Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2006/03/14 12:0 a.m.•36 views

Microsoft Excel malformed parsing format file memory corruption vulnerability

Overview Microsoft Excel contains a memory corruption vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate parsing format files. When a file with a malformed parsing format files is...

5.1CVSS7.2AI score0.16247EPSS
Exploits0References1
CERT
CERT
•added 2006/01/25 12:0 a.m.•36 views

Oracle Database Data Pump Metadata API SQL injection vulnerability

Overview Oracle Database Data Pump Metadata API is vulnerable to SQL injection, which could allow a remote attacker to execute arbitrary SQL commands on a vulnerable Oracle installation. Description The Oracle Database Data Pump Metadata API fails to properly filter user-supplied input. This may...

10CVSS6.8AI score0.04171EPSS
Exploits0References3
CERT
CERT
•added 2006/01/19 12:0 a.m.•36 views

Oracle Reports arbitrary file reading vulnerability

Overview Oracle Reports fails to validate URI parameters, possibly allowing a remote attacker to read arbitrary files on the Reports Server. Description Oracle Reports is an enterprise reporting tool that extracts data from multiple sources and inserts it into a formatted report. It is a componen...

5CVSS5.9AI score0.09108EPSS
Exploits1References4
CERT
CERT
•added 2005/12/21 12:0 a.m.•36 views

VMware NAT Service vulnerable to buffer overflow via FTP PORT/EPRT commands

Overview The VMware NAT Service used in multiple VMware products contains a buffer overflow in the way it handles FTP PORT and EPRT commands. An attacker could execute arbitrary code with the privileges of the NAT service or cause a denial of service. Description VMware virtualization software...

10CVSS7.7AI score0.14123EPSS
Exploits1References9
CERT
CERT
•added 2005/08/17 12:0 a.m.•36 views

Apple Mac OS X Safari vulnerable to arbitrary command execution via URLs in PDF files

Overview Apple Mac OS X WebKit and Safari security controls may be bypassed, possibly allowing remote command execution. Description Mac OS X includes the Safari web browser, which can display Portable Document Format PDF files directly. This functionality is part of the WebKit system framework...

5.1CVSS9.2AI score0.04297EPSS
Exploits0References3
CERT
CERT
•added 2005/08/12 12:0 a.m.•36 views

GNOME gedit contains format string vulnerability

Overview gedit has a format string vulnerability in some error dialogs that can occur when a file is opened for editing. Description gedit is the official text editor of the GNOME desktop environment. gedit 2.10.2 has a format string error in some some error dialogs that can occur when a file is...

2.6CVSS9.3AI score0.07655EPSS
Exploits0References12
CERT
CERT
•added 2005/08/02 12:0 a.m.•36 views

Mozilla Firefox insecurely handles content from external applications

Overview Mozilla Firefox does not properly enforce domain restrictions on content sent by external applications, allowing a remote attacker to execute code on a vulnerable system. Description Mozilla Firefox can accept links from external applications, such as Flash and Quicktime. When such an...

7.5CVSS6.6AI score0.0449EPSS
Exploits0References5
CERT
CERT
•added 2005/05/06 12:0 a.m.•36 views

Apple Terminal fails to properly sanitize input for "x-man-page" URI

Overview Apple Terminal on Mac OS X fails to sanitize x-man-page URIs, allowing an attacker to execute arbitrary commands. Description Mac OS X 10.3 includes a URI handler called x-man-page. It causes Apple Terminal to display a man page by using a URI of this form: x-man-page://command...

7.5CVSS6.8AI score0.05213EPSS
Exploits1References5
CERT
CERT
•added 2005/04/19 12:0 a.m.•36 views

Mozilla may execute JavaScript with elevated privileges when defined in site icon tag

Overview Mozilla may execute JavaScript contained within a site icon tag with elevated privileges. This may allow an attacker to execute arbitrary commands on a vulnerable system. Description XPCOMXPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides t...

7.5CVSS6.6AI score0.08283EPSS
Exploits1References10
CERT
CERT
•added 2005/04/13 12:0 a.m.•36 views

Microsoft Client Server Runtime System Vulnerability

Overview The Microsoft Client Server Runtime System CSRSS incorrectly validates certain messages potentially resulting in privilege elevation. Description CSRSS is the user-mode part of the Win32 subsystem. Win32.sys is the kernel-mode portion of the Win32 subsystem. The Win32 subsystem must be...

