Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog...
7.6AI Score
0.004EPSS
Buffer overflow in the CreateDIBPalette function in win32k.sys in Microsoft Windows XP SP3, Server 2003 R2 Enterprise SP2, Vista Business SP1, Windows 7, and Server 2008 SP2 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by performing a clipboard...
7.6AI Score
0.098EPSS
Untrusted search path vulnerability in the Data Access Objects (DAO) library (dao360.dll) in Microsoft Windows XP Professional SP3, Windows Server 2003 R2 Enterprise Edition SP3, Windows Vista Business SP1, and Windows 7 Professional allows local users, and possibly remote attackers, to execute...
7.4AI Score
0.053EPSS
Microsoft Windows 2008, 7, Vista, 2003, 2000, and XP, when using IPv6, allows remote attackers to determine whether a host is sniffing the network by sending an ICMPv6 Echo Request to a multicast address and determining whether an Echo Reply is sent, as demonstrated by thcping. NOTE: due to a...
6.3AI Score
0.256EPSS
CFNetwork in Apple Safari before 5.0.6 on Windows allows remote web servers to execute arbitrary code by replaying the NTLM credentials of a client user, related to a "credential reflection"...
8.5AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in CFNetwork in Apple Safari before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via a crafted text/plain...
6.4AI Score
0.001EPSS
Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2, and Windows 7 allow local users to gain privileges by leveraging access to a process with NetworkService credentials, as demonstrated by TAPI Server, SQL Server, and IIS processes,....
7.5AI Score
0.001EPSS
Foxit Reader before 5.3 on Windows XP and Windows 7 allows remote attackers to execute arbitrary code via a PDF document with a crafted attachment that triggers calculation of a negative number during processing of cross...
7.7AI Score
0.01EPSS
WebKit in Apple Safari before 5.0.6 allows user-assisted remote attackers to read arbitrary files via vectors related to improper canonicalization of URLs within RSS...
7.6AI Score
0.002EPSS
Apple Safari before 5.0.6 provides AutoFill information to scripts that execute before HTML form submission, which allows remote attackers to obtain Address Book information via a crafted form, as demonstrated by a form that includes non-visible...
7.5AI Score
0.002EPSS
Stack-based buffer overflow in the QuickTime ActiveX control in Apple QuickTime before 7.7 on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted QTL...
7.9AI Score
0.01EPSS
CFNetwork in Apple Safari before 5.0.6 on Windows does not properly handle an untrusted attribute of a system root certificate, which allows remote web servers to bypass intended SSL restrictions via a certificate signed by a blacklisted certification...
7.8AI Score
0.001EPSS
Apple Safari before 5.0.6 allows remote attackers to bypass the Same Origin Policy, and modify the rendering of text from arbitrary web sites, via a Java applet that loads...
7.8AI Score
0.002EPSS
Microsoft Windows Server 2008 R2 and R2 SP1 and Windows 7 Gold and SP1 do not properly enforce AppLocker rules, which allows local users to bypass intended access restrictions via a (1) macro or (2) scripting feature in an application, as demonstrated by Microsoft Office applications and the...
6.1AI Score
0.001EPSS
Unspecified vulnerability in Microsoft Windows 7 SP1, when Java is installed, allows local users to bypass Internet Explorer sandbox restrictions and gain privileges via unknown vectors, as demonstrated by the White Phosphorus wp_ie_sandbox_escape module for Immunity CANVAS. NOTE: as of 20111207,.....
6.6AI Score
0.001EPSS
The default configuration of Microsoft Windows 7 immediately prefers a new IPv6 and DHCPv6 service over a currently used IPv4 and DHCPv4 service upon receipt of an IPv6 Router Advertisement (RA), and does not provide an option to ignore an unexpected RA, which allows remote attackers to conduct...
6.5AI Score
0.004EPSS
The XSL Content portlet in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA, when Apache Tomcat or Oracle GlassFish is used, allows remote authenticated users to read arbitrary (1) XSL and (2) XML files via a file:///...
6.2AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than...
5.3AI Score
0.006EPSS
Unspecified vulnerability in the kernel in Microsoft Windows 7 allows local users to gain privileges via unknown vectors, as demonstrated by Nils and Jon of MWR Labs during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than...
6.1AI Score
0.547EPSS
Unspecified vulnerability in Microsoft Windows 7 allows attackers to bypass the ASLR and DEP protection mechanisms via unknown vectors, as demonstrated against Firefox by VUPEN during a Pwn2Own competition at CanSecWest 2013, a different vulnerability than...
6.1AI Score
0.097EPSS
Integer overflow in the NWFS.SYS kernel driver 4.91.5.8 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003 and the NCPL.SYS kernel driver in Novell Client 2 SP2 on Windows Vista and Windows Server 2008 and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and...
6.9AI Score
0.001EPSS
DirectAccess in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly verify server X.509 certificates, which...
6.2AI Score
0.001EPSS
7.8CVSS
8.5AI Score
0.0004EPSS
7.8CVSS
8.7AI Score
0.002EPSS
8.1CVSS
7.8AI Score
0.007EPSS
7.8CVSS
8.5AI Score
0.0004EPSS
6.5CVSS
6.6AI Score
0.005EPSS
8.8CVSS
9.2AI Score
0.012EPSS
6.5CVSS
6.6AI Score
0.005EPSS
5.5CVSS
6.1AI Score
0.0004EPSS
7.8CVSS
8.4AI Score
0.0004EPSS
7.5CVSS
7.6AI Score
0.002EPSS
7.8CVSS
7.5AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.012EPSS
8.8CVSS
9.2AI Score
0.015EPSS
8.8CVSS
9.2AI Score
0.015EPSS
8.8CVSS
9.2AI Score
0.015EPSS
7.5CVSS
7.6AI Score
0.001EPSS
8.8CVSS
9.2AI Score
0.015EPSS
8.8CVSS
8.9AI Score
0.015EPSS
8.8CVSS
8.9AI Score
0.015EPSS
8.8CVSS
8.9AI Score
0.015EPSS
8.8CVSS
8.9AI Score
0.015EPSS
7.8CVSS
8.4AI Score
0.0004EPSS
7.8CVSS
8.4AI Score
0.0004EPSS
9.8CVSS
9.5AI Score
0.011EPSS
5.5CVSS
5.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
8.8CVSS
8.9AI Score
0.015EPSS