Lucene search
+L
CertMost viewed

3704 matches found

cert
cert
added 2008/05/28 12:0 a.m.26 views

Motorola Good Mobile Messaging insecure file deletion

Overview When formating removable storage cards, Motorola Good Mobile Messaging products may not properly delete old data. Description Motorola Good Mobile Messaging products can create encrypted containers on removable media storage cards. During the process of creating the container old...

6.8AI score
Exploits0References3
cert
cert
added 2008/03/06 12:0 a.m.26 views

AirSpan WiMAX ProST web management interface authentication bypass vulnerability

Overview The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes. Description The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web...

10CVSS6.7AI score0.08527EPSS
Exploits1References8
cert
cert
added 2008/02/22 12:0 a.m.26 views

OpenCA allows Cross site request forgery (XSRF)

Overview OpenCA contains a cross site request forgery XSRF vulnerability that may allow an attacker to leverage an administrator's creditials to exectue activities on the Certification Authority. Description The OpenCA PKI Development Project\t is an open source out-of-the-box Certification...

7.5CVSS6.2AI score0.00961EPSS
Exploits0References3
cert
cert
added 2008/02/13 12:0 a.m.26 views

Microsoft Internet Explorer property memory corruption vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that...

9.3CVSS8.5AI score0.37186EPSS
Exploits1References3
cert
cert
added 2008/02/13 12:0 a.m.26 views

SkypeFind fails to properly sanitize user-supplied input

Overview The Skype client does not properly filter user-supplied input that was received from the SkypeFind service. This vulnerability may allow an attacker to execute arbitrary code. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services...

6.9AI score
Exploits0References4
cert
cert
added 2008/01/25 12:0 a.m.26 views

GE Fanuc Proficy Information Portal allows arbitrary file upload and execution

Overview GE Fanuc Proficy Information Portal allows authenticated users to upload arbitrary files. An attacker could upload an executable server-side script e.g., an .asp shell on a Microsoft Internet Information Server platform and execute arbitrary commands with the privileges of the web server...

7.5CVSS6.7AI score0.15436EPSS
Exploits6References3
cert
cert
added 2007/11/15 12:0 a.m.26 views

libFLAC contains multiple vulnerabilities

Overview libFLAC contains multiple vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description FLAC Free Lossless Audio Codec is a lossless audio format. libFLAC is a library that can process FLAC files. libFLAC contains multip...

9.3CVSS6.6AI score0.06748EPSS
Exploits0References4
cert
cert
added 2007/11/08 12:0 a.m.26 views

Apple QuickTime for Java may allow Java applets to gain elevated privileges

Overview Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java...

9.3CVSS7AI score0.25662EPSS
Exploits0References3
cert
cert
added 2007/07/27 12:0 a.m.26 views

ISC BIND does not correctly set default access controls

Overview ISC Internet Systems Consortiuim BIND fails to properly set default access control lists. This may allow unauthorized users to make recursive querries and querry the cache. Description From the ISC BIND security page:The default access control lists acls are not being correctly set. If n...

5.8CVSS7.9AI score0.06199EPSS
Exploits0References2
cert
cert
added 2007/06/27 12:0 a.m.26 views

602pro Lan Suite 2003 buffer overflow vulnerability

Overview 602pro Lan Suite 2003 contains a buffer overflow vulnerability that may allow an attacker to execute code. Description 602pro Lan Suite 2003 is a mail, firewall and proxy server that runs on the Microsoft Windows operating system.The 602pro Lan Suite 2003 SMTP server contains a buffer...

8.2AI score
Exploits0References3
cert
cert
added 2007/06/08 12:0 a.m.26 views

Yahoo! Webcam image upload ActiveX control vulnerable to arbitrary code execution

Overview The Yahoo! Webcam image upload ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over a...

7.9AI score
Exploits0References3
cert
cert
added 2007/06/06 12:0 a.m.26 views

Computer Associates Anti-Virus engine fails to properly handle long file names in CAB archives

Overview The Computer Associates Anti-Virus engine contains a stack-based buffer overflow that may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Computer Associates Anti-Virus engine contains a stack-based buffer overflow in the code responsible for processin...

10CVSS7.4AI score0.23405EPSS
Exploits0References3
cert
cert
added 2007/05/31 12:0 a.m.26 views

Logitech VideoCall multiple ActiveX controls contain stack buffer overflows

Overview Logitech VideoCall ActiveX controls contain multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Logitech VideoCall is video conferencing software for Windows. Logitech VideoCall includes...

