Lucene search
K

16 matches found

Cvelist
Cvelist
added 2008/03/06 9:0 p.m.25 views

CVE-2008-1200

Unspecified vulnerability in Microsoft Access allows remote user-assisted attackers to execute arbitrary code via a crafted .MDB file, possibly related to Jet Engine msjet40.dll. NOTE: this is probably a different issue than CVE-2007-6026...

7.2AI score0.11962EPSS
Exploits0References2
Prion
Prion
added 2007/04/27 6:19 p.m.15 views

Design/Logic Flaw

mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries, since the script already supports commands su...

6.8CVSS7AI score0.03175EPSS
Exploits0References10Affected Software1
Prion
Prion
added 2007/03/05 10:19 p.m.17 views

Integer overflow

Integer overflow in Apple QuickTime before 7.1.5, when installed on Windows operating systems, allows remote user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted 3GP video file...

9.3CVSS7.9AI score0.05856EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2007/03/05 10:0 p.m.54 views

CVE-2007-0714

Apple QuickTime UDTA atom integer overflow vulnerability (CVE-2007-0714) exists in parsing of UDTA data in QuickTime files. A crafted MOV file can trigger an integer overflow, leading to a heap overflow and potential remote code execution under the user’s context. Affected products are QuickTime ...

9.3CVSS7.5AI score0.08167EPSS
Exploits1References16Affected Software1
Cvelist
Cvelist
added 2007/02/14 1:0 a.m.27 views

CVE-2007-0913

Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as CVE-2006-5296, CVE-2006-4694, CVE-2006-3876,...

7.2AI score0.11962EPSS
Exploits0References2
NVD
NVD
added 2007/02/01 12:28 a.m.21 views

CVE-2007-0644

Format string vulnerability in Apple Safari 2.0.4 419.3 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in filenames that are not properly handled when calling the 1 NSLog and 2 NSBeginAlertSheet Apple AppKit functions...

7.1CVSS6.2AI score0.02426EPSS
Exploits0References3
Cvelist
Cvelist
added 2007/02/01 12:0 a.m.31 views

CVE-2007-0645

Format string vulnerability in iPhoto 6.0.5 allows remote user-assisted attackers to cause a denial of service crash via format string specifiers in a filename, which is not properly handled when calling certain Apple AppKit functions...

6.2AI score0.01829EPSS
Exploits0References4
Prion
Prion
added 2007/01/05 12:28 a.m.18 views

Cross site scripting

Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie .MOV with an HREF Track HREFTrack that contains an automatic action tag with a local URI, which is executed in a loca...

6.8CVSS6.9AI score0.05638EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2006/10/10 10:7 p.m.21 views

CVE-2006-4685

The XMLHTTP ActiveX control in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 does not properly handle HTTP server-side redirects, which allows remote user-assisted attackers to access content from other domains...

2.6CVSS6.4AI score0.19559EPSS
Exploits0References9
CVE
CVE
added 2006/10/10 10:0 p.m.68 views

CVE-2006-4693

CVE-2006-4693 is a remote code execution vulnerability in Microsoft Word for Mac (Word 2004 for Mac and Word v.X for Mac). A crafted Word file can trigger code execution during parsing, and this issue is treated separately from CVE-2006-3647 and CVE-2006-3651. It is addressed by Microsoft Securit...

9.3CVSS7.4AI score0.22391EPSS
Exploits0References6Affected Software2
Cvelist
Cvelist
added 2006/10/10 10:0 p.m.35 views

CVE-2006-3868

Unspecified vulnerability in Microsoft Office XP and 2003 allows remote user-assisted attackers to execute arbitrary code via a malformed Smart Tag...

7.2AI score0.23458EPSS
Exploits0References9
CVE
CVE
added 2006/07/10 10:0 p.m.58 views

CVE-2006-3493

CVE-2006-3493 (Microsoft Office) involves a buffer overflow in the LsCreateLine function of mso.dll and mso9.dll used by Word and possibly other Office components (Office 2000–2003). The memory corruption could crash the Word client or potentially lead to arbitrary behavior when processing crafte...

5.1CVSS7.5AI score0.40405EPSS
Exploits1References10Affected Software1
NVD
NVD
added 2006/06/29 11:5 p.m.28 views

CVE-2006-1467

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...

5.1CVSS7.4AI score0.06891EPSS
Exploits0References9
Prion
Prion
added 2006/06/29 11:5 p.m.24 views

Integer overflow

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...

5.1CVSS7.8AI score0.06891EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2006/06/02 10:0 a.m.64 views

CVE-2006-2766

CVE-2006-2766 describes a Buffer Overflow in MHTML parsing within Windows components that impacts Microsoft Internet Explorer 6 (up to SP2), Windows Explorer, and Outlook Express 6. The vulnerability is triggered by processing a long MHTML URI value in a URL file, allowing remote user-assisted at...

2.6CVSS6.7AI score0.47919EPSS
Exploits1References13Affected Software2
Prion
Prion
added 2006/02/22 11:2 p.m.22 views

Design/Logic Flaw

The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a MACOSX folder that contains metadata resource fork that invokes the Terminal, which automatically interprets the...

5.1CVSS7.2AI score0.58105EPSS
Exploits8References13Affected Software2
Rows per page
Query Builder