CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2010 (CVSS score >= 7)

CVSS Scores Greater Than: 0   1   2   3   4   5   6   7   8   9  
Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2009-2753 119 Exec Code Overflow 2010-03-05 2018-10-10
10.0
 None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
2 CVE-2009-2754 189 Exec Code Overflow 2010-03-05 2018-10-10
10.0
 None Remote Low Not required Complete Complete Complete
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.
3 CVE-2009-3032 189 Exec Code Overflow 2010-03-05 2013-02-07
10.0
 None Remote Low Not required Complete Complete Complete
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.
4 CVE-2009-3245 20 2010-03-05 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent attack vectors.
5 CVE-2009-4660 119 2 Exec Code Overflow 2010-03-03 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the AntServer Module (AntServer.exe) in BigAnt IM Server 2.50 allows remote attackers to execute arbitrary code via a long GET request to TCP port 6660.
6 CVE-2009-4741 2010-03-26 2010-03-29
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Extras Manager before 2.0.0.67 in Skype before 4.1.0.179 on Windows has unknown impact and attack vectors.
7 CVE-2010-0055 2010-03-30 2020-01-17
10.0
 None Remote Low Not required Complete Complete Complete
xar in Apple Mac OS X 10.5.8 does not properly validate package signatures, which allows attackers to have an unspecified impact via a modified package.
8 CVE-2010-0104 Exec Code 2010-03-18 2019-10-09
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Broadcom Integrated NIC Management Firmware 1.x before 1.40.0.0 and 8.x before 8.08 on the HP Small Form Factor and Microtower platforms allows remote attackers to execute arbitrary code via unknown vectors.
9 CVE-2010-0418 78 Exec Code 2010-03-10 2010-03-31
10.0
 None Remote Low Not required Complete Complete Complete
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.
10 CVE-2010-0425 Exec Code 2010-03-05 2021-06-06
10.0
 None Remote Low Not required Complete Complete Complete
modules/arch/win32/mod_isapi.c in mod_isapi in the Apache HTTP Server 2.0.37 through 2.0.63, 2.2.0 through 2.2.14, and 2.3.x before 2.3.7, when running on Windows, does not ensure that request processing is complete before calling isapi_unload for an ISAPI .dll module, which allows remote attackers to execute arbitrary code via unspecified vectors related to a crafted request, a reset packet, and "orphaned callback pointers."
11 CVE-2010-0447 287 Exec Code 2010-03-10 2018-10-10
10.0
 None Remote Low Not required Complete Complete Complete
The helpmanager servlet in the web server in HP OpenView Performance Insight (OVPI) 5.4 and earlier does not properly authenticate and validate requests, which allows remote attackers to execute arbitrary commands via vectors involving upload of a JSP document.
12 CVE-2010-0508 2010-03-30 2010-03-31
10.0
 None Remote Low Not required Complete Complete Complete
Mail in Apple Mac OS X before 10.6.3 does not disable the filter rules associated with a deleted mail account, which has unspecified impact and attack vectors.
13 CVE-2010-0570 255 Exec Code 2010-03-05 2017-08-17
10.0
 None Remote Low Not required Complete Complete Complete
Cisco Digital Media Manager (DMM) 5.0.x and 5.1.x has a default password for the Tomcat administration account, which makes it easier for remote attackers to execute arbitrary code via a crafted web application, aka Bug ID CSCta03378.
14 CVE-2010-0580 Exec Code 2010-03-25 2010-04-13
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz48680, the "SIP Message Processing Arbitrary Code Execution Vulnerability."
15 CVE-2010-0581 Exec Code 2010-03-25 2010-04-13
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the SIP implementation in Cisco IOS 12.3 and 12.4 allows remote attackers to execute arbitrary code via a malformed SIP message, aka Bug ID CSCsz89904, the "SIP Packet Parsing Arbitrary Code Execution Vulnerability."
16 CVE-2010-0918 2010-03-03 2017-08-17
10.0
 None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
17 CVE-2010-1041 2010-03-23 2010-06-11
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the single sign-on functionality in the Web Services implementation in IBM DB2 Content Manager (CM) Toolkit 8.3 before FP13 on z/OS and DB2 Information Integrator for Content 8.3 before FP13 has unknown impact and remote attack vectors.
18 CVE-2010-1118 Exec Code 2010-03-25 2021-07-23
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Internet Explorer 8 on Microsoft Windows 7 allows remote attackers to execute arbitrary code via unknown vectors, possibly related to a use-after-free issue, as demonstrated by Peter Vreugdenhil during a Pwn2Own competition at CanSecWest 2010.
19 CVE-2010-1119 399 DoS Exec Code 2010-03-25 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 through 10.6 and Windows, Safari before 4.1 on Mac OS X 10.4, and Safari on Apple iPhone OS allows remote attackers to execute arbitrary code or cause a denial of service (application crash), or read the SMS database or other data, via vectors related to "attribute manipulation," as demonstrated by Vincenzo Iozzo and Ralf Philipp Weinmann during a Pwn2Own competition at CanSecWest 2010.
