CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
15001 CVE-2009-0086 189 Exec Code 2009-04-15 2019-02-26
10.0
None Remote Low Not required Complete Complete Complete
Integer underflow in Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote HTTP servers to execute arbitrary code via crafted parameter values in a response, related to error handling, aka "Windows HTTP Services Integer Underflow Vulnerability."
15002 CVE-2009-0084 94 Exec Code 2009-04-15 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in DirectShow in Microsoft DirectX 8.1 and 9.0 allows remote attackers to execute arbitrary code via an MJPEG file or video stream with a malformed Huffman table, which triggers an exception that frees heap memory that is later accessed, aka "MJPEG Decompression Vulnerability."
15003 CVE-2009-0081 20 Exec Code 2009-03-10 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
The graphics device interface (GDI) implementation in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 does not properly validate input received from user mode, which allows remote attackers to execute arbitrary code via a crafted (1) Windows Metafile (aka WMF) or (2) Enhanced Metafile (aka EMF) image file, aka "Windows Kernel Input Validation Vulnerability."
15004 CVE-2009-0076 399 Exec Code Mem. Corr. 2009-02-10 2019-02-26
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
15005 CVE-2009-0075 399 Exec Code Mem. Corr. 2009-02-10 2019-02-27
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
15006 CVE-2009-0070 189 DoS 2009-01-08 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
15007 CVE-2009-0065 119 Overflow 2009-01-07 2017-09-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in net/sctp/sm_statefuns.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.28-git8 allows remote attackers to have an unknown impact via an FWD-TSN (aka FORWARD-TSN) chunk with a large stream ID.
15008 CVE-2009-0064 +Priv +Info 2009-04-24 2017-08-08
9.0
None Remote Low ??? Complete Complete Complete
Multiple unspecified vulnerabilities in the Control Center in Symantec Brightmail Gateway Appliance before 8.0.1 allow remote authenticated users to gain privileges, and possibly obtain sensitive information or hijack sessions of arbitrary users, via vectors involving (1) administrative scripts or (2) console functions.
15009 CVE-2009-0062 264 +Priv 2009-02-05 2018-10-30
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Cisco Wireless LAN Controller (WLC), Cisco Catalyst 6500 Wireless Services Module (WiSM), and Cisco Catalyst 3750 Integrated Wireless LAN Controller with software 4.2.173.0 allows remote authenticated users to gain privileges via unknown vectors, as demonstrated by escalation from the (1) Lobby Admin and (2) Local Management User privilege levels.
15010 CVE-2009-0043 264 Exec Code 2009-01-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The smmsnmpd service in CA Service Metric Analysis r11.0 through r11.1 SP1 and Service Level Management 3.5 does not properly restrict access, which allows remote attackers to execute arbitrary commands via unspecified vectors.
15011 CVE-2009-0042 Bypass 2009-01-28 2021-04-09
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007 v3 and 2008; and other CA products allow remote attackers to bypass virus detection via a malformed archive file.
15012 CVE-2009-0012 119 Exec Code Overflow 2009-02-13 2011-03-07
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in CoreText in Apple Mac OS X 10.5.6 allows remote attackers to execute arbitrary code via a crafted Unicode string.
15013 CVE-2009-0010 189 1 DoS Exec Code Overflow 2009-05-13 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in QuickDraw Manager in Apple Mac OS X 10.4.11 and 10.5 before 10.5.7, and Apple QuickTime before 7.6.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PICT image with a crafted 0x77 Poly tag and a crafted length field, which triggers a heap-based buffer overflow.
15014 CVE-2009-0007 119 DoS Exec Code Overflow 2009-01-21 2017-09-29
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.
15015 CVE-2009-0006 189 DoS Exec Code Overflow 2009-01-21 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.
15016 CVE-2009-0005 399 DoS Exec Code Mem. Corr. 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.
15017 CVE-2009-0004 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.
15018 CVE-2009-0003 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.
15019 CVE-2009-0002 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.
15020 CVE-2009-0001 119 DoS Exec Code Overflow 2009-01-21 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted RTSP URL.
15021 CVE-2008-7319 77 Exec Code 2017-11-07 2017-11-29
10.0
None Remote Low Not required Complete Complete Complete
The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input is used.
15022 CVE-2008-7252 310 2010-01-19 2011-01-28
10.0
None Remote Low Not required Complete Complete Complete
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 uses predictable filenames for temporary files, which has unknown impact and attack vectors.
15023 CVE-2008-7251 264 2010-01-19 2010-05-06
10.0
None Remote Low Not required Complete Complete Complete
libraries/File.class.php in phpMyAdmin 2.11.x before 2.11.10 creates a temporary directory with 0777 permissions, which has unknown impact and attack vectors.
15024 CVE-2008-7249 119 Exec Code Overflow 2009-12-30 2018-10-11
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Squid Analysis Report Generator (Sarg) 2.2.3.1, and probably later, allows user-assisted remote attackers to execute arbitrary code via a long HTTP request method in a crafted access.log file, a different vulnerability than CVE-2008-1167.
15025 CVE-2008-7233 2009-09-14 2012-10-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the E-Business Application client, as used in Oracle Application Server 1.1.8.26 and E-Business Suite 11.5.10.2, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to the Oracle Jinitiator component, aka AS02.
15026 CVE-2008-7232 119 Exec Code Overflow 2009-09-14 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the report function in xtacacsd 4.1.2 and earlier allows remote attackers to execute arbitrary code via a crafted CONNECT TACACS command.
15027 CVE-2008-7230 2009-09-14 2009-09-15
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Small Footprint CIM Broker (SFCB) before 1.2.5 has unknown impact and attack vectors.
