Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
•added 2007/06/08 12:0 a.m.•26 views

Yahoo! Webcam image upload ActiveX control vulnerable to arbitrary code execution

Overview The Yahoo! Webcam image upload ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over a...

7.9AI score
Exploits0References3
CERT
CERT
•added 2007/05/31 12:0 a.m.•26 views

Authentium Command Antivirus odapi.dll multiple ActiveX buffer overflows

Overview Authentium Command Antivirus contains multiple ActiveX vulnerabilities, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Authentium Command Antivirus provides multiple ActiveX controls. Many of the ActiveX controls provided ...

9.3CVSS7AI score0.06562EPSS
Exploits0References2
CERT
CERT
•added 2007/05/30 12:0 a.m.•26 views

Apple QuickTime for Java security bypass vulnerability

Overview Apple QuickTime for Java fails to properly restrict the instantiation and manipulation of Java objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTim...

9.3CVSS7.2AI score0.05972EPSS
Exploits0References6
CERT
CERT
•added 2007/05/08 12:0 a.m.•26 views

Microsoft Excel fails to properly process files with crafted filter records

Overview A vulnerability in Microsoft Excel could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel fails to validate certain filter records contained in Excel documents. This flaw results in an unspecified memory corruption vulnerability that...

6.8CVSS6.8AI score0.28478EPSS
Exploits0References3
CERT
CERT
•added 2007/04/20 12:0 a.m.•26 views

Apple Macintosh OS X fails to properly mount WebDAV filesystems

Overview A vulnerability in the way that Apple Macintosh OS X mounts WebDAV filesystems could allow a local attacker to execute commands with elevated privileges. Description Web-based Distributed Authoring and Versioning WebDAV is a set of extensions to the HTTP protocol which allows collaborati...

7.2CVSS6.3AI score0.00868EPSS
Exploits0References1
CERT
CERT
•added 2007/04/02 12:0 a.m.•26 views

CA Brightstor ARCserve Backup fails to properly process RPC requests

Overview The Computer Associates BrightStor ARCserve Backup contains a buffer overflow in the handling of RPC data that may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...

7.1CVSS7.5AI score0.15352EPSS
Exploits0References2
CERT
CERT
•added 2007/03/13 12:0 a.m.•26 views

Apple CrashDump privilege escalation

Overview CrashReporter contains a privilege escalation vulnerability that may allow authenticated users to run commands as root. Description CrashReporter is a debugging facility in Apple OS X that logs information program crashes.CrashReporter contains a privilege escalation vulnerability. This...

6.2CVSS8AI score0.01745EPSS
Exploits2References3
CERT
CERT
•added 2007/03/06 12:0 a.m.•26 views

Apple QuickTime QTIF heap buffer overflow

Overview Apple QuickTime is vulnerable to a heap buffer overflow which may allow an attacker to execute arbitrary code or crash the system. Description A vulnerability exists in the way Apple QuickTime handles specially crafted QuickTime Image QTIF files. According to Apple QuickTime 7.1.5 securi...

5.8CVSS7AI score0.05964EPSS
Exploits1References8
CERT
CERT
•added 2007/02/26 12:0 a.m.•26 views

Mozilla layout engine contains multiple vulnerabilities

Overview The Mozilla layout engine contains multiple memory corruption vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, or create a denial of service condition. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla,...

3.7CVSS9.9AI score0.0114EPSS
Exploits0References24
CERT
CERT
•added 2007/02/22 12:0 a.m.•26 views

Macrovision / InstallShield InstallFromTheWeb buffer overflows

Overview Macrovision / InstallShield InstallFromTheWeb contains multiple buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description InstallShield InstallFromTheWeb is a web-based software installation product for Microsoft Windows systems...

9.3CVSS6.8AI score0.05361EPSS
Exploits0References2
CERT
CERT
•added 2007/02/20 12:0 a.m.•26 views

Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control buffer overflows

Overview The Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control contains multiple buffer overflows, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Trend Micro OfficeScan comes with a web-based administration console that makes use...