6.8CVSS7AI score0.34059EPSS
Exploits3References2
cert
cert
added 2007/05/30 12:0 a.m.26 views

Apple QuickTime for Java security bypass vulnerability

Overview Apple QuickTime for Java fails to properly restrict the instantiation and manipulation of Java objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTim...

9.3CVSS7.2AI score0.05972EPSS
Exploits0References6
cert
cert
added 2007/05/30 12:0 a.m.26 views

Apple QuickTime for Java information disclosure vulnerability

Overview Apple QuickTime for Java fails to properly clear memory. As a result, sensitive information may be exposed to unintended parties. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This feature is known as QuickTime for Java. Apple...

7.1CVSS5.8AI score0.02786EPSS
Exploits0References6
cert
cert
added 2007/05/02 12:0 a.m.26 views

Cisco ASA fails to properly process DHCP relay packets

Overview The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and intrusion prevention system IPS features. DHCP relay allows...

6.9AI score
Exploits0References5
cert
cert
added 2007/04/18 12:0 a.m.26 views

Second Sight Software ActiveMod ActiveX control stack buffer overflow

Overview The Second Sight Software ActiveMod ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveMod is a music player that is provided as an ActiveX control...

6.8CVSS7.3AI score0.0585EPSS
Exploits0References3
cert
cert
added 2007/04/12 12:0 a.m.26 views

HP Mercury Interactive Quality Center Spider Module ActiveX control stack buffer overflow

Overview The HP Mercury Interactive Quality Center Spider Module ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Mercury Interactive Quality Center includes an ActiveX control...

9.3CVSS7.1AI score0.39735EPSS
Exploits4References5
cert
cert
added 2007/03/06 12:0 a.m.26 views

Apple QuickTime QTIF heap buffer overflow

Overview Apple QuickTime is vulnerable to a heap buffer overflow which may allow an attacker to execute arbitrary code or crash the system. Description A vulnerability exists in the way Apple QuickTime handles specially crafted QuickTime Image QTIF files. According to Apple QuickTime 7.1.5 securi...

5.8CVSS7AI score0.05964EPSS
Exploits1References8
cert
cert
added 2007/02/20 12:0 a.m.26 views

Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control buffer overflows

Overview The Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control contains multiple buffer overflows, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Trend Micro OfficeScan comes with a web-based administration console that makes use...

9.3CVSS6.8AI score0.34006EPSS
Exploits6References8
cert
cert
added 2007/02/15 12:0 a.m.26 views

McAfee Virex fails to properly authenticate the source of updates

Overview McAfee Virex automatic updates may not properly authenticate the source of updates. This may allow a remote attacker to execute arbitrary commands on a vulnerable system. Description McAfee Virex is anti-virus software for the Mac OS X platform. McAfee Virex 7 for Mac OS X connects to a...

7.5AI score
Exploits0References1
cert
cert
added 2007/02/09 12:0 a.m.26 views

Trend Micro Anti-Rootkit Common Module fails to properly restrict access to the "\\.\TmComm" DOS device interface

Overview A vulnerability exists in Trend Micro's Anti-Rootkit Common Module that may allow a local attacker to gain elevated privileges. Description Trend Micro AntiVirus is a virus scanner for Microsoft Windows and Linux. The Trend Micro Anti-Rootkit Common Module is included with Trend Micro...

7.2CVSS6.9AI score0.00946EPSS
Exploits0References6
cert
cert
added 2007/01/24 12:0 a.m.26 views

Online Media Technologies NCTsoft NCTAudioFile2 ActiveX buffer overflow

Overview The Online Media Technologies NCTsoft NCTAudioFile2 ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Online Media Technologies NCTsoft provides an ActiveX control...

9.3CVSS7.2AI score0.35162EPSS
Exploits4References26
cert
cert
added 2007/01/15 12:0 a.m.26 views

Cisco Secure Access Control Server fails to properly handle specially crafted Access-Request messages

Overview Several vulnerabilities in the RADIUS server supplied with Cisco Secure ACS products could allow a remote attacker to execute arbitrary code on an affected system. Description Cisco Secure ACS is a Remote Access Dial-In User Service RADIUS and Terminal Access Controller Access Control...

7.8CVSS8.1AI score0.04123EPSS
Exploits0References4
cert
cert
added 2006/12/08 12:0 a.m.26 views

Madwifi wireless driver buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the Madwifi wireless driver. If successfully exploited, an attacker may be able to execute arbitrary code, or cause a denial-of-service condition. Description The Madwifi driver is a Linux kernel device driver for Atheros-based 802.11 a/b/g...

