 does not properly compile function calls, which allows remote attackers to execute arbitrary code via (1) a crafted XAML browser application (aka XBAP), (2) a crafted ASP.NET application, or (3) a crafted .NET Framework application, aka ".NET Framework Stack Corruption Vulnerability."
13180 CVE-2010-3956 94 +Priv 2010-12-16 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
The OpenType Font (OTF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly perform array indexing, which allows local users to gain privileges via a crafted OpenType font, aka "OpenType Font Index Vulnerability."
13181 CVE-2010-3955 94 Exec Code Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
pubconv.dll (aka the Publisher Converter DLL) in Microsoft Publisher 2002 SP3 does not properly perform array indexing, which allows remote attackers to execute arbitrary code via a crafted Publisher file that uses an old file format, aka "Array Indexing Memory Corruption Vulnerability."
13182 CVE-2010-3954 119 DoS Exec Code Overflow Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Publisher 2002 SP3, 2003 SP3, and 2010 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Publisher file, aka "Microsoft Publisher Memory Corruption Vulnerability."
13183 CVE-2010-3952 119 DoS Exec Code Overflow Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Heap Corruption Vulnerability."
13184 CVE-2010-3951 119 Exec Code Overflow 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the FlashPix image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted FlashPix image in an Office document, aka "FlashPix Image Converter Buffer Overflow Vulnerability."
13185 CVE-2010-3950 119 DoS Exec Code Overflow Mem. Corr. 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
The TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 does not properly convert data, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted TIFF image in an Office document, aka "TIFF Image Converter Memory Corruption Vulnerability."
13186 CVE-2010-3949 119 Exec Code Overflow 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3 and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Buffer Overflow Vulnerability."
13187 CVE-2010-3947 119 Exec Code Overflow 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the TIFF image converter in the graphics filters in Microsoft Office XP SP3, Office Converter Pack, and Works 9 allows remote attackers to execute arbitrary code via a crafted TIFF image in an Office document, aka "TIFF Image Converter Heap Overflow Vulnerability."
13188 CVE-2010-3946 189 Exec Code Overflow 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the PICT image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted PICT image in an Office document, aka "PICT Image Converter Integer Overflow Vulnerability."
13189 CVE-2010-3945 119 Exec Code Overflow 2010-12-16 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the CGM image converter in the graphics filters in Microsoft Office XP SP3, Office 2003 SP3, and Office Converter Pack allows remote attackers to execute arbitrary code via a crafted CGM image in an Office document, aka "CGM Image Converter Buffer Overrun Vulnerability."
13190 CVE-2010-3916 Exec Code 2010-11-06 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3915.
13191 CVE-2010-3915 Exec Code 2010-11-06 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in JustSystems Ichitaro and Ichitaro Government allows remote attackers to execute arbitrary code via a crafted document, a different vulnerability than CVE-2010-3916.
13192 CVE-2010-3914 Exec Code 2010-11-03 2010-11-05
9.3
None Remote Medium Not required Complete Complete Complete
Untrusted search path vulnerability in VIM Development Group GVim before 7.3.034, and possibly other versions before 7.3.46, allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse User32.dll or other DLL that is located in the same folder as a .TXT file. NOTE: some of these details are obtained from third party information.
13193 CVE-2010-3912 255 2011-01-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
The supportconfig script in supportutils in SUSE Linux Enterprise 11 SP1 and 10 SP3 does not "disguise passwords" in configuration files, which has unknown impact and attack vectors.
13194 CVE-2010-3907 189 DoS Exec Code Overflow 2011-01-03 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in real.c in the Real demuxer plugin in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a zero i_subpackets value in a Real Media file, leading to a heap-based buffer overflow.
13195 CVE-2010-3894 119 1 Exec Code Overflow 2010-11-12 2018-10-10
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Java_com_ibm_es_oss_CryptionNative_ESEncrypt function in /opt/IBM/es/lib/libffq.cryptionjni.so in the login form in the administration interface in IBM OmniFind Enterprise Edition before 8.5 FP6 allows remote attackers to execute arbitrary code via a long password.
13196 CVE-2010-3885 119 Exec Code Overflow 2010-10-08 2010-10-14
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll (aka the Microsoft MFCDLL shared library) on Windows 2000 SP4 and XP SP2 and SP3 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.21 Build 4010 application.
13197 CVE-2010-3826 DoS Exec Code 2010-11-22 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly perform a cast of an unspecified variable during processing of colors in an SVG document, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
13198 CVE-2010-3824 399 DoS Exec Code 2010-11-22 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving SVG use elements.
13199 CVE-2010-3823 399 DoS Exec Code 2010-11-22 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving Geolocation objects. NOTE: this might overlap CVE-2010-3415.
13200 CVE-2010-3822 119 DoS Exec Code Overflow 2010-11-22 2017-09-19
9.3
None Remote Medium Not required Complete Complete Complete
WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, accesses an uninitialized pointer during processing of Cascading Style Sheets (CSS) counter styles, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.