9.3CVSS6.8AI score0.34006EPSS
Exploits6References8
CERT
CERT
•added 2006/11/29 12:0 a.m.•26 views

Apple Type Services server font processing buffer overflow

Overview A stack-based buffer overflow in Apple Type Services server may allow attackers to execute arbitrary code. Description The Apple Type Services server fails to properly handle malformed font files possibly allowing a stack-based buffer overflow to occur. Note that according to Apple, font...

5.1CVSS7.2AI score0.0457EPSS
Exploits2References1
CERT
CERT
•added 2006/10/10 12:0 a.m.•26 views

Symantec products fail to properly limit device driver access to kernel memory

Overview Certain device drivers included with Symantec products fail to properly verify address space within the "IOCTL" handlers. Description Symantec provides Anti-Virus and Internet Security products that are designed to protect users. According to Symantec Security Response SYM06-020:A...

4.6CVSS6.8AI score0.01704EPSS
Exploits1References2
CERT
CERT
•added 2006/10/02 12:0 a.m.•26 views

Apple Mac OS X JPEG2000 image handling buffer overflow

Overview Apple Mac OS X fails to properly handle JPEG2000 files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple ImageIO is an image processing framework that was introduced in OS X 10.4 Tiger...

5.1CVSS7.6AI score0.06117EPSS
Exploits0References2
CERT
CERT
•added 2006/09/08 12:0 a.m.•26 views

IBM Access Support eGatherer ActiveX control buffer overflow

Overview The IBM Access Support eGatherer ActiveX control contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support eGatherer ActiveX control has the ability to collect system...

9.3CVSS7.1AI score0.08407EPSS
Exploits10References5
CERT
CERT
•added 2006/08/08 12:0 a.m.•26 views

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint fails to properly handle malformed records allowing a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint fails to properly handle malformed records. Specifically,...

7.5CVSS7.8AI score0.42779EPSS
Exploits0References1
CERT
CERT
•added 2006/08/08 12:0 a.m.•26 views

Microsoft Internet Explorer source element cross-domain vulnerability

Overview Microsoft Internet Explorer fails to properly handle redirects for source elements. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintain separation between browser...

7.5CVSS6.2AI score0.32358EPSS
Exploits0References2
CERT
CERT
•added 2006/08/02 12:0 a.m.•26 views

Apple Mac OS X ImageIO contains undetected memory failure in GIF image handling

Overview The Apple Mac OS X ImageIO framework contains a memory allocation flaw that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to...

5.1CVSS7.1AI score0.02636EPSS
Exploits1References2
CERT
CERT
•added 2006/07/14 12:0 a.m.•26 views

Cisco Router Web Setup (CRWS) contains an insecure default IOS configuration

Overview A vulnerability in the Cisco Router Web Setup CRWS web configuration tool on some Cisco 800 and SOHO series routers may allow remote execution of system-level commands with no authentication. Description Cisco Router Web Setup Tool The Cisco Router Web Setup tool, or CRWS, provides a GUI...

7.7AI score
Exploits0References2
CERT
CERT
•added 2006/04/17 12:0 a.m.•26 views

Mozilla CSS integer overflow vulnerability

Overview Mozilla products contain an integer overflow that could allow a remote, unauthenticated attacker to execute arbitrary code. Description Cascading Style SheetsCSS is a mechanism for adding style to web documents. The problem Mozilla products contain an integer overflow in the CSS letter...

9.3CVSS7.3AI score0.1034EPSS
Exploits0References3
CERT
CERT
•added 2006/04/11 12:0 a.m.•26 views

Microsoft Internet Explorer fails to properly handle HTML elements with a specially crafted tag

Overview Microsoft Internet Explorer IE fails to properly handle HTML element tags, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description IE fails to properly handle HTML element tags. When a specially crafted HTML file is opened in IE, system memory can be...

