Vulnerabilities > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2010-07-28 | CVE-2010-0211 | Unchecked Return Value vulnerability in multiple products The slap_modrdn2mods function in modrdn.c in OpenLDAP 2.4.22 does not check the return value of a call to the smr_normalize function, which allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a modrdn call with an RDN string containing invalid UTF-8 sequences, which triggers a free of an invalid, uninitialized pointer in the slap_mods_free function, as demonstrated using the Codenomicon LDAPv3 test suite. | 9.8 |
2010-07-22 | CVE-2009-4952 | Path Traversal vulnerability in Serge Gebhardt DIR Listing Directory traversal vulnerability in the Directory Listing (dir_listing) extension 1.1.0 and earlier for TYPO3 allows remote attackers to have an unspecified impact via unknown vectors. | 10.0 |
2010-07-22 | CVE-2010-2771 | Code Injection vulnerability in IBM Soliddb solid.exe in IBM solidDB before 6.5 FP2 allows remote attackers to execute arbitrary code via a long username field in the first handshake packet. | 10.0 |
2010-07-22 | CVE-2010-1972 | Configuration vulnerability in HP Client Automation Enterprise Infrastructure The default configuration of HP Client Automation (HPCA) Enterprise Infrastructure (aka Radia) allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests. | 9.0 |
2010-07-22 | CVE-2009-4897 | Buffer Errors vulnerability in Artifex products Buffer overflow in gs/psi/iscan.c in Ghostscript 8.64 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document containing a long name. | 9.3 |
2010-07-15 | CVE-2010-1881 | Code Injection vulnerability in Microsoft Access 2003 The FieldList ActiveX control in the Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 does not properly interact with the memory-access approach used by Internet Explorer and Office during instantiation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via an HTML document that references this control along with crafted persistent storage data, aka "ACCWIZ.dll Uninitialized Variable Vulnerability." | 9.3 |
2010-07-15 | CVE-2010-0814 | Code Injection vulnerability in Microsoft Access 2003/2007 The Microsoft Access Wizard Controls in ACCWIZ.dll in Microsoft Office Access 2003 SP3 and 2007 SP1 and SP2 do not properly interact with the memory-allocation approach used by Internet Explorer during instantiation, which allows remote attackers to execute arbitrary code via a web site that references multiple ActiveX controls, as demonstrated by the ImexGrid and FieldList controls, aka "Access ActiveX Control Vulnerability." | 9.3 |
2010-07-15 | CVE-2010-0266 | Code Injection vulnerability in Microsoft Outlook 2002/2003/2007 Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability." | 9.3 |
2010-07-13 | CVE-2010-0907 | Remote vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability than CVE-2010-0898, CVE-2010-0899, CVE-2010-0904, and CVE-2010-0906. | 10.0 |
2010-07-13 | CVE-2010-0906 | Remote vulnerability in Oracle Secure Backup 10.3.0.1 Unspecified vulnerability in Oracle Secure Backup 10.3.0.1 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors. | 9.0 |