Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2008/06/06 12:0 a.m.•34 views

HP Online Support Services ActiveX DeleteSingleFile() arbitrary file deletion

Overview The HP Online Support Services ActiveX control contains a method called DeleteSingleFile. This may allow a remote, unauthenticated attacker to remove files from a vulnerable system. Description HP Services provides online product support services including HP Instant Support. The...

5.4AI score
Exploits0References2
CERT
CERT
•added 2008/05/30 12:0 a.m.•34 views

OpenSSL Server Name extension Denial of Service

Overview A vulnerability exists in OpenSSL that may allow a remote attacker to cause a denial of service. Description OpenSSL contains a vulnerability in the way server name extension data is handled that may result in a denial of service. According to OpenSSL Security Advisory 28-Mar-2008:If...

4.3CVSS8.1AI score0.04559EPSS
Exploits1References4
CERT
CERT
•added 2008/05/27 12:0 a.m.•34 views

Foxit Reader buffer overflow vulnerability

Overview Foxit Reader contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description Foxit Reader is a PDF reader that is available on multiple operating systems.From the Secuia Research advisory Foxit Reader "util.printf" Buffer Overflow: S ecunia...

9.3CVSS7.7AI score0.22693EPSS
Exploits3References3
CERT
CERT
•added 2008/05/27 12:0 a.m.•34 views

Creative Software AutoUpdate Engine ActiveX stack buffer overflow

Overview The Creative Labs AutoUpdate Engine ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Creative Software AutoUpdate Engine ActiveX control is a component that provides...

9.3CVSS6.8AI score0.41231EPSS
Exploits5References1
CERT
CERT
•added 2008/03/19 12:0 a.m.•34 views

X.Org PCF font parser buffer overflow

Overview A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system. Description The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable...

7.5CVSS8.8AI score0.05108EPSS
Exploits0References1
CERT
CERT
•added 2008/03/11 12:0 a.m.•34 views

RealNetworks RealPlayer ActiveX controls property heap memory corruption

Overview Multiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer...

9.3CVSS6.7AI score0.4595EPSS
Exploits6References5
CERT
CERT
•added 2008/03/06 12:0 a.m.•34 views

Mozilla Thunderbird external-body MIME type buffer overflow

Overview Mozilla Thunderbird contains a heap-based buffer overflow which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird is an open source, cross-platform email and news client. Thunderbird uses Multipurpose Internet...

7.5CVSS7.1AI score0.06049EPSS
Exploits1References3
CERT
CERT
•added 2008/01/08 12:0 a.m.•34 views

Microsoft Windows LSASS privilege escalation vulnerability

Overview The Windows LSASS service contains privilege escalation vulnerability. Description The Windows Local Security Authority Subsystem Service LSASS is a process that enforces the local security policy. Per Microsoft Security Bulletin MS08-002: An elevation of privilege vulnerability exists i...

7.2CVSS6.5AI score0.02571EPSS
Exploits1References3
CERT
CERT
•added 2007/11/16 12:0 a.m.•34 views

RealNetworks player "Lyrics3" buffer overflow

Overview Multiple RealNetworks media players contain a buffer overflow which could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These...

9.3CVSS7.5AI score0.07729EPSS
Exploits0References3
CERT
CERT
•added 2007/10/13 12:0 a.m.•34 views

Cisco IOS LPD buffer overflow vulnerability

Overview The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition . Description The Cisco IOS includes support for the UNIX Line Printer Daemon...

9.3CVSS7.7AI score0.14682EPSS
Exploits1References5
CERT
CERT
•added 2007/09/11 12:0 a.m.•34 views

Microsoft Agent fails to properly handle specially crafted URLs

Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...

9.3CVSS6.4AI score0.57217EPSS
Exploits6References4
CERT
CERT
•added 2007/08/14 12:0 a.m.•34 views

IBM and Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures

Overview The IBM Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

5.8CVSS6.8AI score0.0264EPSS
Exploits1References4
CERT
CERT
•added 2007/07/12 12:0 a.m.•34 views

Flash Player information disclosure vulnerability

Overview The Adobe Flash player contains an information disclosure vulnerability that affects the Konqueror and Opera web browsers. Description Konqueror is the default web browser for the KDE desktop. Opera is a web browser that is available for Windows, Linux and BSD systems.The Adobe Flash...

6.8CVSS5.6AI score0.04958EPSS
Exploits0References8
CERT
CERT
•added 2007/06/25 12:0 a.m.•34 views

Apple Safari cross-domain HTTP redirection race condition

Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...