7.5CVSS6.5AI score0.57234EPSS
Exploits0References1
CERT
CERT
•added 2006/01/11 12:0 a.m.•26 views

Apple QuickTime TIFF image "StripByteCounts" integer overflow

Overview Apple QuickTime contains an integer overflow vulnerability in the handling of TIFF images, which may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service on a vulnerable system. Description Apple's QuickTime Player is multimedia software that...

7.5CVSS7.5AI score0.07339EPSS
Exploits0References4
CERT
CERT
•added 2005/10/21 12:0 a.m.•26 views

Oracle Database Server buffer overflow in Security Component

Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...

8.1AI score
Exploits0References3
CERT
CERT
•added 2005/09/21 12:0 a.m.•26 views

unace buffer overflow vulnerability

Overview A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code. Description The unace compression library is used to decompress ace archives .ace file extension. A lack of input validation on filenames in an ace archive may allow a buffer overflo...

5.1CVSS7.3AI score0.03243EPSS
Exploits0References6
CERT
CERT
•added 2005/08/16 12:0 a.m.•26 views

Adobe Acrobat contains a remotely exploitable buffer overflow

Overview A buffer overflow in Adobe Acrobat/Acrobat Reader may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition Description Adobe Acrobat is a suite of applications that allow users to manipulate PDF Portable Document Format files. A buffer within a core...

7.5CVSS7.3AI score0.13245EPSS
Exploits0References1
CERT
CERT
•added 2005/08/16 12:0 a.m.•26 views

EMC Legato NetWorker uses weak AUTH_UNIX authentication

Overview EMC Legato NetWorker uses weak AUTHUNIX authentication, allowing a remote attacker to execute arbitrary commands, gain elevated privileges, or cause a denial of service. Description EMC Legato NetWorker is a cross-platform backup and recovery application. It is also repackaged by Sun...

7.5CVSS7.8AI score0.04498EPSS
Exploits0References8
CERT
CERT
•added 2005/06/14 12:0 a.m.•26 views

Microsoft Agent vulnerable to trusted site spoofing

Overview Microsoft Agent contains a vulnerability that could allow a remote attacker to spoof trusted Internet content. Description Microsoft Agent is a software extension that enhances user interaction through the use of interactive personalities in the form of animated characters. Applications...

5.1CVSS6.2AI score0.12773EPSS
Exploits0References3
CERT
CERT
•added 2005/06/08 12:0 a.m.•26 views

Cisco ACNS may be vulnerable to DoS via malformed IP packets

Overview A vulnerability in Cisco ACNS may allow a remote attacker to cause a denial of service on an affected device. Description Cisco Application and Content Networking System ACNS is an integrated caching and content-delivery platform. Specially crafted IP packets can cause excessive CPU...

5CVSS6.8AI score0.01634EPSS
Exploits0References6
CERT
CERT
•added 2005/05/11 12:0 a.m.•26 views

RSA Authentication Agent for Web for IIS vulnerable to heap overflow via overly large "chunk"

Overview RSA Authentication Agent for Web for IIS contains a heap overflow in the handling of chunked input. This could allow a remote, unauthenticated attacker to execute arbitrary code on the server. Description RSA Authentication Agent software provides access control for networks, web...

7.5CVSS7.5AI score0.02634EPSS
Exploits4References7
CERT
CERT
•added 2005/03/22 12:0 a.m.•26 views

Multiple web browsers vulnerable to spoofing via Internationalized Domain Name support

Overview Multiple web browsers are vulnerable to spoofing attacks through the use of Internationalized Domain Names. Other applications such as email programs may also be vulnerable. Description The Domain Name System The Domain Name System DNS provides name, address, and other information about...

5CVSS5.3AI score0.01651EPSS
Exploits1References13
CERT
CERT
•added 2005/03/18 12:0 a.m.•26 views

McAfee Scan Engine vulnerable to buffer overflow in LHA decoder

Overview A buffer overflow vulnerability in the McAfee Virus Scan Engine may allow a remote attacker to execute arbitrary code on an affected system. Because the vulnerability exists in a core component, a number of different McAfee products are affected. Description The McAfee Antivirus products...

