Lucene search
+L

1180 matches found

CERT
CERT
•added 2006/09/01 12:0 a.m.•21 views

Retro64 / Miniclip CR64Loader ActiveX control buffer overflow

Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...

7.5CVSS7.4AI score0.04345EPSS
Exploits0References2
CERT
CERT
•added 2006/06/13 12:0 a.m.•29 views

Microsoft DXImageTransform Light filter fails to validate input

Overview The Microsoft DXImageTransform Light COM object fails to validate input, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can be...

9.3CVSS6.6AI score0.40296EPSS
Exploits0References5
Prion
Prion
•added 2006/01/27 10:3 p.m.•26 views

Design/Logic Flaw

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. NOTE: CERT/CC claims...

7.5CVSS6.8AI score0.19635EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
•added 2006/01/19 5:38 p.m.•7 views

security flaw

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with 1 a large "number of components" value that is not checked by...

7.5CVSS7.6AI score0.05566EPSS
Exploits2References4
CERT
CERT
•added 2005/06/14 12:0 a.m.•44 views

Microsoft Windows help viewer vulnerable to heap overflow

Overview A vulnerability exists in the Microsoft Windows help viewer application that could allow a remote attacker to execute code of their choosing on a vulnerable system. Description The Microsoft Windows help viewer winhlp32.exe provides application assistance to users through a special type ...

5.1CVSS7.2AI score0.34537EPSS
Exploits1References3
Exploit DB
Exploit DB
•added 2005/04/04 12:0 a.m.•44 views

Linux Kernel PPC64/IA64 (AIO) - Local Denial of Service

// // Proof of Concept by Daniel McNeil // compile using cc -o aiodioread aiodioread.c -laio // define XOPENSOURCE 600 define GNUSOURCE include include include include include include include include include include int pagesize; char iobuf; iocontextt myctx; int aiomaxio = 4; / do a AIO DIO writ...

7.4AI score
Exploits0
RedHat Linux
RedHat Linux
•added 2005/04/01 2:39 p.m.•6 views

security flaw

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a crafted PD...

9.3CVSS6.2AI score0.06576EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
•added 2005/02/16 12:0 a.m.•50 views

HP-UX PHNE_28143 : HPSBUX0305-261 SSRT3451 Potential Security Vulnerability in HP-UX network drivers (Data Leakage) (rev. 01)

s700800 11.00 LAN product cumulative patch : Potential for Ethernet device drivers to reuse packet data for padding. Cross-reference: CERT/cc VU412115 and CVE CAN-2003-0001. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted fr...

5CVSS5.9AI score0.73006EPSS
Exploits15References1
NVD
NVD
•added 2003/12/31 5:0 a.m.•17 views

CVE-2003-1556

Cross-site scripting XSS vulnerability in ccguestbook.pl in CGI City CC GuestBook allows remote attackers to inject arbitrary web script or HTML via the 1 name and 2 homepagetitle webpage title parameters...

4.3CVSS5.7AI score0.01624EPSS
Exploits0References3
Cvelist
Cvelist
•added 2003/04/02 5:0 a.m.•27 views

CVE-2001-1407

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug...

6.5AI score0.01163EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
•added 2003/03/30 12:0 a.m.•242 views

CC GuestBook cc_guestbook.pl Multiple Parameter XSS

The remote host is running ccguestbook.pl, a guestbook written in Perl. This CGI is vulnerable to a cross-site scripting attack. An attacker may use this flaw to steal the cookies of your users. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. Ref: From: "BrainRawt ." To:...

4.3CVSS5.2AI score0.01624EPSS
Exploits0References1
CERT
CERT
•added 2002/09/27 12:0 a.m.•34 views

Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution

Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...

7.5CVSS7.3AI score0.02966EPSS
Exploits0References4
CERT
CERT
•added 2002/09/26 12:0 a.m.•183 views

Unix Manual PHP-Script does not adequately validate user input thereby allowing arbitrary command execution

Overview User Manual does not adequately validate user input, allowing attackers to execute arbitrary commands on the server. Description Unix Manual as known as manual.php is a PHP script used to lookup and display man pages on the web. User Manual does not adequately filter user input before...

7.5CVSS7.2AI score0.03646EPSS
Exploits0References1
CERT
CERT
•added 2002/09/16 12:0 a.m.•17 views

x_news allows unauthorized users to access administrative menu

Overview xnews allows a user to authenticate without supplying the user's plaintext password. Description xnews is a system for managing news. When a user logs in to xnews version 1.1 using a plaintext password, xnews hashes the password with MD5 and compares it to user's hash stored in the file...

7.1AI score
Exploits0References2
CERT
CERT
•added 2002/08/05 12:0 a.m.•15 views

Magic Enterprise contains multiple shell scripts that allow arbitrary file overwriting via symlink redirection of temporary file

Overview Some versions of Magic eDeveloper Enterprise Edition contain a symbolic-link vulnerability that allows attackers to overwrite data or execute arbitrary commands. Description Magic eDeveloper is a development environment for large-scale and distributed applications.Magic eDeveloper...

8AI score
Exploits0References1
CERT
CERT
•added 2002/06/13 12:0 a.m.•19 views

Lotus Domino Web Server discloses IP address

Overview Lotus Domino Web server discloses its IP address to some HTTP requests. Description Lotus Domino can be coerced to reveal its IP address by sending it a crafted HTTP request. --- Impact Attackers can discover limited information about the numbering of the Domino server's network. ---...

5CVSS6.1AI score0.02302EPSS
Exploits0References1
CERT
CERT
•added 2002/03/03 12:0 a.m.•32 views

cryptcat does not encrypt data communications when -e command argument is used

Overview With certain options used, cryptcat does not encrypt network connections as expected. Description Cryptcat is an enhanced version of netcat that adds twofish encryption.If cryptcat is started in listen server mode binding a shell to a network port, cryptcat fails to enable encryption...

6.8AI score
Exploits0References1
CERT
CERT
•added 2001/01/18 12:0 a.m.•25 views

Older SSH clients do not allow users to disable X11 forwarding

Overview This vulnerability may allow an attacker to make unauthorized connections to affected client machines. Description Older versions of the SSH client do not allow the user to disable X11 forwarding. As a result, if the client connects to a malicious server, the server can open an X11...

5.1CVSS6AI score0.00972EPSS
Exploits0References1
CERT
CERT
•added 2000/10/27 12:0 a.m.•89 views

Distributed GL Daemon (DGLD) allows attackers to identify IRIX systems

Overview Attackers are using the presence of the dgld service to identify SGI IRIX systems. Description The CERT/CC has received multiple reports of an apparent vulnerability in the Distributed GL Daemon on SGI IRIX systems. Upon further investigation, it is our belief that no vulnerability exist...

5CVSS6.3AI score0.01491EPSS
Exploits0
CVE
CVE
•added 2000/02/04 5:0 a.m.•46 views

CVE-1999-0985

CVE-1999-0985 affects the CC Whois program. The vulnerability arises in the whois.cgi entry for a domain, where remote attackers can cause command execution by injecting shell metacharacters. The available documents describe the issue but do not specify affected versions or provide an official fi...

7.5CVSS7.6AI score0.08943EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder