Critical
CVE-2011-0596
The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code…
Tag: Remote Code Execution
All CVEs associated with "Remote Code Execution". Page 286/345 • 41399 CVEs.
Subscribe CVEs: RSS for “Remote Code Execution” · RSS (High+Critical only)
About “Remote Code Execution”
A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41399 CVEs for this tag (all time). In the last 365 days, 4734 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2011-02-10
Critical
CVE-2011-0595
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that…
Critical
CVE-2011-0594
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.
Critical
CVE-2011-0593
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that…
Critical
CVE-2011-0592
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that…
Critical
CVE-2011-0591
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that…
Critical
CVE-2011-0590
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability t…
Critical
CVE-2011-0589
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption)…
Critical
CVE-2011-0586
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrar…
Critical
CVE-2011-0585
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly exec…
Medium
CVE-2011-0568
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Mac OS X allows attackers to cause a denial of service or possibly execute arbitrar…
Critical
CVE-2011-0567
AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of servi…
Critical
CVE-2011-0566
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corru…
Critical
CVE-2011-0565
Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly exec…
Critical
CVE-2011-0563
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption)…
Critical
CVE-2011-0608
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0607
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0578
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a constructor for an unspecified A…
Critical
CVE-2011-0577
Unspecified vulnerability in Adobe Flash Player before 10.2.152.26 allows remote attackers to execute arbitrary code via a crafted font.
Critical
CVE-2011-0574
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0573
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0572
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0571
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0569
The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PFR1 chunk containing an invalid…
Critical
CVE-2011-0561
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0560
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0559…
Critical
CVE-2011-0559
Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted parameters to an unspecified ActionScript method that cau…
Critical
CVE-2011-0558
Integer overflow in Adobe Flash Player before 10.2.152.26 allows attackers to execute arbitrary code via a large array length value in the ActionScript method of the Function class.
Critical
CVE-2011-0557
Integer overflow in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code via a Director movie with a large count value in 3D assets type 0xFFFFFF45 record, which…
Critical
CVE-2011-0556
The Font Xtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PFR1 chunk that leads to…
Critical
CVE-2011-0555
The TextXtra.x32 module in Adobe Shockwave Player before 11.5.9.620 allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a Director file with a…
Critical
CVE-2011-0093
ELEMENTS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 does not properly parse structures during the opening of a Visio file, which allows remote attackers to execute arbitrary code via a f…
Critical
CVE-2011-0092
The LZW stream decompression functionality in ORMELEMS.DLL in Microsoft Visio 2002 SP2, 2003 SP3, and 2007 SP2 allows remote attackers to execute arbitrary code via a Visio file with a malformed Visi…
Critical
CVE-2011-0036
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialize…
Critical
CVE-2011-0035
Microsoft Internet Explorer 6, 7, and 8 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing an object that (1) was not properly initialize…
Critical
CVE-2011-0033
The OpenType Compact Font Format (CFF) driver in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not pr…
Critical
CVE-2010-4307
Buffer overflow in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.
Critical
CVE-2010-4306
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0…
Critical
CVE-2010-4196
The Shockwave 3d Asset module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
Critical
CVE-2010-4195
The TextXtra module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
Critical
CVE-2010-4194
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
Critical
CVE-2010-4193
Adobe Shockwave Player before 11.5.9.620 does not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.
Critical
CVE-2010-4192
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted 3D Assets 0xFFFFFF88 type reco…
Critical
CVE-2010-4191
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0…
Critical
CVE-2010-4190
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with a crafted CSWV RIFF chunk that causes an…
Critical
CVE-2010-4189
The IML32 module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie containing a GIF image wi…
Critical
CVE-2010-4188
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a Director movie with an IFWV chunk w…
Critical
CVE-2010-4187
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed chunk in a Director file, a different vulnerabilit…
Critical
CVE-2010-4093
Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0…
Critical
CVE-2010-2589
Integer overflow in the dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code via unspecified vectors.
Critical
CVE-2010-2588
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vuln…
Critical
CVE-2010-2587
The dirapi.dll module in Adobe Shockwave Player before 11.5.9.620 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vuln…
2011-02-09
Critical
CVE-2011-0921
crs.exe in the Cell Manager Service in the client in HP Data Protector does not properly validate credentials associated with the hostname, domain, and username, which allows remote attackers to exec…
2011-02-08
Critical
CVE-2011-0920
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via…
Critical
CVE-2011-0919
Multiple stack-based buffer overflows in the (1) POP3 and (2) IMAP services in IBM Lotus Domino allow remote attackers to execute arbitrary code via non-printable characters in an envelope sender add…
Critical
CVE-2011-0918
Stack-based buffer overflow in the NRouter (aka Router) service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long filenames associated with Content-ID and ATTACH:CID head…
Critical
CVE-2011-0917
Buffer overflow in nLDAP.exe in IBM Lotus Domino allows remote attackers to execute arbitrary code via a long string in an LDAP Bind operation, aka SPR KLYH87LMVX.
