Lucene search
K

5862 matches found

Tenable Nessus
Tenable Nessus
added 2008/03/31 12:0 a.m.27 views

Debian DSA-1533-2 : exiftags - insufficient input sanitizing

Christian Schmid and Meder Kydyraliev Google Security discovered a number of vulnerabilities in exiftags, a utility for extracting EXIF metadata from JPEG images. The Common Vulnerabilities and Exposures project identified the following three problems : - CVE-2007-6354 Inadequate EXIF property...

10CVSS5.8AI score0.0264EPSS
Exploits0References8
OSV
OSV
added 2008/03/27 12:0 a.m.19 views

DSA-1533-1 exiftags

Bulletin has no description...

10CVSS6AI score0.0264EPSS
Exploits0
Check Point Advisories
Check Point Advisories
added 2008/03/13 12:0 a.m.14 views

Microsoft Excel Rich Text Handling Code Execution (MS08-014; CVE-2008-0116; CVE-2009-0238)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a targe...

9.3CVSS7.5AI score0.48229EPSS
Exploits5
NVD
NVD
added 2008/03/11 11:44 p.m.36 views

CVE-2008-0111

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."...

9.3CVSS7.5AI score0.50862EPSS
Exploits1References7
Prion
Prion
added 2008/03/11 11:44 p.m.25 views

Input validation

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."...

9.3CVSS7.8AI score0.50862EPSS
Exploits1References7Affected Software3
Cvelist
Cvelist
added 2008/03/11 11:0 p.m.38 views

CVE-2008-0111

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2007, Viewer 2003, Compatibility Pack, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted data validation records, aka "Excel Data Validation Record Vulnerability."...

9.7AI score0.50862EPSS
Exploits1References7
CVE
CVE
added 2008/03/11 11:0 p.m.67 views

CVE-2008-0111

CVE-2008-0111 : A remote code execution vulnerability in Microsoft Excel 2000 SP3 through 2007, Excel Viewer 2003, Compatibility Pack, and Office 2004 for Mac exists due to improper validation of data in BIFF8 data validation records when loading files. Exploitation requires a user to open a craf...

9.3CVSS9.7AI score0.50862EPSS
Exploits1References7Affected Software4
Check Point Advisories
Check Point Advisories
added 2008/03/11 12:0 a.m.12 views

Microsoft Excel Data Validation Record Processing Code Execution (MS08-014; CVE-2008-0111)

Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a targe...

9.3CVSS7.3AI score0.50862EPSS
Exploits1
seebug.org
seebug.org
added 2007/08/23 12:0 a.m.205 views

Apache Tomcat多个远程信息泄露漏洞

BUGTRAQ ID: 25316 CVECAN ID: CVE-2007-3385,CVE-2007-3382 Apache Tomcat是一个流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理用户请求数据时存在输入验证漏洞,远程攻击者可能利用此漏洞获取会话相关的敏感信息。 Apache Tomcat没有正确的处理Cookie值中的“" ”字符序列,且错误地将Cookie值中的单引号处理为分隔符,在某些情况下,这可能导致泄露敏感信息,如会话ID。 Apache Group Tomcat 6.0.0 - 6.0.13 Apache Group Tomcat 5.5.0...

4.3CVSS5.6AI score0.37497EPSS
Exploits4
Prion
Prion
added 2007/01/30 6:28 p.m.22 views

Design/Logic Flaw

PGP Desktop before 9.5.1 does not validate data objects received over the 1 \pipe\pgpserv named pipe for PGPServ.exe or the 2 \pipe\pgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges by sending a data object representing an absolute pointer, which...

7.1CVSS7.5AI score0.05133EPSS
Exploits0References11Affected Software1
exploitpack
exploitpack
added 2006/12/09 12:0 a.m.15 views

AnnonceScriptHP 2.0 - email.php?id SQL Injection

AnnonceScriptHP 2.0 - email.php?id SQL Injection source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2006/11/16 12:0 a.m.36 views

Outpost Firewall privilege escalation

Insufficient incoming data validation for DeviceSandBox device driver and SSDT hoocked functions...

3.5AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2006/10/11 12:0 a.m.53 views

[Full-disclosure] PacSec Hype Security Team: CGI.pm param injection

====================================================================== PacSec Hype Security Team param injection in CGI.pm and inheritors allows SQL injection and manipulation of data bypassing many perl web form validators ======================================================================...

8.1AI score
Exploits0
OSV
OSV
added 2006/06/14 12:0 a.m.41 views

DSA-1097-1 kernel-source-2.4.27 - several vulnerabilities

Bulletin has no description...

10CVSS5.8AI score0.06797EPSS
Exploits1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2006/04/26 12:0 a.m.39 views

JVN#72225922 Apache Struts Validator allows to bypass input data validation

Impact Depending on the web application, an attacker may be able to manipulate unexpected operations by bypassing validation of input data. For example, unintended format data may be saved. Solution Products Affected Apache Struts 1.2.8 and earlier...

7.5CVSS7.4AI score0.06142EPSS
Exploits0
securityvulns
securityvulns
added 2006/03/15 12:0 a.m.60 views

[Full-disclosure] [HV-HIGH] Microsoft Excel Named Range Arbitrary Code Execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Microsoft Excel Named Range Arbitrary Code Execution Classification: =============== Level: low-med-HIGH-crit ID: HEXVIEW200603141 URL: http://www.hexview.com/docs/20060314-1.txt References: =============== Originally published by fearwall on eBay CVE...

6.8CVSS0.5AI score0.31108EPSS
Exploits0
Exploit DB
Exploit DB
added 2006/02/11 12:0 a.m.25 views

LinPHA 0.9.x/1.0 - 'forth_stage_install.php' Local File Inclusion

source: https://www.securityfocus.com/bid/16592/info LinPHA is prone to multiple local file-inclusion and PHP code-injection vulnerabilities. The local file-inclusion issues are due to insecure use of the 'includeonce' PHP function in multiple scripts. The PHP code-injection vulnerabilities are d...

7.4AI score
Exploits0
CVE
CVE
added 2005/11/29 10:0 p.m.45 views

CVE-2005-3901

CVE-2005-3901 affects Macromedia Flash Communication Server MX 1.0 and 1.5, where certain RTMP data is not properly validated, enabling a denial of service (instability or crash). The vulnerability is demonstrated using an alpha release build of Flash Player 8.5 (build 133). The connected documen...

7.8CVSS7AI score0.01491EPSS
Exploits0References5Affected Software1
Symantec
Symantec
added 2005/08/09 12:0 a.m.16 views

Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability

Description The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials. Attackers...

0.1AI score
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2005/07/12 12:0 a.m.21 views

Hardware Cisco IP phones SIP messages spoofing

Due to insufficient data validation an attacker can send Messages-Waiting message to phone...

1.5AI score
Exploits0References1Affected Software1
Rows per page
Query Builder