10CVSS6.8AI score0.21533EPSS
Exploits0References2
CERT
CERT
•added 2005/04/13 12:0 a.m.•36 views

Microsoft font processing buffer overflow vulnerability

Overview A privilege elevation vulnerability exists in the way that Microsoft Windows processes certain fonts. This vulnerability could allow a logged on user to take complete control of the system. Description Due to an unchecked buffer in the processing of malicious fonts, a locally authenticat...

7.2CVSS7.2AI score0.01715EPSS
Exploits0References1
CERT
CERT
•added 2005/02/25 12:0 a.m.•36 views

phpBB vulnerable to file disclosure

Overview The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data. Description phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These...

6.4CVSS5.8AI score0.02043EPSS
Exploits0References3
CERT
CERT
•added 2005/02/11 12:0 a.m.•36 views

OpenPGP vulnerable to chosen-ciphertext attacks in cipher feedback (CFB) mode

Overview A vulnerability in OpenPGP may allow attackers to recover partial plaintexts from OpenPGP messages that use symmetric encryption. Description A vulnerability in OpenPGP can be used by attackers to recover partial plaintexts from messages employing symmetric encryption. Researchers Serge...

5CVSS5.4AI score0.02946EPSS
Exploits0References3
CERT
CERT
•added 2005/02/09 12:0 a.m.•36 views

Microsoft ASP.NET fails to perform proper canonicalization

Overview Microsoft ASP.NET contains a canonicalization vulnerability that may allow a remote unauthenticated attacker to gain access to secure contents. Description Microsoft ASP.NET is a programming framework for creating web applications. The canonicalization routine used by ASP.NET fails to...

9.8CVSS9.4AI score0.73979EPSS
Exploits1References11
CERT
CERT
•added 2005/02/08 12:0 a.m.•36 views

Microsoft Internet Explorer contains a Channel Definition Format (CDF) cross-domain vulnerability

Overview Microsoft Internet Explorer contains a vulnerability that may allow unintended information disclosure or remote code execution due to a flaw in handling Channel Definition Format CDF files. Description From the Microsoft Channel Definition Format description:Channel Definition Format CDF...

5.1CVSS7.2AI score0.28331EPSS
Exploits1References6
CERT
CERT
•added 2005/01/20 12:0 a.m.•36 views

Opera may insecurely execute binary data encoded in a URI

Overview The Opera web browser fails to validate data encoded using the RFC 2397 scheme. A remote attacker may be able to execute arbitrary code on a vulnerable system. Description The Opera web browser fails to properly handle binary data encoded following the RFC 2397 specification for sending...

5CVSS6.7AI score0.03403EPSS
Exploits0References2
CERT
CERT
•added 2005/01/07 12:0 a.m.•36 views

Microsoft Windows kernel vulnerable to denial-of-service condition via animated cursor (.ani) rate number

Overview A vulnerability exists in the way the Microsoft Windows kernel processes animated cursor .ani files with a rate number set to zero. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Description A vulnerability exists in the way the...

5CVSS5.7AI score0.6236EPSS
Exploits0References4
CERT
CERT
•added 2004/12/22 12:0 a.m.•36 views

Microsoft Internet Explorer HTML Help control bypasses Local Machine Zone Lockdown

Overview The Microsoft Internet Explorer HTML Help ActiveX control is not restricted by the Local Machine Zone Lockdown feature. This can allow an attacker to execute script in the Local Machine Zone. Description Windows XP SP2 introduces a feature called Local Machine Zone Lockdown. This feature...

10CVSS6.2AI score0.20239EPSS
Exploits0References6
CERT
CERT
•added 2004/12/17 12:0 a.m.•36 views

Mozilla status elements can be disabled via JavaScript

Overview Mozilla allows websites to disable various browser status elements. This allows websites to create spoofed dialogs using XUL. Description Certain Mozilla web browser status elements, such as the address bar, status bar, and navigation controls, can be disabled remotely by web sites using...

10CVSS5.5AI score0.03231EPSS
Exploits0References6
CERT
CERT
•added 2004/10/01 12:0 a.m.•36 views

GdkPixbuf XPM parser contains a stack overflow vulnerability

Overview A stack overflow vulnerability exists in the XPM handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition or execution of arbitrary code. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for...

7.5CVSS7.8AI score0.09434EPSS
Exploits0References4
CERT
CERT
•added 2004/09/07 12:0 a.m.•36 views

Ethereal fails to properly handle malformed iSNS packets

Overview Ethereal contains a vulnerability in the way it processes Internet Storage Name Service iSNS packets. Description The Internet Storage Name Service iSNS protocol is used to automate the discovery, management, and configuration of iSCSI and Fibre Channel devices in an IP network. Ethereal...