4.3CVSS5.4AI score0.02551EPSS
Exploits1References5
CERT
CERT
•added 2007/06/20 12:0 a.m.•34 views

Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequences

Overview A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code. Description Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages...

9.3CVSS6.2AI score0.06228EPSS
Exploits0References3
CERT
CERT
•added 2007/06/14 12:0 a.m.•34 views

Microsoft Windows Secure Channel integer underflow

Overview A vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code. Description Microsoft Windows Secure Channel Schannel security package implements standard network authentication protocols Secure Sockets Layer SSL and Transport Layer Security...

9.3CVSS6.1AI score0.12544EPSS
Exploits0References3
CERT
CERT
•added 2007/06/12 12:0 a.m.•34 views

Microsoft Speech API ActiveX controls contain buffer overflows

Overview The Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls contain multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Speech API is a software package that provides text-to-spee...

9.3CVSS7AI score0.57521EPSS
Exploits5References2
CERT
CERT
•added 2007/06/05 12:0 a.m.•34 views

E-Book Systems FlipViewer ActiveX control stack buffer overflows

Overview The E-Book Systems FlipViewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description E-Book Systems FlipViewer is software for viewing "FlipBooks." FlipViewer includes an...

9.3CVSS7.1AI score0.3372EPSS
Exploits3References2
CERT
CERT
•added 2007/03/19 12:0 a.m.•34 views

Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles

Overview The Takebishi Electric DeviceXPlorer OPC server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control...

10CVSS7.1AI score0.09055EPSS
Exploits0References4
CERT
CERT
•added 2007/03/05 12:0 a.m.•34 views

WordPress fails to properly sanitize input passed to the iz parameter in wp-includes/theme.php

Overview WordPress fails to properly sanitize input to the iz parameter in wp-includes/theme.php, which could allow a remote, unauthenticated attacker to execute arbitrary commands. Description WordPress is a blogging application that is written in PHP. WordPress 2.1.1 fails to properly sanitize...

7.5CVSS6.6AI score0.27006EPSS
Exploits2References4
CERT
CERT
•added 2007/01/18 12:0 a.m.•34 views

Mozilla JavaScript Engine multiple memory corruption vulnerabilities

Overview Several vulnerabilities exists in the Mozilla JavaScript Engine that may allow a remote attacker to compromise a vulnerable system. Description The Mozilla JavaScript Engine contains multiple vulnerabilities that may result in memory corruption. According to the Mozilla Foundation Securi...

6.8CVSS7.6AI score0.04292EPSS
Exploits0References22
CERT
CERT
•added 2007/01/12 12:0 a.m.•34 views

Apple Quicktime HREFTrack Cross-Zone Scripting vulnerability

Overview Web browsers running the Apple QuickTime plugin may allow remote web sites to reference content on the local filesystem. This may allow an attacker to execute script within the security context of the local machine. Description Web browser plugins that allow remote web sites to reference...

6.8CVSS5.7AI score0.05638EPSS
Exploits1References2
CERT
CERT
•added 2007/01/09 12:0 a.m.•34 views

Microsoft Excel fails to properly handle malformed IMDATA records

Overview A vulnerability in the way that Microsoft Excel handles malformed image records could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to properly validate the size of IMDATA records. When a file containing a malformed IMDATA record is...

9.3CVSS7AI score0.3117EPSS
Exploits0References4
CERT
CERT
•added 2006/12/20 12:0 a.m.•34 views

Mozilla mail products vulnerable to heap buffer overflow via Content-Type headers

Overview Mozilla mail products contain a heap buffer overflow vulnerability in the way they process Content-Type headers. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird and SeaMonkey contain a buffer overflow...

6.8CVSS7.4AI score0.04208EPSS
Exploits0References6
CERT
CERT
•added 2006/11/30 12:0 a.m.•34 views

Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available

Overview Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available. This vulnerability may allow traffic to be weakly encrypted. Description Secure Transport refers to Apple’s implementation of SSL and TLS that is used by Mac OS X to create secure connections...

5CVSS6.1AI score0.01724EPSS
Exploits2References2
CERT
CERT
•added 2006/10/24 12:0 a.m.•34 views

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

7.1CVSS6.9AI score0.03844EPSS
Exploits0References4
CERT
CERT
•added 2006/10/24 12:0 a.m.•34 views

Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...

9CVSS7.1AI score0.0302EPSS
Exploits0References3
CERT
CERT
•added 2006/09/27 12:0 a.m.•34 views

Cisco IOS contains buffer overflow in VTP VLAN name handling

Overview Cisco IOS fails to properly handle specially crafted VTP summary advertisement with overly long VLAN name. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Cisco's VLAN Trunking Protocol VTP...

