Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
added 2003/03/20 12:0 a.m.35 views

TCP/IP implementations handle unusual flag combinations inconsistently

Overview Various vendors' TCP/IP implementations handle packets containing unusual flag combinations in different ways, which may lead to a violation of implicit or explicit security policies. Description Background on TCP/IP Connection Semantics To establish a TCP connection, a client and server...

7.5CVSS7.4AI score0.03742EPSS
Exploits1References9
CERT
CERT
added 2002/10/10 12:0 a.m.35 views

ypxfrd daemon fails to properly validate user supplied arguments in "getdbm" procedure

Overview A vulnerability in the ypxfrd daemon may allow a local attacker to read arbitrary files on the vulnerable system. Description Janusz Niewiadomski, of iSEC, discovered this vulnerability and produced the following advisory.Issue: ====== Improper arguments validation in ypxfrd may allow...

5CVSS6AI score0.02238EPSS
Exploits0References2
CERT
CERT
added 2002/09/27 12:0 a.m.35 views

PostNuke does not adequately validate user input thereby allowing malicious user to bypass user authentication via SQL injection

Overview PostNuke does not adequately filter user input, allowing arbitrary MySQL query execution and user authentication without password. Description PostNuke is a web content management system based on PHPNuke, written in PHP. The article.php component of PostNuke versions 0.62, 0.63, and 06.4...

7.8AI score
Exploits0References1
CERT
CERT
added 2002/09/27 12:0 a.m.35 views

Microsoft Internet Explorer allows read access to local files via incorrect VBScript handling

Overview A vulnerability in the cross-domain frame security model of Internet Explorer may allow remote attackers to view the contents of local files when a user views a malicious web page. Description There's a vulnerability in the cross-domain frame security model of Internet Explorer that may...

5CVSS6AI score0.18223EPSS
Exploits0References3
CERT
CERT
added 2002/09/16 12:0 a.m.35 views

X11 vulnerable to buffer overflow in handling of -xrm option

Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...

7.2CVSS6.8AI score0.0046EPSS
Exploits0References4
CERT
CERT
added 2002/08/16 12:0 a.m.35 views

Microsoft Windows SQL Server allows arbitrary queries to be executed via "xp_displayparamstmt" extended procedure

Overview MS SQL Server contains an extended stored procedure with inappropriate permission settings. Description Microsoft SQL Server 7.0 and Microsoft SQL Server 2000 contain an extended stored procedure, xpdisplayparamstmt , that permits an unprivileged user of a database to gain administrative...

10CVSS6.6AI score0.46307EPSS
Exploits0References2
CERT
CERT
added 2002/08/08 12:0 a.m.35 views

SGI IRIX rpc.xfsmd does not filter shell metacharacters from user input before invoking popen() function

Overview The XFS journaling filesystem daemon uses a call to popen3 with unfiltered client-controlled input. This will lead to arbitrary command execution on remote systems. Description XFS is a 64-bit compliant journaling file system. The XFS journaling filesystem daemon xfsmd on SGI systems use...

10CVSS7.3AI score0.03622EPSS
Exploits0References5
CERT
CERT
added 2002/07/31 12:0 a.m.35 views

Certain implementations of SSH1 may reveal internal cryptologic state

Overview An implementation problem in at least one Secure Shell SSH product and a weakness in the PKCS11.5 public key encryption standard allows attackers to recover plaintext of messages encrypted with SSH. Description A weakness in some SSH products using the SSH1 protocol may allow an attacker...

4CVSS9.3AI score0.02501EPSS
Exploits0References2
CERT
CERT
added 2002/07/29 12:0 a.m.35 views

util-linux package vulnerable to privilege escalation when "ptmptmp" file is not removed properly when using "chfn" utility

Overview The util-linux package contains a race condition vulnerability that can be used to elevate privileges on the system. Description util-linux is shipped with Red Hat Linux and numerous other Linux distributions. It contains a collection of utility programs, such as fstab, mkfs, and chfn. T...

6.2CVSS5.8AI score0.00529EPSS
Exploits0References1
CERT
CERT
added 2002/07/15 12:0 a.m.35 views

Uudecode performs inadequate checks on user-specified output files

Overview The uudecode utility contains a vulnerability that allows an attacker to overwrite arbitrary files, symbolic links, and named pipes. Description The uudecode utility is used to decode files that have been encoded in the 7-bit printable format generated by uuencode. This format allows for...