7.5CVSS7.6AI score0.07125EPSS
Exploits1References4
CERT
CERT
•added 2005/03/17 12:0 a.m.•26 views

NotifyLink server provides inadequate protection for cryptographic key material

Overview The NotifyLink key exchange protocol contains a vulnerability that significantly reduces the strength of cryptographic keys used to encrypt mail messages. Description Notify Technology NotifyLink Enterprise Server allows users to synchronize e-mail between a PDA and a mail server. The...

7.5CVSS6.2AI score0.01198EPSS
Exploits0References3
CERT
CERT
•added 2005/02/21 12:0 a.m.•26 views

OpenConnect Webconnect MS-DOS device name denial-of-service

Overview OpenConnect WebConnect may stop responding after processing an HTTP request with an MS-DOS device name in it. Description OpenConnect Webconnect provides secured web access and emulation services for backend mainframes and UNIX servers. Versions of Webconnect prior to 6.4.5 and 6.5.1...

5CVSS6.3AI score0.03959EPSS
Exploits0References2
CERT
CERT
•added 2005/02/08 12:0 a.m.•26 views

Microsoft License Logging Service buffer overflow

Overview A vulnerability in a component of some server versions of Microsoft Windows could allow a remote attacker to execute code on a vulnerable system. Description Microsoft's License Logging Service LLS assists in the management of licenses for some Microsoft server products. An error in the...

10CVSS7.4AI score0.46513EPSS
Exploits1References1
CERT
CERT
•added 2005/01/11 12:0 a.m.•26 views

Multiple implementations of LDAP Directory Server vulnerable to buffer overflow

Overview A buffer overflow in some implementations of the LDAP protocol may allow a remote unauthenticated attacker to execute arbitrary code. Description The Lightweight Directory Access Protocol LDAP is a protocol for accessing network based directories. A lack of bounds checking in some...

10CVSS7.6AI score0.08854EPSS
Exploits0References4
CERT
CERT
•added 2004/10/06 12:0 a.m.•26 views

freeRADIUS Server vulnerable to a denial-of-service attack

Overview Multiple vulnerabilities in freeRADIUS Server may allow attackers to cause a denial-of-service condition. Description The Remote Authentication Dial In User Service RADIUS protocol is used for remote user authentication and accounting. freeRADIUS Server is an popular open-source RADIUS...

5CVSS6.5AI score0.03651EPSS
Exploits0References3
CERT
CERT
•added 2004/09/01 12:0 a.m.•26 views

Oracle Database Server contains several vulnerabilities

Overview Several vulnerabilities exist in the Oracle Database Server and Listener. According the the Oracle Security Alert, exploitation of these vulnerabilities would require the attacker to have network access, but not a valid user account on the vulnerable system. Description Oracle Database 1...

7AI score
Exploits0References5
CERT
CERT
•added 2004/06/09 12:0 a.m.•26 views

Perl vulnerable to buffer overflow in win32_stat()

Overview A flaw in a standard function in some Perl distributions could allow an attacker to execute arbitrary code on the vulnerable system. Description The stat Perl function, similar to the standard C stat function, returns a list giving the status info for a file. Since the stat function is...

10CVSS7.3AI score0.0686EPSS
Exploits0References1
CERT
CERT
•added 2004/05/10 12:0 a.m.•26 views

Gaim contains an integer overflow vulnerability when parsing DirectIM packets

Overview There is an integer overflow vulnerability in the handlehdrodc function, which could allow an unauthenticated, remote attacker to cause a denial of service or potentially execute arbitrary code. Description Gaim is a multi-protocol instant messenger client available for a number of...

7.5CVSS9.8AI score0.08497EPSS
Exploits0References4
CERT
CERT
•added 2004/05/06 12:0 a.m.•26 views

Gaim fails to properly validate the "value" parameter in the Yahoo login webpage

Overview There is a buffer overflow vulnerability in the way the Gaim yahoologinpagehash function parses the "value" parameter in the Yahoo login webpage. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instant messaging...

