Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
added 2012/11/12 12:0 a.m.31 views

Vanilla Forums version 2.1.a26 contains a parameter manipulation vulnerability

Overview Vanilla Forums version 2.1.a26 and possibly other versions is vulnerable to parameter manipulation via the "edit profile" page of authenticated users. Description CWE-280: Improper Handling of Insufficient Permissions or PrivilegesVanilla Forums version 2.1.a26 and possibly other version...

3.5CVSS5.8AI score0.01067EPSS
Exploits0References1
CERT
CERT
added 2012/10/31 12:0 a.m.31 views

Axigen Mail Server directory traversal vulnerability

Overview Axigen Mail Server contains a directory traversal vulnerability. Description CWE-22: Improper Limitation of a Pathname to a Restricted DirectoryAxigen Mail Server has a web based administration site which allows authorized administrators to perform certain actions via HTTP. The 'View Log...

6.4CVSS8AI score0.83632EPSS
Exploits3References2
CERT
CERT
added 2012/10/04 12:0 a.m.31 views

Cerberus FTP Server web interface cross-site request forgery vulnerability

Overview The Cerberus FTP Server web interface contains a cross-site request forgery vulnerability Description CWE-352: Cross-Site Request Forgery CSRF: The Cerberus FTP Server web interface is vulnerable to CSRF using the HTTP POST method in the :10000/usermanager/users/modify. The application h...

6.8CVSS7.2AI score0.01167EPSS
Exploits0References2
CERT
CERT
added 2012/08/30 12:0 a.m.31 views

Open Technology Real Services nested tags cross-site scripting vulnerability

Overview Open Technology Real Services OTRS is susceptible to a cross-site scripting vulnerability when viewing HTML webpages with nested tags. Description Open Technology Real Services OTRS contains a cross-site scripting CWE-79 vulnerability in the email body. An attacker may be able to load...

2.6CVSS8.1AI score0.06346EPSS
Exploits2References3
CERT
CERT
added 2012/04/10 12:0 a.m.31 views

Pluck SiteLife software multiple XSS vulnerabilities

Overview Pluck SiteLife software contains multiple XSS vulnerabilities. Description According to DemandMedia's website Pluck SiteLife software is an integrated community platform architected for brands. Pluck SiteLife software contains multiple cross site scripting XSS vulnerabilities. CWE-79:...

4.3CVSS5.8AI score0.01456EPSS
Exploits1References4
CERT
CERT
added 2012/01/12 12:0 a.m.31 views

Wibu-Systems CodeMeter remote denial of service vulnerability

Overview Wibu-Systems CodeMeter contains a remote denial of service vulnerability when receiving specially crafted packets. Description Wibu-Systems CodeMeter v4.30c and v4.10b contain a remote denial of service vulnerability when receiving specially crafted packets. Wibu-Systems CodeMeter listen...

5CVSS6.5AI score0.05107EPSS
Exploits0References2
CERT
CERT
added 2011/11/08 12:0 a.m.31 views

Microsoft Windows UDP packet parsing vulnerability

Overview A vulnerability in the Microsoft Windows TCP/IP stack could allow an attacker to run arbitrary code in kernel mode or cause a denial-of-service. Description Microsoft Windows contains a TCP/IP stack used to process network packets for the operating system. This component contains a...

10CVSS6.3AI score0.33745EPSS
Exploits1References2
CERT
CERT
added 2011/09/30 12:0 a.m.31 views

ProjectForum XSS vulnerability

Overview ProjectForum 7.0.1.3038 and possibly previous versions, are vulnerable to cross site scripting XSS. Description CourseForum's ProjectForum software fails to sanitize all input fields. As a result, cross site scripting XSS attacks can be conducted. By default, a non-credentialed user can...

6.2AI score
Exploits0References1
CERT
CERT
added 2011/02/22 12:0 a.m.31 views

ISC Bind 9 IXFR or DDNS update combined with high query rate DoS vulnerability

Overview A denial-of-service condition exists in certain cases when an ISC Bind server processes a IXFR transfer or dynamic update. Description The ISC security advisory states:"When an authoritative server processes a successful IXFR transfer or a dynamic update, there is a small window of time...

7.1CVSS8.5AI score0.13598EPSS
Exploits1References1
CERT
CERT
added 2010/12/22 12:0 a.m.31 views

Microsoft WMI Administrative Tools WBEMSingleView.ocx ActiveX control vulnerability

Overview The ActiveX control, WBEMSingleView.ocx, that is a part of the WMI Administrative Tools package contains a vulnerability. Description The AddContextRef and ReleaseContext functions of the WMI Object Viewer control can be passed an object pointer from an attacker that results in arbitrary...

7.8AI score
Exploits0References5
CERT
CERT
added 2010/11/03 12:0 a.m.31 views

Microsoft Internet Explorer invalid flag reference vulnerability

Overview Microsoft Internet Explorer invalid flag reference vulnerability Description According to the Microsoft Security Research & Defense Blog, Microsoft Internet Explorer incorrectly under-allocates memory to store a certain combination of Cascading Style Sheets CSS tags when parsing HTML,...

9.3CVSS6.5AI score0.96889EPSS
Exploits14References6
CERT
CERT
added 2009/09/05 12:0 a.m.31 views

VMware VMnc AVI video codec image height heap overflow

Overview The VMware VMnc video codec fails to properly handle the image height value in AVI files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Several VMware products include the ability to create and play movies of running...

9.3CVSS6.9AI score0.05568EPSS
Exploits0References1
CERT
CERT
added 2008/07/28 12:0 a.m.31 views

RealNetworks RealPlayer Shockwave Flash (SWF) file vulnerability

Overview RealNetworks RealPlayer fails to properly handle frames within Shockwave Flash SWF files, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The RealNetworks RealPlayer application provides support for the SWF file format. A...

9.3CVSS7AI score0.06765EPSS
Exploits1References3
CERT
CERT
added 2008/07/07 12:0 a.m.31 views

Microsoft Office Snapshot Viewer ActiveX control race condition

Overview The Microsoft Office Snapshot Viewer ActiveX control contains a race condition, which can allow a remote, unauthenticated attacker to download arbitrary files to arbitrary locations. Description Microsoft Snapshot Viewer is a viewer for snapshots created with Microsoft Access. Snapshot...

6.8CVSS6.1AI score0.59125EPSS
Exploits9References8
CERT
CERT
added 2008/06/11 12:0 a.m.31 views

SkyPortal contains multiple SQL injection vulnerabilities

Overview SkyPortal RC6 contains multiple SQL injection vulnerabilities which could allow a remote, unauthenticated attacker to gain access to the back-end database and to add, modify or remove data. Description SkyPortal is a modular web portal and online community system that includes web-based...

7.5CVSS7.7AI score0.01349EPSS
Exploits1References6
CERT
CERT
added 2008/06/10 12:0 a.m.31 views

Apple QuickTime "file: URL" arbitrary code execution

Overview Apple QuickTime does not properly handle "file: URLs" which may allow an attacker to execute arbitrary code. Description Apple QuickTime is a multiplatform multimedia software architecture which provides file format converters for more than 250 common image, video, and audio file...

6.8CVSS6.9AI score0.04115EPSS
Exploits1References1
CERT
CERT
added 2008/05/29 12:0 a.m.31 views

GnuTLS Client Hello repeat Denial of Service

Overview A vulnerability exists in GnuTLS that may allow a remote attacker to cause a denial of service. Description GnuTLS contains a vulnerability in gnults-serv that may result in a denial of service when handling a specially crafted TLS packet that contains multiple Client Hello messages...

9.3CVSS8.9AI score0.05772EPSS
Exploits2References4
CERT
CERT
added 2008/05/01 12:0 a.m.31 views

BGP implementations do not properly handle UPDATE messages

Overview BGP implementations from multiple vendors including Juniper may not properly handle specially crafted BGP UPDATE messages. These vulnerabilities could allow an unauthenticated, remote attacker to cause a denial of service. Disrupting BGP communication could lead to routing instability...

7.8CVSS6.3AI score0.03745EPSS
Exploits0References17
CERT
CERT
added 2008/04/30 12:0 a.m.31 views

cPanel XSRF vulnerabilities

Overview cPanel contains multiple cross-site request forgery XSRF vulnerabilities. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary commands. Description cPanel, a web-based tool that is designed to automate and control web sites and servers, contains...

4.3CVSS7.3AI score0.01339EPSS
Exploits2References5
CERT
CERT
added 2008/03/19 12:0 a.m.31 views

Apple Safari vulnerable to xss via the processing of JavaScript URLs

Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...

4.3CVSS5.8AI score0.03016EPSS
Exploits1References1
CERT
CERT
added 2008/02/12 12:0 a.m.31 views

Apple Mac OS X fails to properly handle a crafted URL

Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Description According to Apple Security Update 2008-001:An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user ...

6.8CVSS7.2AI score0.04441EPSS
Exploits1References2
CERT
CERT
added 2007/10/20 12:0 a.m.31 views

RealPlayer playlist name stack buffer overflow

Overview RealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...

9.3CVSS7.1AI score0.42365EPSS
Exploits9References6
CERT
CERT
added 2007/09/05 12:0 a.m.31 views

Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to methods

Overview The Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to dangerous methods, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented a...

9.3CVSS6.7AI score0.05155EPSS
Exploits1References4
CERT
CERT
added 2007/08/15 12:0 a.m.31 views

GIMP integer overflow vulnerability

Overview GIMP contains a vulnerability that may allow a remote attacker to execute code, or create a denial-of-service condition. Description The Photoshop Document PSD format is the native file format used by Adobe Photoshop. The GNU Image Manipulation Program GIMP can open and manipulate .psd...

6.8CVSS7AI score0.07169EPSS
Exploits0References3
CERT
CERT
added 2007/08/01 12:0 a.m.31 views

Atheros wireless network drivers may fail to properly handle malformed frames

Overview Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description Some versions of the Microsoft Windows drivers for Atheros 802.11 a/b/g wireless adapters fail ...

5CVSS6.4AI score0.2579EPSS
Exploits1References4
CERT
CERT
added 2007/07/12 12:0 a.m.31 views

Apple QuickTime fails to properly handle malformed movie files

Overview Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote...

9.3CVSS7.4AI score0.0606EPSS
Exploits1References1
CERT
CERT
added 2007/07/10 12:0 a.m.31 views

Microsoft Windows Active Directory fails to properly validate LDAP requests

Overview A vulnerability in Windows Active Directory could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Lightweight Directory Access Protocol LDAP is a standard protocol that enables users to query or modify the data in a meta directory. Microsoft's...

10CVSS7.3AI score0.3917EPSS
Exploits0References3
CERT
CERT
added 2007/07/09 12:0 a.m.31 views

SAP Message Server heap buffer overflow

Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...

10CVSS7.7AI score0.36586EPSS
Exploits1References6
CERT
CERT
added 2007/04/19 12:0 a.m.31 views

Apple AFP Client privilege escalation vulnerability

Overview The Apple File Protocol AFP Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges. Description The Apple File Protocol service allows Apple Mac OS clients to access files remotely...

7.2CVSS6AI score0.00885EPSS
Exploits0References2
CERT
CERT
added 2007/04/16 12:0 a.m.31 views

The Wizz RSS Reader chrome access vulnerability

Overview The Wizz RSS Reader contains a vulnerability that may allow an attacker to take any action that Mozlla Firefox can. Description The Mozilla Firefox user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window...

6.2AI score
Exploits0References5
CERT
CERT
added 2007/04/05 12:0 a.m.31 views

Intel Centrino wireless drivers fail to properly process malformed frames

Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless adapters fail to...

7.7AI score
Exploits0References4
CERT
CERT
added 2007/03/17 12:0 a.m.31 views

CA BrightStor ARCserver Tape Engine denial-of-service vulnerability

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to shut down the tape engine interface. Description BrightStor ARCserve Backup is a backup and data retention tool that...

2.1CVSS6.4AI score0.00908EPSS
Exploits0References5
CERT
CERT
added 2007/03/16 12:0 a.m.31 views

Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk images

Overview A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service. Description Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file...

6.8CVSS8.3AI score0.04039EPSS
Exploits0References2
CERT
CERT
added 2007/02/08 12:0 a.m.31 views

Sun Network Security Services (NSS) vulnerable to DoS due to an unspecified vulnerability

Overview The NSS libraries used in the Sun One Application Server and the Sun Java System web server contain an unspecified vulnerability that may allow an attacker to create a denial-of-service condition. Description The Sun One Application Server provides a Java 2 Platform for delivering Java...

4CVSS6.7AI score0.02044EPSS
Exploits0References9
CERT
CERT
added 2007/01/29 12:0 a.m.31 views

Apple Mac OS X AFP server may disclose file and folder information in search results

Overview A vulnerability in the Apple Mac OS X AFP server may disclose file and folder items to unauthorized users. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files stored on a server. When file sharing is enabled, Apple's Mac OS X AFP server...

5CVSS5.6AI score0.01897EPSS
Exploits1References2
CERT
CERT
added 2007/01/18 12:0 a.m.31 views

Mozilla products allows the src attribute in an img element to be changed to a JavaScript URI

Overview Mozilla products contain a cross-site scripting vulnerability due to a vulnerability in the way IMG elements are loaded. Description A vulnerability in the way Mozilla products load IMG elements in a frame may cause a cross-site script injection. According to Mozilla Foundation Security...

6.8CVSS6.1AI score0.03971EPSS
Exploits0References12
CERT
CERT
added 2007/01/18 12:0 a.m.31 views

Mozilla LiveConnect vulnerable to crash finalizing JS objects

Overview A vulnerability exists in the Mozilla LiveConnect that may allow a remote attacker to cause a denial of service. Description Mozilla LiveConnect, which allows communication between Java applets and web JavaScript, contains a vulnerability in the way freed objects are re-used that may...