7.2CVSS6.1AI score0.00622EPSS
Exploits0References3
CERT
CERT
added 2002/04/30 12:0 a.m.35 views

rpc.rwalld contains remotely exploitable format string vulnerability

Overview rpc.rwalld is a utility that is used to send a message to all terminals of a time sharing system. A format string vulnerability may permit a remote user to execute code with the privileges of the rwall daemon. Description rpc.rwalld is a utility that listens for remote wall requests. Wal...

7.5CVSS6.3AI score0.09217EPSS
Exploits1References1
CERT
CERT
added 2002/03/29 12:0 a.m.35 views

Microsoft Internet Explorer Permits Remote Command Execution Through <OBJECT> Tag

Overview Microsoft Internet Explorer IE permits the remote execution of arbitrary commands via the tag. Description A vulnerability exists in the way that Microsoft Internet Explorer IE handles tags. If the CLASSID CLSID is unrecognized, then Internet Explorer will execute arbitrary commands...

7.5CVSS6.7AI score0.11471EPSS
Exploits0References7
CERT
CERT
added 2002/03/29 12:0 a.m.35 views

Microsoft scriptlet.typlib ActiveX object unsafe for scripting from Internet Explorer

Overview The ActiveX control "scriptlet.typlib" is incorrectly marked "safe for scripting" in Internet Explorer IE versions 4.0 and 5.0, when it is actually unsafe for scripting. Description There exists a vulnerability in the default installation of an ActiveX control named "scriptlet.typlib,"...

5.1CVSS5.6AI score0.22551EPSS
Exploits0References6
CERT
CERT
added 2001/10/25 12:0 a.m.35 views

Cisco IOS vulnerable to deferred DoS via SYN scan to certain TCP port ranges

Overview Cisco Internetwork Operating System IOS may reload unexpectedly after being scanned on certain ports. Description Certain versions of Cisco IOS contain a vulnerability that allows the router to enter an unstable state after receiving a connection attempt on any TCP port in the following...

5CVSS6.5AI score0.01675EPSS
Exploits0References2
CERT
CERT
added 2001/10/19 12:0 a.m.35 views

RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 do not properly handle null characters in URL

Overview RSA Security ACE/Agent for Windows, ACE/Agent for Windows NT, and ACE/Agent for Windows 2000 contain a vulnerability in which the ACE/Agent does not properly handle null characters contained in a URL. A specially crafted request may cause ACE/Agent to enter a debugging mode, possibly...

6.6AI score
Exploits0References2
CERT
CERT
added 2001/08/14 12:0 a.m.35 views

TrendMicro InterScan WebManager contains buffer overflow in RegGo.dll

Overview A remotely exploitable buffer overflow exists in Trend Micro InterScan WebManager. Description InterScan WebManager is an application that inspects http traffic flowing into a network for known malicious code. This application also has the capability to restrict access to...

7.5CVSS7.5AI score0.03364EPSS
Exploits0References2
CERT
CERT
added 2001/07/24 12:0 a.m.35 views

klogd does not adequately handle NULL byte when parsing text using LogLine( )

Overview There is a denial-of-service vulnerability in certain distributions of the Linux kernel logging daemon klogd which could allow an attacker to cause klogd to hang. Description The Linux kernel logging daemon klogd can be forced to hang if it receives a null byte in a log message from the...

5CVSS6.3AI score0.0258EPSS
Exploits0References2
CERT
CERT
added 2001/07/18 12:0 a.m.35 views

Linux kernel does not properly validate user input via sysctl for negative value

Overview Unprivileged local users can exploit the sysctl Linux kernel program to gain privileged access. Description A program called sysctl in the Linux kernel allows a privileged local user to read or write runtime system settings. Unprivileged local users are also allowed to use sysctl to read...

4.6CVSS5.5AI score0.00776EPSS
Exploits0References15
CERT
CERT
added 2001/06/15 12:0 a.m.35 views

Microsoft Internet Information Server (IIS) discloses contents of files via crafted request containing "+.htr"

Overview A vulnerability exists in Microsoft Internet Information Server IIS that could disclose sensitive information contained in CGI-type files. Typically a CGI/script file on a web server should only be executable and not readable to remote users. Sensitive information contained in CGI-type...

5CVSS6.4AI score0.66714EPSS
Exploits0References3
CERT
CERT
added 2001/06/08 12:0 a.m.35 views

gpm creates temporary files insecurely

Overview gpm version 1.19.3, which usually runs as root, is vulnerable due to a flaw that allows a local user to exploit a race condition to corrupt files that gpm uses. Description gpm General Purpose Mouse is a program that lets you use the mouse in console mode when not using XWindows. It is...