20 CVE-2010-1120 94 Exec Code 2010-03-25 2010-06-23
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Safari 4 on Apple Mac OS X 10.6 allows remote attackers to execute arbitrary code via unknown vectors, as demonstrated by Charlie Miller during a Pwn2Own competition at CanSecWest 2010.
21 CVE-2010-1121 94 Exec Code 2010-03-25 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Mozilla Firefox 3.6.x before 3.6.3 does not properly manage the scopes of DOM nodes that are moved from one document to another, which allows remote attackers to conduct use-after-free attacks and execute arbitrary code via unspecified vectors involving improper interaction with garbage collection, as demonstrated by Nils during a Pwn2Own competition at CanSecWest 2010.
22 CVE-2010-1122 119 DoS Overflow Mem. Corr. 2010-03-25 2017-09-19
10.0
 None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Mozilla Firefox 3.5.x through 3.5.8 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly have unknown other impact via vectors that might involve compressed data, a different vulnerability than CVE-2010-1028.
23 CVE-2010-1185 119 Exec Code Overflow 2010-03-29 2018-10-10
10.0
 None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in serv.exe in SAP MaxDB 7.4.3.32, and 7.6.0.37 through 7.6.06 allows remote attackers to execute arbitrary code via an invalid length parameter in a handshake packet to TCP port 7210. NOTE: some of these details are obtained from third party information.
24 CVE-2009-4001 189 Exec Code Overflow 2010-03-15 2018-10-10
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.
25 CVE-2009-4656 119 1 DoS Exec Code Overflow 2010-03-03 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in E-Soft DJ Studio Pro 4.2 including 4.2.2.7.5, and 5.x including 5.1.4.3.1, allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a playlist file (.pls) containing a long string. NOTE: some of these details are obtained from third party information.
26 CVE-2009-4663 119 1 Exec Code Overflow 2010-03-03 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the Quiksoft EasyMail Objects 6 ActiveX control allows remote attackers to execute arbitrary code via a long argument to the AddAttachment method.
27 CVE-2009-4668 119 1 Exec Code Overflow 2010-03-05 2018-10-10
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.
28 CVE-2009-4676 119 Exec Code Overflow 2010-03-05 2010-03-08
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
29 CVE-2009-4754 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
30 CVE-2009-4755 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Multiple stack-based buffer overflows in Mercury Audio Player 1.21 allow remote attackers to execute arbitrary code via a long string in a malformed (1) .b4s or (2) .pls playlist file.
31 CVE-2009-4756 119 4 Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
32 CVE-2009-4757 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in BrotherSoft EW-MusicPlayer 0.8 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: some of these details are obtained from third party information.
33 CVE-2009-4758 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in dicas Mpegable Player 2.12 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .YUV file.
34 CVE-2009-4759 119 1 DoS Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Buffer overflow in BrotherSoft BMXPlay 0.4.4b allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .BMX file.
35 CVE-2009-4761 119 2 Exec Code Overflow 2010-03-29 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
36 CVE-2010-0040 189 DoS Exec Code Overflow 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows, and iTunes before 9.1, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.
37 CVE-2010-0043 94 DoS Exec Code Mem. Corr. 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
ImageIO in Apple Safari before 4.0.5 and iTunes before 9.1 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.
38 CVE-2010-0045 20 Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.
39 CVE-2010-0046 94 DoS Exec Code Mem. Corr. 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.
40 CVE-2010-0047 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."
41 CVE-2010-0048 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.
42 CVE-2010-0049 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
43 CVE-2010-0050 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.
44 CVE-2010-0052 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."
45 CVE-2010-0053 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.
46 CVE-2010-0054 399 DoS Exec Code 2010-03-15 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.
47 CVE-2010-0103 94 2010-03-10 2010-03-10
9.3
 None Remote Medium Not required Complete Complete Complete
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
48 CVE-2010-0164 399 DoS Exec Code Mem. Corr. 2010-03-25 2018-10-10
9.3
 None Remote Medium Not required Complete Complete Complete
Use-after-free vulnerability in the imgContainer::InternalAddFrameHelper function in src/imgContainer.cpp in libpr0n in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a multipart/x-mixed-replace animation in which the frames have different bits-per-pixel (bpp) values.
49 CVE-2010-0165 119 DoS Exec Code Overflow Mem. Corr. 2010-03-25 2017-09-19
9.3
 None Remote Medium Not required Complete Complete Complete
The TraceRecorder::traverseScopeChain function in js/src/jstracer.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors involving certain indirect calls to the JavaScript eval function.
50 CVE-2010-0167 119 DoS Exec Code Overflow Mem. Corr. 2010-03-25 2018-10-30
9.3
 None Remote Medium Not required Complete Complete Complete
The browser engine in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via vectors related to (1) layout/generic/nsBlockFrame.cpp and (2) the _evaluate function in modules/plugin/base/src/nsNPAPIPlugin.cpp.
Total number of vulnerabilities : 249   Page : 1 (This Page)2 3 4 5
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.