7.5CVSS7.6AI score0.07365EPSS
Exploits0References4
CERT
CERT
•added 2006/08/08 12:0 a.m.•34 views

Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets

Overview Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets CSS. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CSS is a mechanism for adding style to web documents. Microsoft Internet Explorer contains a vulnerabili...

7.5CVSS6.9AI score0.41215EPSS
Exploits0References4
CERT
CERT
•added 2006/08/01 12:0 a.m.•34 views

Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"

Overview Certain Mozilla products contain a cross-site scripting vulnerability because of a vulnerability in the XPCNativeWrapper function. Description XPCNativeWrapper Per Mozilla, XPCNativeWrapper is a way to wrap up an object so that it is safe to access from privileged code. It is used to all...

6.8CVSS5.9AI score0.03314EPSS
Exploits0References5
CERT
CERT
•added 2006/07/27 12:0 a.m.•34 views

Mozilla fails to properly release JavaScript references

Overview Mozilla products fail to properly release memory. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Mozilla products fail to properly release JavaScript references. This may corrupt memory in a way that can allow an attacker to...

7.5CVSS6.8AI score0.78359EPSS
Exploits11References6
CERT
CERT
•added 2006/06/02 12:0 a.m.•34 views

Mozilla contains a buffer overflow vulnerability in crypto.signText()

Overview Mozilla products contain a buffer overflow in the crypto.signText method. This may allow a remote attacker to execute arbitrary code. Description crypto.SignText JavaScript contains a crypto.signText method, which allows the user to digitally sign a text string. The problem The Mozilla...

5CVSS7AI score0.04907EPSS
Exploits0References5
CERT
CERT
•added 2006/04/11 12:0 a.m.•34 views

Microsoft Internet Explorer fails to handle specially crafted, invalid HTML

Overview Microsoft Internet Explorer IE fails to properly handle malformed HTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description IE fails to properly handle specially crafted HTML. When a specially crafted, malformed HTML file is opened...

7.5CVSS6.7AI score0.70001EPSS
Exploits0References1
CERT
CERT
•added 2006/04/11 12:0 a.m.•34 views

Microsoft Internet Explorer contains overflow in processing script action handlers

Overview A vulnerability in the Microsoft Internet Explorer web browser could allow a remote attacker to crash the browser or possibly execute arbitrary code on a vulnerable system. Description A programming error in the way that Internet Explorer handles multiple event handlers in an HTML elemen...

7.5CVSS7AI score0.61821EPSS
Exploits1References2
CERT
CERT
•added 2006/02/28 12:0 a.m.•34 views

Adobe Macromedia Shockwave Player ActiveX installer buffer overflow vulnerability

Overview The ActiveX installer for Adobe Macromedia Shockwave contains a buffer overflow, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Shockwave Player Adobe Macromedia Shockwave Player is software that plays active web content...

9.3CVSS7.4AI score0.1923EPSS
Exploits0References4
CERT
CERT
•added 2006/01/19 12:0 a.m.•34 views

Oracle Transparent Data Encryption master encryption key stored as plaintext

Overview Oracle Transparent Data Encryption master encryption key is stored as plaintext, which could allow an attacker to decrypt and read sensitive information within the database. Description Transparent Data Encryption TDE According to Oracle, Transparent Data Encryption "allows customers to...

10CVSS5.5AI score0.04863EPSS
Exploits0References3
CERT
CERT
•added 2006/01/11 12:0 a.m.•34 views

Apple QuickTime fails to properly handle corrupt TGA images

Overview Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa TGA image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Several types of overflow...

7.5CVSS7.8AI score0.25506EPSS
Exploits5References2
CERT
CERT
•added 2005/12/06 12:0 a.m.•34 views

Perl contains an integer sign error in format string processing

Overview The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl. Description Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes...

4.6CVSS8.4AI score0.01374EPSS
Exploits2References2
CERT
CERT
•added 2005/09/09 12:0 a.m.•34 views

mod_ssl fails to properly enforce client certificates authentication

Overview modssl, the Apache web server module for Secure Socket Layer SSL communications, may not properly authenticate client certificates. Description modssl provides Secure Socket Layer SSL communications for the Apache web server. SSL is designed to provide the ability to encrypt and...

10CVSS9.2AI score0.30576EPSS
Exploits0References10
CERT
CERT
•added 2005/08/17 12:0 a.m.•34 views

Apple Safari fails to perform security checks on links in rich text content

Overview Apple Safari fails to perform security checks on hyperlinks in rich text content, which may allow an attacker to execute arbitrary commands on a vulnerable system. Description Mac OS X includes the Safari web browser, which can display rich text RTF files directly. When Safari opens a ri...

