CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7491 matches found

Saint•added 2012/04/27 12:0 a.m.•20 views

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

8AI score

Exploits0

Saint•added 2012/04/27 12:0 a.m.•31 views

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

0.1AI score

Exploits0

Atlassian•added 2012/04/19 1:22 a.m.•15 views

admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"

admin/createMissingPersonalInfo.jsp doesn't require a csrf token to trigger "build Personal Information objects". When fixing this issue, please ensure that the JSP is converted to an action or deleted - we don't want to have to maintain our XSRF infrastructure in JSPs...

2.2AI score

Exploits0Affected Software1

Atlassian•added 2012/04/19 1:22 a.m.•12 views

admin/createMissingPersonalInfo.jsp lacks an XSRF token to trigger "build Personal Information objects"

2.2AI score

Exploits0Affected Software1

Vulnerability Lab•added 2012/04/13 12:0 a.m.•31 views

EmbryoCore CMS v1.03 - Multiple Web Vulnerabilities

Document Title: =============== EmbryoCore CMS v1.03 - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=503 Release Date: ============= 2012-04-13 Vulnerability Laboratory ID VL-ID: ==================================== 503...

7.1AI score

Exploits0

Metasploit•added 2012/04/12 8:45 a.m.•19 views

Quest InTrust Annotation Objects Uninitialized Pointer

This module exploits an uninitialized variable vulnerability in the Annotation Objects ActiveX component. The ActiveX component loads into memory without opting into ALSR so this module exploits the vulnerability against windows Vista and Windows 7 targets. A large heap spray is required to fulfi...

10CVSS6.9AI score0.81342EPSS

Exploits2

Prion•added 2012/04/10 9:55 p.m.•20 views

Remote code execution

Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by accessing a deleted object, aka "OnReadyStateChange Remote Code Execution Vulnerability."...

9.3CVSS8.6AI score0.5845EPSS

Exploits1References6Affected Software1

0day.today•added 2012/03/28 12:0 a.m.•19 views

Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll

Exploit for windows platform in category remote exploits Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution homepage: http://www.quest.com/intrust/ description: "InTrust securely collects, stores, reports and alerts on event log data...

7.1AI score

Exploits0

exploitpack•added 2012/03/28 12:0 a.m.•24 views

Quest InTrust 10.4.x - Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution

Quest InTrust 10.4.x - Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution homepage: http://www.quest.com/intrust/ description: "InTrust...

0.6AI score

Exploits0

securityvulns•added 2012/03/19 12:0 a.m.•54 views

SAP Business Objects XI R2 Infoview Multiple XSS

Class Input Validation Error Remote Yes Published 10 February 11:00AM Vulnerable XI R2 SAP Business Objects is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data. An attacker may leverage this issue to execute arbitrary script code in the...

1.3AI score

Exploits0

GitLab Advisory Database•added 2012/03/13 12:0 a.m.•29 views

Direct Manipulation XSS

Ruby on Rails contains a flaw that allows a remote cross-site scripting XSS attack. This flaw exists because the application does not validate direct manipulations of SafeBuffer objects via '' and other methods. This may allow a user to create a specially crafted request that would execute...

4.3CVSS3.2AI score0.00377EPSS

Exploits0References2Affected Software1

OpenVAS•added 2012/03/12 12:0 a.m.•33 views

Debian: Security Advisory (DSA-2408-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.8AI score0.1067EPSS

Exploits36References3

Packet Storm•added 2012/03/08 12:0 a.m.•18 views

SAP Business Objects XI R2 Cross Site Scripting

0.6AI score

Exploits0

exploitpack•added 2012/03/08 12:0 a.m.•16 views

SAP Business Objects InfoVew System - listing.aspx?searchText Cross-Site Scripting

SAP Business Objects InfoVew System - listing.aspx?searchText Cross-Site Scripting source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

Exploits0

exploitpack•added 2012/03/08 12:0 a.m.•9 views

SAP Business Objects InfoView System - webiwebi_modify.aspx?id Cross-Site Scripting

SAP Business Objects InfoView System - webiwebimodify.aspx?id Cross-Site Scripting source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

0.3AI score

Exploits0

Exploit DB•added 2012/03/08 12:0 a.m.•24 views

SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspectin...

7.4AI score

Exploits0

exploitpack•added 2012/03/08 12:0 a.m.•14 views

SAP Business Objects InfoView System - helphelpredir.aspx?guide Cross-Site Scripting

SAP Business Objects InfoView System - helphelpredir.aspx?guide Cross-Site Scripting source: https://www.securityfocus.com/bid/52361/info SAP Business Objects is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

0.2AI score

Exploits0

Exploit DB•added 2012/03/08 12:0 a.m.•22 views

SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting

7.4AI score

Exploits0

Exploit DB•added 2012/03/08 12:0 a.m.•28 views

SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting

7.4AI score

Exploits0

Metasploit•added 2012/02/21 1:40 a.m.•31 views

MS12-004 midiOutPlayNextPolyEvent Heap Overflow

This module exploits a heap overflow vulnerability in the Windows Multimedia Library winmm.dll. The vulnerability occurs when parsing specially crafted MIDI files. Remote code execution can be achieved by using the Windows Media Player ActiveX control. Exploitation is done by supplying a speciall...

8.1CVSS0.88008EPSS

Exploits12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by