7.1CVSS6.1AI score0.02279EPSS
Exploits0References14
CERT
CERT
added 2007/01/17 12:0 a.m.31 views

Novell NetMail NMAP vulnerable to buffer overflow when processing "STOR" commands

Overview A vulnerability in the way Novell NetMail handles NMAP "STOR" commands may cause a buffer overflow that may allow remote execution of arbitrary code. Description Novell NetMail's implementation of the Network Messaging Application Protocol NMAP contains a buffer overflow that may occur...

9CVSS7.3AI score0.57909EPSS
Exploits7References3
CERT
CERT
added 2007/01/15 12:0 a.m.31 views

Cisco Secure Access Control Server vulnerable to a stack-based buffer overflow via a specially crafted "HTTP GET" request

Overview A vulnerability in the web administrative server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Contro...

7.5CVSS7.9AI score0.11017EPSS
Exploits0References3
CERT
CERT
added 2007/01/09 12:0 a.m.32 views

Microsoft Excel fails to properly process a malformed Column record

Overview Microsoft Excel contains a memory corruption vulnerability that could enable an attacker to exectue arbitrary code and gain complete control of the vulnerable system. Description Microsoft Excel fails to properly handle malformed Column records. When an Excel file is opened, Excel does n...

9.3CVSS7.1AI score0.32093EPSS
Exploits0References5
CERT
CERT
added 2007/01/09 12:0 a.m.31 views

Sun Java JRE vulnerable to arbitrary code execution via an undetermined error

Overview A vulnerability in the Sun Java Runtime Environment may allow an attacker to execute arbitrary code on a vulnerable system. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for...

9.3CVSS7.6AI score0.03632EPSS
Exploits0References9
CERT
CERT
added 2006/12/04 12:0 a.m.31 views

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...

5CVSS5.7AI score0.01538EPSS
Exploits2References2
CERT
CERT
added 2006/11/30 12:0 a.m.31 views

Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI

Overview Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Description According to Apple Security Update 2006-007:By enticing a user to access a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands ...

5.1CVSS6.7AI score0.02309EPSS
Exploits2References2
CERT
CERT
added 2006/11/29 12:0 a.m.31 views

Apple Mac OS X WebKit deallocated object access vulnerability

Overview Apple Safari WebKit fails to properly deallocate objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X fo...

6.8CVSS7.1AI score0.05406EPSS
Exploits2References3
CERT
CERT
added 2006/11/22 12:0 a.m.31 views

Apple Mac OS X fails to properly handle corrupted DMG image structures

Overview Apple Mac OS X fails to properly handle corrupted DMG image structures. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. Description A vulnerability in the way Mac OS X com.apple.AppleDiskImageController handles...

9.3CVSS7.9AI score0.09446EPSS
Exploits1References7
CERT
CERT
added 2006/11/14 12:0 a.m.31 views

Microsoft DirectAnimation Path ActiveX control Spline method integer overflow

Overview A vulnerability in the Microsoft DirectAnimation ActiveX controls may allow a remote attacker to execute arbitrary code on an affected system. Description Microsoft's DirectAnimation is a suite of development functionality, predating Microsoft DirectX, that provides animation support for...

5CVSS7.3AI score0.6033EPSS
Exploits1References6
CERT
CERT
added 2006/10/26 12:0 a.m.31 views

Novell GroupWise Messenger fails to properly handle HTTP POST requests.

Overview Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition. Description Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sendin...

5CVSS6.6AI score0.03004EPSS
Exploits0References4
CERT
CERT
added 2006/10/25 12:0 a.m.31 views

Wireshark contains an unspecified vulnerability in the SCSI dissector

Overview Wireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition. Description The SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.Wireshark states that Wireshark version...

4.3CVSS7.3AI score0.03336EPSS
Exploits0References13
CERT
CERT
added 2006/10/20 12:0 a.m.31 views

IBM Lotus Notes sets insecure default permissions on program data

Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...

4.6CVSS6AI score0.00423EPSS
Exploits0References3
CERT
CERT
added 2006/08/02 12:0 a.m.31 views

Apple Mac OS X WebKit may allow code execution when visiting a malicious website

Overview A vulnerability in Apple Mac OS X WebKit may allow an attacker to execute arbitrary code on an affected system. Description WebKit From the OpenDarwin WebKit project description, WebKit is an open source web browser engine. WebKit is also the name of the Mac OS X system framework version...

7.5CVSS6.8AI score0.04059EPSS
Exploits1References2
Total number of security vulnerabilities3704