CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
17001 CVE-2007-0944 Exec Code Mem. Corr. 2007-05-08 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability."
17002 CVE-2007-0942 Exec Code 2007-05-08 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.
17003 CVE-2007-0940 Exec Code 2007-05-08 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Cryptographic API Component Object Model Certificates ActiveX control (CAPICOM.dll) in Microsoft CAPICOM and BizTalk Server 2004 SP1 and SP2 allows remote attackers to execute arbitrary code via unspecified vectors, aka the "CAPICOM.Certificates Vulnerability."
17004 CVE-2007-0938 Exec Code Mem. Corr. 2007-04-10 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Content Management Server (MCMS) 2001 SP1 and 2002 SP2 does not properly handle certain characters in a crafted HTTP GET request, which allows remote attackers to execute arbitrary code, aka the "CMS Memory Corruption Vulnerability."
17005 CVE-2007-0936 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Microsoft Visio 2002 allow remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted packed object that triggers memory corruption, aka "Visio Document Packaging Vulnerability."
17006 CVE-2007-0934 Exec Code Mem. Corr. 2007-06-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visio 2002 allows remote user-assisted attackers to execute arbitrary code via a Visio (.VSD, VSS, .VST) file with a crafted version number that triggers memory corruption.
17007 CVE-2007-0921 2007-02-14 2018-10-16
9.4
None Remote Low Not required None Complete Complete
Portal Search allows remote attackers to redirect a URL to an arbitrary web site by placing the URL in the query string to the top-level URI.
17008 CVE-2007-0915 +Priv 2007-02-14 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Distributed SLS daemon (SLSd) on HP-UX B.11.11 allows remote attackers to overwrite arbitrary files and gain privileges via a crafted RPC request.
17009 CVE-2007-0913 Exec Code 2007-02-14 2008-11-15
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876, CVE-2006-3877, or older issues.
17010 CVE-2007-0912 CSRF 2007-02-13 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Cross-Site Request Forgery (CSRF) vulnerability in admin/admin.adm.php in Jportal 2.3.1, and possibly earlier, allows remote attackers to perform privileged actions as administrators by tricking the admin into accessing a URL with modified arguments to admin/admin.adm.php.
17011 CVE-2007-0910 2007-02-13 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
17012 CVE-2007-0903 2007-02-13 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the mod_roster_odbc module in ejabberd before 1.1.3 has unknown impact and attack vectors.
17013 CVE-2007-0888 Dir. Trav. 2007-02-12 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname argument to an FTP (1) GET or (2) PUT command.
17014 CVE-2007-0886 119 DoS Exec Code Overflow 2007-02-12 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
17015 CVE-2007-0882 94 2007-02-12 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
17016 CVE-2007-0879 Exec Code Overflow 2007-02-12 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in SmidgeonSoft PEBrowse Professional 8.2.1.0 allows user-assisted remote attackers to execute arbitrary code via certain executable files in PE format. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
17017 CVE-2007-0863 Exec Code File Inclusion 2007-02-09 2008-11-15
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tc_config[rootdir] parameter to (1) upgrade.php, (2) paint_save.php, (3) menu.php, (4) manage.php, and (5) banned.php. NOTE: his issue has been disputed by reliable third parties, who state that the variable is set before use in config.php.
17018 CVE-2007-0851 Exec Code Overflow 2007-02-08 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the Trend Micro Scan Engine 8.000 and 8.300 before virus pattern file 4.245.00, as used in other products such as Cyber Clean Center (CCC) Cleaner, allows remote attackers to execute arbitrary code via a malformed UPX compressed executable.
17019 CVE-2007-0841 2007-02-08 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.
17020 CVE-2007-0777 119 DoS Exec Code Overflow Mem. Corr. 2007-02-26 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vectors that trigger memory corruption.
17021 CVE-2007-0776 119 Exec Code Overflow 2007-02-26 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clipPath element in an SVG file.
17022 CVE-2007-0770 DoS Exec Code Overflow 2007-02-12 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOTE: this issue is due to an incomplete patch for CVE-2006-5456.
17023 CVE-2007-0766 DoS Exec Code Overflow 2007-02-06 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
17024 CVE-2007-0754 Exec Code Overflow 2007-05-14 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.1.3 allows user-assisted remote attackers to execute arbitrary code via a crafted Sample Table Sample Descriptor (STSD) atom size in a QuickTime movie.
17025 CVE-2007-0750 DoS Exec Code Overflow 2007-05-24 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in CoreGraphics in Apple Mac OS X 10.4 up to 10.4.9 allows remote user-assisted attackers to cause a denial of service (application termination) or execute arbitrary code via a crafted PDF file.
17026 CVE-2007-0749 Exec Code Overflow 2007-05-13 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.
17027 CVE-2007-0748 Exec Code Overflow 2007-05-13 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allows remote attackers to execute arbitrary code via multiple trackID values in a SETUP RTSP request.