15028 CVE-2008-7228 134 2009-09-14 2009-12-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple format string vulnerabilities in White_Dune before 0.29beta851 have unspecified impact and attack vectors, a different vulnerability than CVE-2008-0101.
15029 CVE-2008-7225 119 DoS Exec Code Overflow 2009-09-14 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
15030 CVE-2008-7219 264 2009-09-13 2011-04-05
10.0
None Remote Low Not required Complete Complete Complete
Horde Kronolith H3 2.1 before 2.1.7 and 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and H3 2.2 before 2.2-RC2; Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 does not validate ownership when performing share changes, which has unknown impact and attack vectors.
15031 CVE-2008-7218 2009-09-13 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Horde API in Horde 3.1 before 3.1.6 and 3.2 before 3.2 before 3.2-RC2; Turba H3 2.1 before 2.1.6 and 2.2 before 2.2-RC2; Kronolith H3 2.1 before 2.1.7 and H3 2.2 before 2.2-RC2; Nag H3 2.1 before 2.1.4 and 2.2 before 2.2-RC2; Mnemo H3 2.1 before 2.1.2 and 2.2 before 2.2-RC2; Horde Groupware 1.0 before 1.0.3 and 1.1 before 1.1-RC2; and Groupware Webmail Edition 1.0 before 1.0.4 and 1.1 before 1.1-RC2 has unknown impact and attack vectors.
15032 CVE-2008-7200 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in Deliantra server engine before 2.4 has unknown impact and attack vectors.
15033 CVE-2008-7198 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in phpns before 2.1.1beta1 have unknown impact and attack vectors.
15034 CVE-2008-7197 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in G15Daemon before 1.9.4 have unknown impact and attack vectors.
15035 CVE-2008-7196 2009-09-10 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in metashell before 0.03 has unknown impact and attack vectors related to a "PATH execution security flaw," possibly an untrusted search path vulnerability.
15036 CVE-2008-7190 XSS 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Adium before 1.2 has unknown impact and attack vectors related to javascript: URLs, possibly cross-site scripting (XSS).
15037 CVE-2008-7189 2009-09-09 2009-09-10
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Local Media Browser before 0.1 have unknown impact and attack vectors related to "Security holes."
15038 CVE-2008-7177 119 Overflow 2009-09-08 2018-10-31
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
15039 CVE-2008-7174 119 DoS Exec Code Overflow 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the Jura Internet Connection Kit for the Jura Impressa F90 coffee maker allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to improper use of the gets and sprintf functions.
15040 CVE-2008-7173 264 DoS Exec Code 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
The Jura Internet Connection Kit for the Jura Impressa F90 coffee maker does not properly restrict access to privileged functions, which allows remote attackers to cause a denial of service (physical damage), modify coffee settings, and possibly execute code via a crafted request. NOTE: this issue is being included in CVE because the denial of service may include financial loss or water damage.
15041 CVE-2008-7170 264 Exec Code 2009-09-08 2018-10-11
10.0
None Remote Low Not required Complete Complete Complete
GSC build 2067 and earlier relies on the client to enforce administrator privileges, which allows remote attackers to execute arbitrary administrator commands via a crafted packet.
15042 CVE-2008-7168 2009-09-08 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Insecure method vulnerability in the UUSee UUUpgrade ActiveX control (UUUpgrade.ocx 3.0.2.12) allows remote attackers to force the download and overwrite of arbitrary files via crafted arguments to the Update method, as exploited in the wild in June 2009.
15043 CVE-2008-7164 2009-09-04 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Shareaza before 2.3.1.0 have unknown impact and attack vectors related to "very important security fixes," possibly involving update notifications and a domain that is no longer controlled by the vendor.
15044 CVE-2008-7162 119 DoS Exec Code Overflow 2009-09-04 2017-08-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in Hero Super Player 3000 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename in a .M3U file. NOTE: this might be related to CVE-2008-4504.
15045 CVE-2008-7158 78 Exec Code 2009-09-02 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Numara FootPrints 7.5a through 7.5a1 and 8.0 through 8.0a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) transcriptFile parameter to MRcgi/MRchat.pl or (2) LOADFILE parameter to MRcgi/MRABLoad2.pl. NOTE: some of these details are obtained from third party information.
15046 CVE-2008-7149 2009-09-01 2009-09-09
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in AgileWiki before 0.10.1 has unknown impact and attack vectors related to passwords.
15047 CVE-2008-7148 Exec Code 2009-09-01 2009-09-03
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Synfig Animation Studio before 0.61.08 allows attackers to execute arbitrary code via a crafted .sif file.
15048 CVE-2008-7144 2009-09-01 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in RARLAB WinRAR before 3.71 have unknown impact and attack vectors related to crafted (1) ACE, (2) ARJ, (3) BZ2, (4) CAB, (5) GZ, (6) LHA, (7) RAR, (8) TAR, or (9) ZIP files, as demonstrated by the OUSPG PROTOS GENOME test suite for Archive Formats.
15049 CVE-2008-7126 189 DoS Exec Code Overflow 2009-08-31 2017-08-17
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in osagent.exe in Borland VisiBroker Smart Agent 08.00.00.C1.03 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet with a large string length value to UDP port 14000, which triggers a heap-based buffer overflow.
15050 CVE-2008-7125 78 Exec Code 2009-08-31 2017-08-17
9.0
None Remote Low ??? Complete Complete Complete
pphoto in Ariadne before 2.6 allows remote authenticated users with certain privileges to execute arbitrary shell commands via vectors related to PINP programs and the annotate command. NOTE: some of these details are obtained from third party information.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.