CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

seebug.org•added 2014/07/01 12:0 a.m.•22 views

MS SQL Server 2000,MS Jet 4.0 Engine Unicode Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5057/info Microsoft SQL Server is prone to a remotely exploitable unicode-based buffer overflow condition. This condition occurs when the OpenDataSource function is used with MS Jet Engine. This issue may be exploited to...

seebug.org•added 2014/07/01 12:0 a.m.•9 views

EnjoySAP ActiveX kweditcontrol.kwedit.1 - Remote Stack Overflow PoC

No description provided by source. !-- ======= Summary ======= Name: EnjoySAP, SAP GUI for Windows - Stack Overflow Release Date: 5 July 2007 Reference: NGS00483 Discover: Mark Litchfield [email protected] Vendor: SAP Vendor Reference: SECRES-289 Systems Affected: All Versions Risk: High Statu...

seebug.org•added 2014/07/01 12:0 a.m.•19 views

eDirectory 8.7.3 iMonitor Remote Stack Buffer Overflow

No description provided by source. $Id: edirectoryimonitor.rb 9812 2010-07-13 22:11:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms ...

Exploit DB•added 2010/07/13 12:0 a.m.•46 views

eDirectory 8.7.3 - iMonitor Remote Stack Buffer Overflow (Metasploit)

$Id: edirectoryimonitor.rb 9812 2010-07-13 22:11:40Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

7.5CVSS7AI score0.71755EPSS

Packet Storm•added 2009/11/26 12:0 a.m.•40 views

eDirectory 8.7.3 iMonitor Remote Stack Overflow

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'eDirectory...

7.5CVSS0.4AI score0.71755EPSS

Packet Storm•added 2009/10/26 12:0 a.m.•59 views

SharePoint Source Code Disclosure

======= Summary ======= Name: SharePoint Team Services source code disclosure through download facility Release Date: 21 October 2009 Reference: NGS00532 Discover: Daniel Martin Vendor: Microsoft Systems Affected: SharePoint 2007 12.0.0.6219, 12.0.0.4518 and possibly others Risk: Medium Status:...

7.4AI score

securityvulns•added 2009/08/26 12:0 a.m.•95 views

Oracle 11g (11.1.0.6) Password Policy and Compliance

Many security standards require the tracking of users' password history to prevent password re-use. In Oracle 11g 11.1.0.6, if a security administrator has enabled 11g passwords exclusively then tracking password history is broken. This can affect compliance. This was addressed by Oracle in their...

2.1CVSS0.00846EPSS

Exploits1

exploitpack•added 2009/02/18 12:0 a.m.•21 views

Oracle 10g - MDSYS.SDO_TOPO_DROP_FTBL SQL Injection (Metasploit)

Oracle 10g - MDSYS.SDOTOPODROPFTBL SQL Injection Metasploit $Id: droptabletrigger.rb This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

0.1AI score0.51598EPSS

securityvulns•added 2009/01/16 12:0 a.m.•87 views

Trigger Abuse of MDSYS.SDO_TOPO_DROP_FTBL in Oracle 10g R1 and R2

NGSSoftware Insight Security Research Advisory Name: Trigger abuse of MDSYS.SDOTOPODROPFTBL Systems Affected: Oracle 10g R1 and R2 10.1.0.5 and 10.2.0.2 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 23rd July 2008 Date of Public...

5.5CVSS0.3AI score0.51598EPSS

securityvulns•added 2008/09/16 12:0 a.m.•47 views

Critical Vulnerability in Apple Quicktime’s Indeo Codec

http://www.ngssoftware.com/advisories/critical-vulnerability-in-apple-quicktimes-indeo-codec/ Paul Byrne of NGSSoftware has discovered a critical vulnerability in Apple Quicktime's implementation of the Indeo Codec CVE-ID: CVE-2008-3615 which may allow an attacker to execute arbitrary code on a...

9.3CVSS0.3AI score0.03565EPSS

Exploits1

securityvulns•added 2008/05/01 12:0 a.m.•23 views

Critical Vulnerability in SNMPc

======= Summary ======= Name: Unauthenticated Stack Overflow in SNMPc Release Date: 30 April 2008 Reference: NGS00526 Discover: Wade Alcorn [email protected] and John Heasman [email protected] Vendor: Castle Rock Computing Systems Affected: SNMPc versions 7.1 and earlier Risk: Critical...

0.5AI score

CERT•added 2007/12/14 12:0 a.m.•33 views

Microsoft DirectX remote code execution

Overview Microsoft DirectX is vulnerable to a remote code execution vulnerability which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectX is a feature of the Microsoft Windows operating system used for streaming multimedia...

9.3CVSS7.7AI score0.62872EPSS

Exploits1References1

securityvulns•added 2007/10/18 12:0 a.m.•70 views

SQL Injection Flaw in Oracle Workspace Manager

resend with title... NGSSoftware Insight Security Research Advisory Name: SQL Injection Flaw in Oracle Workspace Manager Systems Affected: Oracle 10g release 1 and 2, Oracle 9i Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 22nd August...

7.9AI score

securityvulns•added 2007/10/18 12:0 a.m.•81 views

Oracle TNS Listener DoS and/or remote memory inspection

NGSSoftware Insight Security Research Advisory Name: Oracle TNS Listener DoS and/or remote memory inspection Systems Affected: Oracle 8.1.7.4, 10g Release 2 and 1, Oracle 9 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 22nd June 2006...

0.1AI score

securityvulns•added 2007/10/18 12:0 a.m.•61 views

Oracle audit issue with XMLDB ftp service

NGSSoftware Insight Security Research Advisory Name: Oracle audit issue with XMLDB ftp service Systems Affected: Oracle Oracle 9ir2, 10g Release 1 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 9th March 2006 Date of Public Advisory: 17...

0.1AI score

securityvulns•added 2007/10/18 12:0 a.m.•49 views

Multiple SQL Injection Flaws in Oracle CTX_DOC package

NGSSoftware Insight Security Research Advisory Name: Multiple SQL Injection Flaws in Oracle CTXDOC package Systems Affected: Oracle 10g release 1 and 2 Severity: High Vendor URL: http://www.oracle.com/ Author: David Litchfield [email protected] Reported: 6 June 2005 Date of Public Advisory:...

0.2AI score

Packet Storm•added 2007/07/10 12:0 a.m.•27 views

sapdb-seh.txt

/ Dreatica-FXP crew ---------------------------------------- Target : SAP DB 7.4 WebTools Site : http://www.sapdb.org Found by : NGSSoftware Insight Security Research ---------------------------------------- Exploit : SAP DB 7.4 WebTools Remote SEH overwrite exploit Exploit date : 07.07.2007...

7.4AI score

CERT•added 2007/07/09 12:0 a.m.•24 views

SAP Message Server heap buffer overflow

Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...

10CVSS7.7AI score0.66108EPSS

Exploits1References6

seebug.org•added 2007/07/08 12:0 a.m.•43 views

SAP DB 7.4 WebTools Remote SEH overwrite Exploit

No description provided by source. / Dreatica-FXP crew ---------------------------------------- Target : SAP DB 7.4 WebTools Site : http://www.sapdb.org Found by : NGSSoftware Insight Security Research ---------------------------------------- Exploit : SAP DB 7.4 WebTools Remote SEH overwrite...