7.5CVSS7.2AI score0.19817EPSS
Exploits5References4
cert
cert
added 2006/11/21 12:0 a.m.26 views

NaviCOPA Web Server fails to properly handle certain HTTP requests

Overview A vulnerability exists in the NaviCOPA Web Server. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description NaviCOPA Web Server is an HTTP server that is available for multiple versions of Microsoft Windows including Windows 98, NT, 2000,...

7.5CVSS7AI score0.66826EPSS
Exploits4References6
cert
cert
added 2006/11/14 12:0 a.m.26 views

Microsoft Agent fails to properly handle specially crafted .ACF files

Overview Microsoft Agent fails to properly handle specially crafted .ACF files and may allow a remote attacker to execute arbitrary code. Description Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easie...

7.5CVSS6.7AI score0.40143EPSS
Exploits0References3
cert
cert
added 2006/11/07 12:0 a.m.26 views

Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files

Overview A vulnerability in the way Clam AntiVirus processes Portable Executable PE files may lead to execution of arbitrary code. Description Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory:...

7.5CVSS9.7AI score0.20224EPSS
Exploits1References12
cert
cert
added 2006/09/12 12:0 a.m.26 views

Microsoft PGM vulnerable to remote code execution

Overview A buffer overflow vulnerability in Microsoft's Pragmatic General Multicast PGM protocol implementation may allow an attacker to execute arbitrary code. Description The Pragmatic General Multicast PGM protocol is an experimental protocol defined in RFC 3208. Microsoft's implementation of...

7.6CVSS7.6AI score0.26246EPSS
Exploits0References5
cert
cert
added 2006/08/11 12:0 a.m.26 views

Ruby on Rails fails to properly verify input passed via the URL

Overview Ruby on Rails fails to properly validate input. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Ruby on Rails is a web application programming framework. Ruby on Rails 1.1.4 and earlier contain a vulnerability in the processing of user input...

7.5CVSS6.9AI score0.03063EPSS
Exploits0References4
cert
cert
added 2006/08/08 12:0 a.m.26 views

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint fails to properly handle malformed records allowing a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint fails to properly handle malformed records. Specifically,...

7.5CVSS7.8AI score0.42779EPSS
Exploits0References1
cert
cert
added 2006/08/08 12:0 a.m.26 views

Microsoft Internet Explorer source element cross-domain vulnerability

Overview Microsoft Internet Explorer fails to properly handle redirects for source elements. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintain separation between browser...

7.5CVSS6.2AI score0.32358EPSS
Exploits0References2
cert
cert
added 2006/08/02 12:0 a.m.26 views

Apple Mac OS X ImageIO contains undetected memory failure in GIF image handling

Overview The Apple Mac OS X ImageIO framework contains a memory allocation flaw that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to...

5.1CVSS7.1AI score0.02636EPSS
Exploits1References2
cert
cert
added 2006/07/31 12:0 a.m.26 views

Mozilla Firefox may allow chrome URLs to reference remote files

Overview Mozilla products allow chrome URLs to reference remote files. This allows a remote attacker to execute code. Description Chrome The Mozilla user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window title...

2.6CVSS6AI score0.03093EPSS
Exploits0References8
cert
cert
added 2006/07/14 12:0 a.m.26 views

Cisco Router Web Setup (CRWS) contains an insecure default IOS configuration

Overview A vulnerability in the Cisco Router Web Setup CRWS web configuration tool on some Cisco 800 and SOHO series routers may allow remote execution of system-level commands with no authentication. Description Cisco Router Web Setup Tool The Cisco Router Web Setup tool, or CRWS, provides a GUI...

7.7AI score
Exploits0References2
cert
cert
added 2006/06/13 12:0 a.m.26 views

Microsoft Windows Media Player PNG processing buffer overflow

Overview Microsoft Windows Media Player contains a stack-based buffer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Windows Media Player Windows Media Player is a multimedia application that comes with...

9.3CVSS7.2AI score0.48723EPSS
Exploits5References1
cert
cert
added 2006/04/05 12:0 a.m.26 views

RealNetworks products fail to properly handle chunked data

Overview Numerous RealNetworks products do not properly handle chunked data. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer RealNetworks RealPlayer is a multimedia application that allows users to view local and...

9.3CVSS7.2AI score0.05783EPSS
Exploits5References5
cert
cert
added 2006/04/03 12:0 a.m.26 views

eBay contains a cross-site scripting vulnerability

Overview The eBay web site contains a cross-site scripting vulnerability. Description eBay is a popular auction web site. When an eBay user posts an auction, eBay allows SCRIPT tags to be included in the auction description. This creates a cross-site scripting vulnerability in the eBay website...