5CVSS6.2AI score0.17961EPSS
Exploits3References11
CERT
CERT
•added 2004/08/27 12:0 a.m.•36 views

isakmpd fails to handle ISAKMP packets with "Payload Length" of zero

Overview A vulnerability exists in the isakmpd that could allow a remote attacker to cause a denial of service. Description The OpenBSD isakmpd establishes security associations for encrypted and authenticated IPsec network traffic. It implements the Internet Security Association and Key Manageme...

5CVSS6.3AI score0.03182EPSS
Exploits0
CERT
CERT
•added 2004/08/23 12:0 a.m.•36 views

Mozilla fails to validate the DN of X.509 certificates

Overview Mozilla fails to verify that the Distinguished Name DN of an X.509 certificate is unique when importing it. A denial of service occurs when Mozilla imports a specially crafted, self-signed certificate that has the same DN as an existing Certificate Authority CA root certificate...

5CVSS6.1AI score0.03146EPSS
Exploits0References4
CERT
CERT
•added 2004/07/30 12:0 a.m.•36 views

Microsoft Internet Explorer contains an integer overflow in the processing of bitmap files

Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE is a web browser. An integer overflow vulnerability has been discovered in the way that Internet Explorer processes...

7.5CVSS7.6AI score0.38477EPSS
Exploits1References4
CERT
CERT
•added 2004/05/21 12:0 a.m.•36 views

Apple Mac OS X help system may interpret inappropriate local script files

Overview A vulnerability has been reported in the default URI protocol handler in Apple's Mac OS X help system. Exploitation of this vulnerability may permit a remote attacker to execute arbitrary scripts on the local system. Description A vulnerability has been reported in Apple's Mac OS X...

6.7AI score
Exploits0References4
CERT
CERT
•added 2004/03/25 12:0 a.m.•36 views

Ethereal ISUP protocol dissector fails to properly decode ISUP packets

Overview Ethereal fails to properly decode ISDN User Part ISUP packets containing an overly long Interworking Function Address IWFA value. Description Ethereal is a network traffic analysis package. It includes the ability to decode packets containing ISUP data. There is a vulnerability in the wa...

5CVSS7.6AI score0.67092EPSS
Exploits0References3
CERT
CERT
•added 2004/03/22 12:0 a.m.•36 views

Oracle Application Server Web Cache contains heap overflow vulnerability

Overview Oracle Application Server Web Cache contains a heap overflow vulnerability in the handling of client requests that could result in arbitrary code execution. Description The Oracle Web Cache acts as a reverse proxy, caching static and dynamic content generated from Oracle Application web...

10CVSS7.4AI score0.15501EPSS
Exploits0References7
CERT
CERT
•added 2004/03/15 12:0 a.m.•36 views

Apple Mac OS X "cd9660.util" buffer overflow

Overview A component utility in Apple's Mac OS X operating system suffers from a buffer overflow vulnerability in its handling of command-line arguments. This vulnerability could allow a local attacker to gain elevated privileges on the vulnerable system. Description Apple's Mac OS X operating...

7.2CVSS6.9AI score0.01292EPSS
Exploits1References1
CERT
CERT
•added 2004/01/20 12:0 a.m.•36 views

Red Hat Enterprise Linux kernel-2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode

Overview Red Hat Enterprise Linux kernel prior to version 2.4.21 does not perform adequate checking of eflags when in 32-bit ptrace emulation mode. This could allow a local user to gain elevated or root privileges. Description The Linux kernel handles the basic functionality of the operating...

7.2CVSS5.9AI score0.00436EPSS
Exploits0References3
CERT
CERT
•added 2003/10/16 12:0 a.m.•36 views

Microsoft Authenticode mechanism installs ActiveX controls without prompting user

Overview A vulnerability in Microsoft's Authenticode could allow a remote attacker to install an untrusted ActiveX control on the victim's system. Description According to Microsoft Security Bulletin MS03-041:ActiveX is a technology that allows programmers to develop self-contained software modul...

7.5CVSS6.1AI score0.22932EPSS
Exploits0References2
CERT
CERT
•added 2003/09/19 12:0 a.m.•36 views

Sun Solstice AdminSuite ships with insecure default configuration

Overview The sadmind service provided on many Solaris and SunOS systems ships with an insecure default configuration that allows remote users to execute arbitrary commands with superuser root privileges. Description The Sun Microsystems Solstice AdminSuite is a graphical tool that allows Solaris...

7.3AI score
Exploits0References7
CERT
CERT
•added 2003/09/17 12:0 a.m.•36 views

Linux NFS utils package "rpc.mountd" contains off-by-one buffer overflow in xlog() function

Overview A vulnerability in the Linux NFS network File System could permit an attacker to cause a denial of service, or potentially execute arbitrary code on the system. Description The Linux NFS network File System was developed to allow machines to mount a disk partition on a remote machine as ...

10CVSS9.5AI score0.15784EPSS
Exploits1References6
CERT
CERT
•added 2003/08/19 12:0 a.m.•36 views

gtop daemon contains buffer overflow

Overview A buffer overflow exists in the gtop daemon. Description A buffer overflow in gtopd, specifically permitted, may allow a remote attacker to execute arbitrary code. For more detailed information, please see Flavio Veloso's analysis.gtop background information Many Unix systems allow only...

7.5CVSS7.2AI score0.06053EPSS
Exploits0References2
CERT
CERT
•added 2003/08/11 12:0 a.m.•36 views

Postfix vulnerable to DoS by supplying a remote SMTP listener with a malformed envelope address

Overview A denial-of-service vulnerability exists in all versions of Postfix prior to 2.0. This vulnerability may allow a remote attacker to cause mail service interruption. Description Postfix is a very popular mail transfer agent MTA. Michal Zalewski has discovered a denial-of-service...

7.1AI score
Exploits0References5
CERT
CERT
•added 2003/07/31 12:0 a.m.•36 views

Microsoft Windows RPC service vulnerable to denial of service

Overview A vulnerability exists in Microsoft's Remote Procedure Call RPC implementation. A remote attacker could exploit this vulnerability to cause a denial of service. An exploit for this vulnerability is publicly available. Description Microsoft has released MS03-039 to address a vulnerability...

7.5CVSS6.3AI score0.60799EPSS
Exploits1References2
CERT
CERT
•added 2003/07/24 12:0 a.m.•36 views

Microsoft SQL Server contains flaw in checking method for the named pipe

Overview A vulnerability in Microsoft SQL Server may allow an attacker to hijack a named pipe. An attacker may be able to leverage this vulnerability to gain elevated privileges. Description Microsoft describes a named pipe as, "a specifically named one-way or two-way channel for communication...

7.2CVSS6.4AI score0.02262EPSS
Exploits0References12
CERT
CERT
•added 2002/11/25 12:0 a.m.•36 views

SSH Secure Shell for Servers fails to remove child process from master process group

Overview A locally exploitable privilege escalation vulnerability exists in SSH Secure Shell versions 2.0.13 - 3.2.1. Description Secure Shell for Servers, developed by SSH Communications Security, does not properly remove the child process from the master process group after non-interactive...

7.7AI score
Exploits0References1
CERT
CERT
•added 2002/11/19 12:0 a.m.•36 views

The default NTFS permissions are not applied to a converted boot partition on Microsoft Windows 2000 and Windows XP systems when CONVERT.EXE is used

Overview Several commercial desktops and laptops from OEM distributors ship with insecure permissions set on files and directories. It has been confirmed that this is due to the use of Microsoft's CONVERT.EXE utility. Description Microsoft's CONVERT.EXE program is used to convert FAT32 file syste...

4.6CVSS6.8AI score0.01949EPSS
Exploits0References2
CERT
CERT
•added 2002/09/24 12:0 a.m.•36 views

EFTP does not adequately validate user input thereby allowing directory traversal

Overview Encrypted File Transfer Program EFTP does not properly validate CWD commands, allowing authenticated users to read arbitrary directories and files. Description Encrypted File Transfer Program EFTP is an implementation of the FTP protocol using 448-bit Blowfish encryption. EFTP allows...

5CVSS6.2AI score0.0226EPSS
Exploits0References2
CERT
CERT
•added 2002/08/23 12:0 a.m.•36 views

Microsoft Windows Server Message Block (SMB) fails to properly handle SMB_COM_TRANSACTION packets requesting NetServerEnum2 transaction

Overview Microsoft Server Message Block SMB may crash when it receives a crafted SMBCOMTRANSACTION packet requesting a NetServerEnum2 transaction. Attackers can use this vulnerability to cause a denial of service. Description SMB is a protocol for sharing data and resources between computers. It ...

7.5CVSS6.6AI score0.30132EPSS
Exploits3References2
CERT
CERT
•added 2002/08/22 12:0 a.m.•36 views

Novell Netware RCONAG6 fails to validate user password when "Secure IP" is used to establish connection

Overview Novell Netware RCONAG6 allows users to gain access to the server without a password. Description Novell Netware RCONAG6 allows users to remotely administer a Novell host. A vulnerability in RCONAG6 makes it possible for a remote user to connect to the server without supplying a password...

7.5CVSS6.6AI score0.03317EPSS
Exploits0References1
CERT
CERT
•added 2002/08/16 12:0 a.m.•36 views

Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_execresultset" extended procedure

Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpexecresultset , that permits an unprivileged user of a database to gain administrative...

10CVSS6.6AI score0.46307EPSS
Exploits0References2
CERT
CERT
•added 2002/08/10 12:0 a.m.•36 views

Cisco CallManager contains memory leak

Overview The Cisco Call Manager contains a vulnerability that could permit an intruder to crash the Call Manager. Description The Cisco Call Manageris software to manage telephone calls in a mixed data and voice environment. Specifically the Cisco Call Manager "extends enterprise telephony featur...

5CVSS7.1AI score0.01771EPSS
Exploits0References4
CERT
CERT
•added 2002/07/25 12:0 a.m.•36 views

Microsoft SQL Server contains buffer overflow in code used to process "BULK INSERT" queries

Overview The Microsoft SQL Server contains a buffer overflow vulnerability that may allow remote attackers to execute arbitrary code with system privileges. Description The Microsoft SQL Server contains a buffer overflow vulnerability in the code used to process "Bulk Insert" queries. Bulk Insert...

7.5CVSS8.1AI score0.11237EPSS
Exploits0References6
CERT
CERT
•added 2002/06/05 12:0 a.m.•36 views

Yahoo! Messenger contains buffer overflow in "message" field

Overview Yahoo! Messenger is an instant messaging client. There is a remotely exploitable buffer overflow vulnerability in the "message" field of Yahoo! Messenger. Description A remotely exploitable buffer overflow exists in the "message" field that may permit a remote attacker to execute arbitra...

7.5CVSS7.9AI score0.06955EPSS
Exploits0References3
CERT
CERT
•added 2002/05/06 12:0 a.m.•36 views

Sun Solaris cachefsd vulnerable to heap overflow in cfsd_calloc() function via long string of characters

Overview Sun's NFS/RPC cachefs daemon cachefsd is shipped and installed by default with Sun Solaris 2.5.1, 2.6, 7, and 8 SPARC and Intel architectures. Cachefsd caches requests for operations on remote file systems mounted via the use of NFS protocol. A remotely exploitable heap overflow exists i...

10CVSS7.1AI score0.23078EPSS
Exploits4References2
CERT
CERT
•added 2002/03/04 12:0 a.m.•36 views

Cisco IOS discloses fragments of previous packets when Express Forwarding is enabled

Overview A vulnerability exists in multiple versions of Cisco's Internetworking Operating System IOS software that allows an attacker to collect fragments of previously processed packets. Description Many networking devices running Cisco IOS with Cisco Express Forwarding CEF enabled contain a...

5CVSS6AI score0.01781EPSS
Exploits0References2
CERT
CERT
•added 2001/09/18 12:0 a.m.•36 views

Microsoft Windows 2000 Telnet Service uses named pipes with predictable names

Overview The Microsoft Windows 2000 Telnet Service contains a vulnerability that allows unprivileged local users to execute arbitrary code with elevated privileges. Description The Microsoft Windows 2000 Telnet Service creates a named pipe to share information between the processes that handle ea...

6.9AI score
Exploits0References5
CERT
CERT
•added 2001/07/29 12:0 a.m.•36 views

Cisco IOS vulnerable to DoS via crafted PPTP packet sent to port 1723/tcp

Overview Cisco IOS contains a vulnerability that allows an intruder to crash the router. Description By sending a specially crafted PPTP packet to port 1723, an intruder can crash a device running a vulnerable version of IOS. Quoting from the Cisco Advisory: By sending a crafted PPTP packet to a...

5CVSS6.7AI score0.03755EPSS
Exploits0References2
CERT
CERT
•added 2001/06/01 12:0 a.m.•36 views

RIT Research Labs The Bat! does not properly parse <CR> characters not followed by a <LF> character

Overview Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error ...

5CVSS6AI score0.03213EPSS
Exploits1References4
Total number of security vulnerabilities3704