1.2CVSS5.9AI score0.00298EPSS
Exploits0References5
CERT
CERT
added 2000/09/29 12:0 a.m.35 views

statd bounce vulnerability

Overview statd allows access to RPC services it shouldn't. Description Background rpc.statd and rpc.lockd are designed to work in conjunction with each other to manage NFS lock information in the event of a crash of an NFS client or server. The rpc service rpc.statd is a program designed to...

7.5CVSS7AI score0.04257EPSS
Exploits0References15
CERT
CERT
added 2024/10/23 12:0 a.m.34 views

Vulnerable WiFi Alliance example code found in Arcadyan FMIMG51AX000J

Overview A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets...

8.8CVSS8.1AI score0.02548EPSS
Exploits1References6
CERT
CERT
added 2024/04/29 12:0 a.m.34 views

R Programming Language implementations are vulnerable to arbitrary code execution during deserialization of .rds and .rdx files

Overview A vulnerability in the R language that allows for arbitrary code to be executed directly after the deserialization of untrusted data has been discovered. This vulnerability can be exploited through RDS R Data Serialization format files and .rdx files. An attacker can create malicious RDS...

8.8CVSS8.7AI score0.23618EPSS
Exploits0References3
CERT
CERT
added 2020/10/26 12:0 a.m.34 views

Macrium Reflect is vulnerable to privilege escalation due to OPENSSLDIR location

Overview Macrium Reflect contains a privilege escalation vulnerability due to the use of an OPENSSLDIR variable that specifies a location where an unprivileged Windows user can create files. Description CVE-2020-10143 Macrium Reflect includes an OpenSSL component that specifies an OPENSSLDIR...

7.8CVSS8.1AI score0.00592EPSS
Exploits0References1
CERT
CERT
added 2017/03/06 12:0 a.m.34 views

dotCMS contains multiple vulnerabilities

Overview The dotCMS administration panel is vulnerable to cross-site request forgery, and the "Push Publishing" feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Description CWE-352: Cross-Site Request Forgery CSRF...

9.3CVSS8.4AI score0.06546EPSS
Exploits0References4
CERT
CERT
added 2016/04/07 12:0 a.m.34 views

Lemur Vehicle Monitors BlueDriver LSB2 does not authenticate users for Bluetooth access

Overview The Lemur Vehicle Monitors BlueDriver is an aftermarket automotive device that connects to a vehicle's OBD-II port and provides information about the vehicle's performance. The BlueDriver does not require a PIN for Bluetooth access, which allows anyone in range to send arbitrary commands...

8.8CVSS9AI score0.01074EPSS
Exploits0References2
CERT
CERT
added 2016/03/30 12:0 a.m.34 views

Patterson Dental Eaglesoft uses a hard-coded database password across installations

Overview Patterson Dental Eaglesoft is a dental records software. Eaglesoft uses a hard-coded database password that is shared across all installations. Description CWE-798: Use of Hard-coded Credentials- CVE-2016-2343 According to the researcher, Eaglesoft uses hard-coded credentials to access a...

10CVSS9.6AI score0.02431EPSS
Exploits0References3
CERT
CERT
added 2015/10/20 12:0 a.m.34 views

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability

Overview Multiple vendors' implementations of Virtual Machine Monitors VMM are vulnerable to a memory deduplication attack. Description As reported in the "Cross-VM ASL INtrospection CAIN" paper, an attacker with basic user rights within the attacking Virtual Machine VM can leverage memory...

3.3CVSS4.4AI score0.00942EPSS
Exploits0References1
CERT
CERT
added 2015/08/07 12:0 a.m.34 views

Sierra Wireless GX, ES, and LS gateways running ALEOS contain hard-coded credentials

Overview Sierra Wireless GX, ES, and LS gateway devices running ALEOS versions 4.4.1 and earlier contain hard-coded credentials. Description CWE-259: Use of Hard-coded Password - CVE-2015-2897Sierra Wireless GX, ES, and LS gateways running ALEOS contain multiple hard-coded accounts with root...

10CVSS7.2AI score0.02257EPSS
Exploits0References3
CERT
CERT
added 2015/02/19 12:0 a.m.34 views

Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys

Overview Komodia Redirector with SSL Digestor installs non-unique root CA certificates and private keys, making systems broadly vulnerable to HTTPS spoofing Description Komodia Redirector SDK is a self-described "interception engine" designed to enable developers to integrate proxy services and w...

6.5AI score
Exploits0References16
CERT
CERT
added 2015/02/05 12:0 a.m.34 views

Ektron Content Management System (CMS) contains multiple vulnerabilities

Overview Ektron Content Management System CMS versions 8.5, 8.7, and 9.0 contain a XXE and a resource injection vulnerability. Description Note: A prior version of this report indicated incorrectly that Ektron CMS version 9.1 was vulnerable. The vendor indicated that the last version to ship with...

6.8CVSS6.8AI score0.22034EPSS
Exploits3References4
CERT
CERT
added 2014/05/07 12:0 a.m.34 views

Fortinet Fortiweb 5.1 contains a cross-site request forgery vulnerability

Overview Fortinet Fortiweb prior to version 5.2.0 do not sufficiently verify whether a valid request was intentionally provided by the user, which results in a cross-site request forgery CSRF vulnerability. CWE-352 Description CWE-352: Cross-Site Request Forgery CSRF Fortinet Fortiweb prior to...

6.8CVSS7.2AI score0.01179EPSS
Exploits1References3
CERT
CERT
added 2014/04/11 12:0 a.m.35 views

AMTELCO miSecureMessages Server insecurely authenticates clients

Overview AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages CWE-287. Description AMTELCO miSecureMessages Server Release 6.2 performs weak authentication for access to user messages. miSecureMessages authenticates client app XML requests for...

5CVSS6.4AI score0.01848EPSS
Exploits2References5
CERT
CERT
added 2013/11/14 12:0 a.m.34 views

EMC Documentum Product Suite version 6.7 contains a DOM based cross-site scripting vulnerability

Overview EMC Documentum Product Suite version 6.7 and possibly earlier versions contain a DOM based cross-site scripting vulnerability CWE-79. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' EMC Documentum Product Suite version 6.7 and possib...

4.3CVSS6.5AI score0.01001EPSS
Exploits0References3
CERT
CERT
added 2013/11/07 12:0 a.m.34 views

Dual_EC_DRBG output using untrusted curve constants may be predictable

Overview Output of the Dual Elliptic Curve Deterministic Random Bit Generator DUALECDRBG algorithm may be predictable by an attacker who has chosen elliptic curve parameters in advance. Description NIST SP 800-90A defines three elliptic curves for use in DualECDBRG but does not describe the...

5.8CVSS8.7AI score0.01407EPSS
Exploits0References13
CERT
CERT
added 2013/09/24 12:0 a.m.34 views

HP System Management Homepage vulnerable to a denial-of-service condition

Overview HP System Management Homepage 7.2.0.14 and possibly earlier versions contain a denial-of-service vulnerability CWE-121. Description CWE-121: Stack-based Buffer Overflow HP System Management Homepage 7.2.0.14 contains a denial-of-service vulnerability. The remote attacker may send the...

4CVSS9.3AI score0.01946EPSS
Exploits0References3
CERT
CERT
added 2013/08/26 12:0 a.m.34 views

Corporater EPM Suite is vulnerable to cross-site request forgery and cross-site scripting

Overview Corporater EPM Suite contains cross-site request forgery CSRF CWE-352 and reflected cross-site scripting XSS CWE-79 vulnerabilities. Description CWE-352: Cross-Site Request Forgery CSRF- CVE-2013-3583Corporater EPM Suite contains a cross-site request forgery vulnerability on the...

6.8CVSS5.9AI score0.01012EPSS
Exploits0References3
CERT
CERT
added 2013/06/05 12:0 a.m.34 views

IBM QRadar SIEM command injection vulnerability

Overview IBM QRadar SIEM software contains a command injection vulnerability that allows an authenticated user to execute operating system commands on the QRadar device. Description The IBM security bulletin for CVE-2013-2970 states:A command injection vulnerability has been discovered within the...

6.5CVSS7AI score0.02374EPSS
Exploits0References1
CERT
CERT
added 2013/04/03 12:0 a.m.34 views

C2 WebResource web interface XSS vulnerability

Overview The C2 WebResource web interface contains a XSS vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting'The C2 WebResource web interface is vulnerable to XSS on the following URL and parameter:...

4.3CVSS5.8AI score0.01682EPSS
Exploits1References3
CERT
CERT
added 2012/10/17 12:0 a.m.34 views

OTRS contains a cross-site scripting vulnerability

Overview Open Technology Real Services OTRS contains a cross-site scripting XSS CWE-79 vulnerability in the body of HTML emails viewed within the OTRS application. Description OTRS is an open source Help Desk and ITIL® V3 compliant IT Service Management platform.OTRS Security Advisory 2012-03...

4.3CVSS7.3AI score0.05792EPSS
Exploits2References4
CERT
CERT
added 2012/08/22 12:0 a.m.34 views

Open Technology Real Services cross-site scripting vulnerability

Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load arbitrary script in the context of the user's...

4.3CVSS8.2AI score0.04195EPSS
Exploits1References2
CERT
CERT
added 2012/08/16 12:0 a.m.34 views

CuteSoft Cute Editor 6.4 reflected cross site scripting

Overview CuteSoft Cute Editor 6.4, and possibly other verions, contains a reflected cross-site scripting XSS CWE-79 vulnerability. Description CuteSoft Cute Editor 6.4 has been reported to contain a reflected cross-site scripting XSS CWE-79 vulnerability. The GET request parameter called UploadID...

3.5CVSS6AI score0.00825EPSS
Exploits0References2
CERT
CERT
added 2012/07/23 12:0 a.m.34 views

Caucho's Quercus on Resin contains multiple vulnerabilities

Overview Caucho's Quercus on Resin contains multiple vulnerabilities which could allow an attacker to execute arbitrary code with the privileges of the application. Description It has been reported that Caucho's Quercus on Resin contains multiple vulnerabilities which could allow an attacker to...

7.5CVSS7.6AI score0.03534EPSS
Exploits0References2
CERT
CERT
added 2012/06/05 12:0 a.m.34 views

Symantec Endpoint Protection network threat protection module Microsoft IIS denial of service vulnerability

Overview Symantec Endpoint Protection SEP Network Threat Protection module running on a Microsoft Internet Information Services IIS webserver contains a denial of service vulnerability when probed by an audit tool. Description Symantec Security Advisory SYM12-007 states:Overview Versions of...

5CVSS6.3AI score0.0287EPSS
Exploits0References1
CERT
CERT
added 2012/05/16 12:0 a.m.34 views

HP Business Service Management 9.12 remote code execution vulnerability

Overview The HP Business Service Management HPBSM application contains a remote code execution vulnerability. Version 9.12 has been reported to be affected but other versions may also be affected. Description HPBSM uses the JBOSS application server. In the default configuration, HPBSM contains op...

10CVSS7.1AI score0.08659EPSS
Exploits0References1
CERT
CERT
added 2011/12/08 12:0 a.m.34 views

Hewlett-Packard printers and scanner devices allow remote unautheticated firmware updates

Overview A vulnerability in certain Hewlett-Packard devices could allow a remote attacker to install unauthorized firmware on an affected system. Description Certain Hewlett-Packard Printers and Hewlett-Packard Digital Senders products allow the device's firmware to be updated over the network. T...

10CVSS7.2AI score0.13953EPSS
Exploits0References4
CERT
CERT
added 2011/11/08 12:0 a.m.34 views

Microsoft Windows TrueType font array indexing vulnerability

Overview A vulnerability in the Microsoft Windows TrueType font parsing component could allow an attacker to cause a denial-of-service condition in Microsoft Windows. Description The Microsoft Windows kernel includes a driver win32k.sys that handles a variety of graphics processing tasks, includi...

7.1CVSS5.6AI score0.24623EPSS
Exploits1References1
CERT
CERT
added 2011/10/05 12:0 a.m.34 views

Iceni products PDF parser stack buffer overflow

Overview Iceni Argus and Infix contain a stack buffer overflow in the handling of flate-compressed PDF content, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Iceni Argus is a PDF conversion library. Argus 6.20 and earlier fail to...

10CVSS7.7AI score0.06038EPSS
Exploits0References9
CERT
CERT
added 2011/02/03 12:0 a.m.34 views

Cisco Tandberg E, EX, and C Series default root credentials

Overview Cisco's Tandberg C series endpoints and E/EX personal video units that run software versions prior to TC4.0.0 have a root administrator account enabled by default with no password. Description Cisco Advisory cisco-sa-20110202-tandberg states:"This vulnerability affects Tandberg C Series...

10CVSS6.7AI score0.13988EPSS
Exploits4References3
CERT
CERT
added 2011/01/12 12:0 a.m.34 views

WellinTech KingView 6.53 remote heap overflow vulnerability

Overview WellinTech KingView 6.53 contains a remote heap overflow vulnerability in the HistorySrv process which may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to WellinTech's website: "King V iew software is a high-pormance production which can be us...

10CVSS7.5AI score0.20939EPSS
Exploits2References9
Total number of security vulnerabilities3704