6.1AI score
Exploits0References9
cert
cert
added 2006/02/13 12:0 a.m.26 views

Multiple vendor SFTP logging format string vulnerability

Overview A logging function used by multiple vendors' SFTP servers contains a format string vulnerability, which may allow an authorized remote attacker to execute arbitrary code or cause a denial of service. Description SFTP SFTP Secure FTP is a file transfer application that uses SSH for...

8AI score
Exploits0References1
cert
cert
added 2005/10/21 12:0 a.m.26 views

Oracle Database Server buffer overflow in Security Component

Overview The Oracle Database Server Security Component contains a buffer overflow. Exploitation may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description A lack of input validation in the Oracle Database Server Security Component may allow a buffer...

8.1AI score
Exploits0References3
cert
cert
added 2005/10/21 12:0 a.m.26 views

Oracle Application Server SQL*ReportWriter vulnerability

Overview An unspecified vulnerability in the Oracle SQLReportWriter may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle SQLReportWriter is a component of the Oracle Application Server. There is an vulnerability in the Oracle...

6.5AI score
Exploits0References3
cert
cert
added 2005/09/22 12:0 a.m.26 views

VERITAS Storage Exec DCOM servers contain multiple buffer overflows

Overview VERITAS Storage Exec contains several buffer overflows, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description VERITAS Storage Exec is software package that performs storage management. Multiple DCOM server components provided by Storage Exec...

8AI score
Exploits0References4
cert
cert
added 2005/09/21 12:0 a.m.26 views

unace buffer overflow vulnerability

Overview A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code. Description The unace compression library is used to decompress ace archives .ace file extension. A lack of input validation on filenames in an ace archive may allow a buffer overflo...

5.1CVSS7.3AI score0.03243EPSS
Exploits0References6
cert
cert
added 2005/08/23 12:0 a.m.26 views

Computer Associates Message Queuing software vulnerable to buffer overflows

Overview Computer Associates Message Queuing software contains buffer overflow conditions, which may allow a remote attacker to execute arbitrary code with elevated privileges. Description Computer Associates Message Queuing CAM / CAFT is a software component that provides messaging services. CAM...

10CVSS7.5AI score0.75244EPSS
Exploits7References23
cert
cert
added 2005/07/13 12:0 a.m.26 views

WebEOC is vulnerable to a denial-of-service condition via uploading large files

Overview WebEOC does not properly impose size limits on files that a user can upload. This may allow a authorized attacker to exhaust system resources leading to a denial-of-service condition. Description WebEOC is a web-based crisis information management application that provides functions to...

2.1CVSS6AI score0.0048EPSS
Exploits0References3
cert
cert
added 2005/07/13 12:0 a.m.26 views

WebEOC implements weak algorithms to encrypt sensitive information

Overview WebEOC uses weak cryptographic algorithms to encrypt sensitive information. Description WebEOC is a web-based crisis information management application that provides functions to gather, coordinate, and disseminate information between emergency personnel and Emergency Operations Centers...

7.5CVSS7.4AI score0.00797EPSS
Exploits0References2
cert
cert
added 2005/07/07 12:0 a.m.26 views

AIX FTP server may not properly timeout ephemeral data ports

Overview The IBM AIX FTP server may be vulnerable to a denial-of-service condition when passive data ports are not closed properly. Description IBM AIX includes an FTP server, ftpd, which allows files to be transferred between hosts with the FTP protocol. This server is vulnerable to a condition...

6.6AI score
Exploits0References3
cert
cert
added 2005/06/14 12:0 a.m.26 views

Microsoft Agent vulnerable to trusted site spoofing

Overview Microsoft Agent contains a vulnerability that could allow a remote attacker to spoof trusted Internet content. Description Microsoft Agent is a software extension that enhances user interaction through the use of interactive personalities in the form of animated characters. Applications...

5.1CVSS6.2AI score0.12773EPSS
Exploits0References3
cert
cert
added 2005/04/13 12:0 a.m.26 views

Microsoft Object Management DoS Vulnerability

Overview Microsoft Object Management code has a buffer overflow vulnerability that can cause a system to reboot. Description A buffer overflow vulnerability in Microsoft Object Management code exists that could be attacked by sending specially crafted requests locally on an affected operating...

2.1CVSS6.4AI score0.02056EPSS
Exploits0References1
cert
cert
added 2005/03/18 12:0 a.m.26 views

McAfee Scan Engine vulnerable to buffer overflow in LHA decoder

Overview A buffer overflow vulnerability in the McAfee Virus Scan Engine may allow a remote attacker to execute arbitrary code on an affected system. Because the vulnerability exists in a core component, a number of different McAfee products are affected. Description The McAfee Antivirus products...

7.5CVSS7.6AI score0.07125EPSS
Exploits1References4
Total number of security vulnerabilities3704