7.5CVSS9.7AI score0.07605EPSS
Exploits0References4
CERT
CERT
•added 2004/05/06 12:0 a.m.•26 views

Gaim contains a buffer overflow vulnerability in the http_canread() function

Overview There is a buffer overflow vulnerability in the Gaim httpcanread function, which could allow an unauthenticated, remote attacker to execute arbitrary code. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It provides a feature that allow...

7.5CVSS9.8AI score0.07605EPSS
Exploits0References4
CERT
CERT
•added 2004/04/22 12:0 a.m.•26 views

BEA WebLogic Server internal methods may disclose sensitive information

Overview There is a vulnerability in BEA WebLogic Server that could allow users to obtain the credentials of the user who booted the server. Description BEA Systems describes WebLogic Server as "an industrial-strength application infrastructure for developing, integrating, securing, and managing...

7.3AI score
Exploits0References3
CERT
CERT
•added 2004/04/14 12:0 a.m.•26 views

Microsoft Windows ASN.1 library contains a memory management vulnerability

Overview Microsoft's ASN.1 library contains a memory management error that could be exploited by a remote attacker to cause a denial-of-service situation, or execute arbitrary code. Description Microsoft's ASN.1 library contains a memory management error, potentially a "double-free" condition. By...

7.5CVSS7.6AI score0.29609EPSS
Exploits0References1
CERT
CERT
•added 2004/04/14 12:0 a.m.•26 views

Microsoft Windows XP creates tasks with elevated privileges

Overview Microsoft Windows XP contains a vulnerability in the way that tasks are created that may permit an authenticated user to launch applications with elevated privileges. Description Microsoft Windows creates tasks when a user launches an application. A vulnerability in the way that Windows ...

7.2CVSS7.2AI score0.20854EPSS
Exploits0References1
CERT
CERT
•added 2004/01/23 12:0 a.m.•26 views

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...

7.2AI score
Exploits0References1
CERT
CERT
•added 2004/01/16 12:0 a.m.•26 views

tcpdump contains vulnerability in ISAKMP decoding routine

Overview tcpdump contains a vulnerability in the way it decodes Internet Security Association and Key Management Protocol ISAKMP packets. Description tcpdump is a widely-used network sniffer that is capable of decoding ISAKMP packets. A vulnerability exists in the way tcpdump parses specially...

7.5CVSS7AI score0.05257EPSS
Exploits0References6
CERT
CERT
•added 2003/11/05 12:0 a.m.•26 views

Oracle command-line program buffer overflow in argument handling

Overview A buffer overflow in some command-line utilities supplied with the Oracle Database Server could allow a local user to gain the privileges of the oracle system user. Description The Oracle 9 i Database Server package includes the oracle and oracleO command-line client programs to connect ...

4.6CVSS7.3AI score0.00855EPSS
Exploits0References4
CERT
CERT
•added 2003/09/30 12:0 a.m.•26 views

OpenSSL accepts unsolicited client certificate messages

Overview OpenSSL accepts unsolicited client certificate messages. This could allow an attacker to exploit underlying vulnerabilities in client certificate handling. Description OpenSSL implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols and includes a general-purpos...

7.6AI score
Exploits0References3
CERT
CERT
•added 2003/08/02 12:0 a.m.•26 views

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...

7.5CVSS7.5AI score0.26675EPSS
Exploits0References6
CERT
CERT
•added 2003/04/17 12:0 a.m.•26 views

RealNetworks Helix Universal Server vulnerable to buffer overflow when supplied an overly long string within the "Transport" field of a SETUP RTSP request

Overview The RealNetworks' Helix Universal Server supports delivery of several different media types via RTSP Real Time Streaming Protocol. Vulnerabilities have been discovered in the way it handles some RTSP requests. These vulnerabilities could allow a remote attacker to execute arbitrary code ...

8.3AI score
Exploits0References4
Total number of security vulnerabilities3702