7.5CVSS9.4AI score0.04767EPSS
Exploits0References2
CERT
CERT
•added 2005/08/15 12:0 a.m.•34 views

Novell eDirectory iMonitor vulnerable to buffer overflow

Overview Novell eDirectory iMonitor contains a buffer overflow that can be remotely exploited to allow execution of arbitrary code or crash an affected system. Description Novell eDirectory iMonitor is a service for monitoring servers in an eDirectory installation. A buffer overflow exists in...

7.5CVSS7.3AI score0.55424EPSS
Exploits7References5
CERT
CERT
•added 2005/08/03 12:0 a.m.•34 views

Computer Associates BrightStor ARCserve Backup Agents vulnerable to buffer overflow

Overview Several Computer Associates BrightStor ARCserve Backup Agents contain a buffer overflow, which may allow a remote attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup is a cross-platform backup and recovery application. Backup Agents are availabl...

7.5CVSS7.7AI score0.66121EPSS
Exploits8References11
CERT
CERT
•added 2005/07/12 12:0 a.m.•34 views

Microsoft Color Management Module buffer overflow during profile tag validation

Overview Microsoft Color Management Module contains a flaw that may allow an attacker to execute arbitrary code. Description The Microsoft Color Management Module provides consistent color management operations between applications and devices, and transforms between colorspaces such as 'RGB' and...

7.5CVSS6.8AI score0.49922EPSS
Exploits4References3
CERT
CERT
•added 2005/06/14 12:0 a.m.•34 views

Microsoft Outlook Express vulnerable to remote code execution

Overview A vulnerability in Microsoft Outlook Express's NNTP response parsing may allow an attacker to execute arbitrary code. Description Microsoft Outlook Express contains support for Network News Transfer Protocol NNTP data, which is defined in RFC 977 and RFC 2980. A flaw in Outlook Express'...

7.5CVSS7.1AI score0.73961EPSS
Exploits8References2
CERT
CERT
•added 2005/03/17 12:0 a.m.•34 views

NotifyLink web client fails to adequately restrict access to administrative functions

Overview The NotifyLink web interface contains a vulnerability that allows authenticated normal users to access functions that have been disabled by an administrator. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

4.6CVSS6.2AI score0.00658EPSS
Exploits0References3
CERT
CERT
•added 2005/02/21 12:0 a.m.•34 views

OpenConnect Webconnect read-only directory traversal vulnerability in jretest.html

Overview OpenConnect Webconnect contains a read-only directory traversal vulnerability in the file jretest.html. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1 running o...

5CVSS6AI score0.12251EPSS
Exploits1References2
CERT
CERT
•added 2005/02/09 12:0 a.m.•34 views

SquirrelMail may allow execution of arbitrary code

Overview SquirrelMail 1.2.6 may allow remote execution of arbitrary code via URL manipulation. Description From the SquirrelMail webpage:SquirrelMail is a standards-based webmail package written in PHP4. It includes built-in pure PHP support for the IMAP and SMTP protocols, and all pages render i...

7.5CVSS6.8AI score0.03614EPSS
Exploits0References2
CERT
CERT
•added 2005/01/31 12:0 a.m.•34 views

Apple Mac OS X vulnerable to information disclosure in "Message-ID" header

Overview The Mail application supplied with Apple's Mac OS X operating system identifies the system from which any electronic mail is sent. Description Mac OS X includes the Mail application for handling electronic mail. This application does include the Media Access Control MAC address of a...

5CVSS6.3AI score0.0271EPSS
Exploits0References2
CERT
CERT
•added 2004/10/13 12:0 a.m.•34 views

Microsoft Internet Explorer vulnerable to address bar spoofing on double byte character set systems

Overview Microsoft Internet Explorer contains a vulnerability in how it processes URLs on Double Byte Character Set DBCS systems. This could allow an attacker to spoof the address of a web site. Description Microsoft Internet Explorer contains a canonicalization error when it parses special...

5CVSS7.2AI score0.32759EPSS
Exploits0References2
CERT
CERT
•added 2004/10/01 12:0 a.m.•34 views

GdkPixbuf ICO parser contains an integer overflow vulnerability

Overview An integer overflow vulnerability exists in the ICO handling of GdkPixbuf. This vulnerability can lead to a denial-of-service condition. Description GdkPixbuf is a library used by GTK+ 2 for loading and rendering images. GTK+ is a multi-platform toolkit for creating graphical user...

5CVSS7.3AI score0.05867EPSS
Exploits0References4
Total number of security vulnerabilities3704