17028 CVE-2007-0746 Exec Code Overflow 2007-04-24 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the VideoConference framework in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via a "crafted SIP packet when initializing an audio/video conference".
17029 CVE-2007-0736 Exec Code Overflow 2007-04-24 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the RPC library in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to execute arbitrary code via crafted requests to portmap.
17030 CVE-2007-0735 DoS Exec Code 2007-04-24 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in Libinfo in Apple Mac OS X 10.3.9 through 10.4.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving crafted web pages that trigger certain error conditions that are not properly reported in certain circumstances, resulting in accessing deallocated memory.
17031 CVE-2007-0733 DoS Exec Code Mem. Corr. 2007-03-13 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in ImageIO in Apple Mac OS X 10.3.9 and 10.4 through 10.4.8 allows remote user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted RAW image that triggers memory corruption.
17032 CVE-2007-0731 Exec Code Overflow 2007-03-13 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Apple-specific Samba module (SMB File Server) in Apple Mac OS X 10.4 through 10.4.8 allows context-dependent attackers to execute arbitrary code via a long ACL.
17033 CVE-2007-0714 189 DoS Exec Code Overflow 2007-03-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted QuickTime movie with a User Data Atom (UDTA) with an Atom size field with a large value.
17034 CVE-2007-0712 119 DoS Exec Code Overflow 2007-03-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MIDI file.
17035 CVE-2007-0711 189 DoS Exec Code Overflow 2007-03-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted 3GP video file.
17036 CVE-2007-0671 Exec Code 2007-02-03 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Excel 2000, XP, 2003, and 2004 for Mac, and possibly other Office products, allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as demonstrated by Exploit-MSExcel.h in targeted zero-day attacks.
17037 CVE-2007-0655 Exec Code +Priv 2007-05-02 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
The MicroWorld Agent service (MWAGENT.EXE) in MicroWorld Technologies eScan 8.0.671.1, and possibly other versions, allows remote or local attackers to gain privileges and execute arbitrary commands by connecting directly to TCP port 2222.
17038 CVE-2007-0654 Exec Code Overflow 2007-03-21 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
17039 CVE-2007-0653 Exec Code Overflow Mem. Corr. 2007-03-21 2018-10-16
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
17040 CVE-2007-0640 Overflow 2007-01-31 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in ZABBIX before 1.1.5 has unknown impact and attack vectors related to "SNMP IP addresses."
17041 CVE-2007-0619 Exec Code Mem. Corr. 2007-01-31 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
chmlib before 0.39 allows user-assisted remote attackers to execute arbitrary code via a crafted page block length in a CHM file, which triggers memory corruption.
17042 CVE-2007-0585 Dir. Trav. 2007-01-30 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
include/debug.php in Webfwlog 0.92 and earlier, when register_globals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct directory traversal attacks.
17043 CVE-2007-0543 2007-01-29 2018-10-16
9.4
None Remote Low Not required Complete Complete None
ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.
17044 CVE-2007-0528 +Info 2007-01-26 2018-10-16
9.0
None Remote Low ??? Complete Complete Complete
The admin web console implemented by the Centrality Communications (aka Aredfox) PA168 chipset and firmware 1.54 and earlier, as provided by various IP phones, does not require passwords or authentication tokens when using HTTP, which allows remote attackers to connect to existing superuser sessions and obtain sensitive information (passwords and configuration data).
17045 CVE-2007-0515 DoS Exec Code Mem. Corr. 2007-01-26 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word allows user-assisted remote attackers to execute arbitrary code on Word 2000, and cause a denial of service on Word 2003, via unknown attack vectors that trigger memory corruption, as exploited by Trojan.Mdropper.W and later by Trojan.Mdropper.X, a different issue than CVE-2006-6456, CVE-2006-5994, and CVE-2006-6561.
17046 CVE-2007-0510 Overflow 2007-01-26 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in (1) graphs.c, (2) output.c, and (3) preserve.c in AWFFull 3.7.1 and earlier have unknown impact and attack vectors. NOTE: some of these details are obtained from third party information. NOTE: There may not be any attack vector that crosses privilege boundaries.
17047 CVE-2007-0509 XSS +Info 2007-01-26 2017-07-29
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in MaklerPlus before 1.2 have unknown impact and attack vectors, possibly relating to cross-site scripting (XSS) in the slogan parameter in main.tpl, or information leaks in error messages.
17048 CVE-2007-0504 Exec Code 2007-01-26 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
17049 CVE-2007-0496 Exec Code File Inclusion 2007-01-25 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in lib/nl/nl.php in Neon Labs Website (nlws) 3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the g_strRootDir parameter.
17050 CVE-2007-0495 Exec Code File Inclusion 2007-01-25 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in include/config.inc.php in PhpSherpa allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.