Critical
CVE-2011-0916
Stack-based buffer overflow in the SMTP service in IBM Lotus Domino allows remote attackers to execute arbitrary code via long arguments in a filename parameter in a malformed MIME e-mail message, ak…
Critical
CVE-2011-0915
Stack-based buffer overflow in nrouter.exe in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a long name parameter in a Content-Type header in a malformed Notes c…
Critical
CVE-2011-0914
Integer signedness error in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP client request, leading…
Critical
CVE-2011-0913
Stack-based buffer overflow in ndiiop.exe in the DIIOP implementation in the server in IBM Lotus Domino before 8.5.3 allows remote attackers to execute arbitrary code via a GIOP getEnvironmentString…
Critical
CVE-2011-0912
Argument injection vulnerability in IBM Lotus Notes 8.0.x before 8.0.2 FP6 and 8.5.x before 8.5.1 FP5 allows remote attackers to execute arbitrary code via a cai:// URL containing a --launcher.librar…
2011-02-07
Medium
CVE-2011-0902
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LI…
Medium
CVE-2011-0901
Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers t…
Medium
CVE-2011-0900
Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute…
Medium
CVE-2011-0522
The StripTags function in (1) the USF decoder (modules/codec/subtitles/subsdec.c) and (2) the Text decoder (modules/codec/subtitles/subsusf.c) in VideoLAN VLC Media Player 1.1 before 1.1.6-rc allows…
Critical
CVE-2011-0324
Multiple heap-based buffer overflows in Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allow remote attackers to execute arbitrary code via a long (1) KeyStr…
Critical
CVE-2011-0323
Topaz Systems SigPlus Pro ActiveX Control 3.95, and possibly other versions before 4.29, allows remote attackers to execute arbitrary code by calling the exposed unsafe (1) SetLogFilePath and (2) Sig…
2011-02-04
Medium
CVE-2011-0784
Race condition in Google Chrome before 9.0.597.84 allows remote attackers to execute arbitrary code via vectors related to audio.
Medium
CVE-2004-0694
Buffer overflow in LHA 1.14 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors related to "command line processing," a di…
2011-02-02
Medium
CVE-2010-3270
Stack-based buffer overflow in Cisco WebEx Meeting Center T27LB before SP21 EP3 and T27LC before SP22 allows user-assisted remote authenticated users to execute arbitrary code by providing a crafted…
Critical
CVE-2010-3269
Multiple stack-based buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to execu…
Critical
CVE-2010-3044
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of…
Critical
CVE-2010-3043
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of…
Critical
CVE-2010-3042
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of…
Critical
CVE-2010-3041
Multiple buffer overflows in the Cisco WebEx Recording Format (WRF) and Advanced Recording Format (ARF) Players T27LB before SP21 EP3 and T27LC before SP22 allow remote attackers to cause a denial of…
Critical
CVE-2011-0742
Buffer overflow in ZfHIPCND.exe in Novell ZENworks Handheld Management 7.0 allows remote attackers to execute arbitrary code via a crafted IP Conduit packet to TCP port 2400.
Critical
CVE-2011-0276
HP OpenView Performance Insight Server 5.2, 5.3, 5.31, 5.4, and 5.41 contains a "hidden account" in the com.trinagy.security.XMLUserManager Java class, which allows remote attackers to execute arbitr…
Medium
CVE-2010-4652
Heap-based buffer overflow in the sql_prepare_where function (contrib/mod_sql.c) in ProFTPD before 1.3.3d, when mod_sql is enabled, allows remote attackers to cause a denial of service (crash) and po…
Medium
CVE-2010-4015
Buffer overflow in the gettoken function in contrib/intarray/_int_bool.c in the intarray array module in PostgreSQL 9.0.x before 9.0.3, 8.4.x before 8.4.7, 8.3.x before 8.3.14, and 8.2.x before 8.2.2…
High
CVE-2010-3719
Eval injection vulnerability in IMAdminSchedTask.asp in the administrative interface for Symantec IM Manager 8.4.16 and earlier allows remote attackers to execute arbitrary code via unspecified param…
2011-02-01
High
CVE-2011-0731
Buffer overflow in the DB2 Administration Server (DAS) component in IBM DB2 9.1 before FP10, 9.5 before FP7, and 9.7 before FP3 on Linux, UNIX, and Windows allows remote attackers to execute arbitrar…
2011-01-31
Critical
CVE-2011-0682
Integer truncation error in opera.dll in Opera before 11.01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML form with a select element t…
Critical
CVE-2010-4393
Heap-based buffer overflow in vidplin.dll in RealNetworks RealPlayer 11.0 through 11.1 and 14.0.x before 14.0.2, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code…
High
CVE-2010-0110
Multiple stack-based buffer overflows in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 1…
High
CVE-2011-0450
The downloads manager in Opera before 11.01 on Windows does not properly determine the pathname of the filesystem-viewing application, which allows user-assisted remote attackers to execute arbitrary…
Medium
CVE-2010-4717
Multiple stack-based buffer overflows in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long (1)…
Critical
CVE-2010-4714
Multiple stack-based buffer overflows in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a long HTTP Host header to (1) gwpoa.exe in the Post Office Agent, (2) gwm…
Critical
CVE-2010-4713
Integer signedness error in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a signed integer value in the Content-T…
Critical
CVE-2010-4712
Multiple stack-based buffer overflows in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via a Content-Type header conta…
Critical
CVE-2010-4711
Double free vulnerability in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allows remote attackers to execute arbitrary code via a large parameter in…
2011-01-28
Critical
CVE-2010-4643
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…
Critical
CVE-2010-4253
Heap-based buffer overflow in Impress in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a…
Critical
CVE-2010-3454
Multiple off-by-one errors in the WW8DopTypography::ReadFromMem function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allow remote attackers to cause a denial of service (application cr…
Critical
CVE-2010-3453
The WW8ListManager::WW8ListManager function in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 does not properly handle an unspecified number of list levels in user-defined list styles in WW8…
Critical
CVE-2010-3452
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
Critical
CVE-2010-3451
Use-after-free vulnerability in oowriter in OpenOffice.org (OOo) 2.x and 3.x before 3.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via…
Critical
CVE-2010-2777
Stack-based buffer overflow in the IMAP server component in GroupWise Internet Agent (GWIA) in Novell GroupWise 7.x before 7.0 post-SP4 FTF and 8.x before 8.0 SP2 allows remote attackers to execute a…
Medium
CVE-2011-0678
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDire…
Critical
CVE-2010-4326
Multiple buffer overflows in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP allow remote attackers to execute arbitrary code via variables in a VCALENDAR message, as…
Critical
CVE-2010-4325
Buffer overflow in gwwww1.dll in GroupWise Internet Agent (GWIA) in Novell GroupWise before 8.02HP2 allows remote attackers to execute arbitrary code via a crafted TZID variable in a VCALENDAR messag…
High
CVE-2011-0651
Buffer overflow in the key exchange functionality in Icon Labs Iconfidant SSL Server before 1.3.0 allows remote attackers to execute arbitrary code via a client master key packet in which the sum of…
High
CVE-2011-0520
The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly…
High
CVE-2010-4709
Heap-based buffer overflow in Automated Solutions Modbus/TCP Master OPC Server before 3.0.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a MODB…
2011-01-25
Critical
CVE-2011-0021
Multiple heap-based buffer overflows in cdg.c in the CDG decoder in VideoLAN VLC Media Player before 1.1.6 allow remote attackers to cause a denial of service (application crash) or possibly execute…
Critical
CVE-2011-0273
Buffer overflow in crs.exe in HP OpenView Storage Data Protector Cell Manager 6.11 allows remote attackers to execute arbitrary code via unspecified message types.
Medium
CVE-2010-4353
Unrestricted file upload vulnerability in modules/gallery/models/item.php in Menalto Gallery before 3.0 and beta allows remote authenticated users with upload permissions to execute arbitrary code by…
2011-01-24
High
CVE-2011-0020
Heap-based buffer overflow in the pango_ft2_font_render_box_glyph function in pango/pangoft2-render.c in libpango in Pango 1.28.3 and earlier, when the FreeType2 backend is enabled, allows user-assis…
2011-01-20
Critical
CVE-2011-0517
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary cod…
High
CVE-2011-0513
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
Medium
CVE-2011-0506
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] p…
Critical
CVE-2011-0501
Stack-based buffer overflow in Music Animation Machine MIDI Player 2006aug19 Release 035 and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long line in…
Critical
CVE-2011-0500
Buffer overflow in VideoSpirit Pro 1.6.8.1, 1.68, and earlier; and VideoSpirit Lite 1.4.0.1 and possibly other versions; allows user-assisted remote attackers to execute arbitrary code via a VideoSpi…
Critical
CVE-2011-0499
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via…
Critical
CVE-2011-0498
Stack-based buffer overflow in Nokia Multimedia Player 1.00.55.5010, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbit…
Critical
CVE-2011-0496
Unspecified vulnerability in Sybase EAServer 5.x and 6.x before 6.3 ESD#2, as used in Appeon, Replication Server Messaging Edition (RSME), and WorkSpace, allows remote attackers to install arbitrary…
Medium
CVE-2011-0495
Stack-based buffer overflow in the ast_uri_encode function in main/utils.c in Asterisk Open Source before 1.4.38.1, 1.4.39.1, 1.6.1.21, 1.6.2.15.1, 1.6.2.16.1, 1.8.1.2, 1.8.2.; and Business Edition b…
High
CVE-2010-4701
Heap-based buffer overflow in the CDrawPoly::Serialize function in fxscover.exe in Microsoft Windows Fax Services Cover Page Editor 5.2 r2 in Windows XP Professional SP3, Server 2003 R2 Enterprise Ed…
High
CVE-2010-4267
Stack-based buffer overflow in the hpmud_get_pml function in io/hpmud/pml.c in Hewlett-Packard Linux Imaging and Printing (HPLIP) 1.6.7, 3.9.8, 3.10.9, and probably other versions allows remote attac…
2011-01-19
Critical
CVE-2010-3599
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors r…