Lucene search
+L
CertMost viewed

3704 matches found

cert
cert
•added 2005/06/08 12:0 a.m.•25 views

Apple Mac OSX executes arbitrary widget with same "bundle identifier" as system widget

Overview Apple Mac OS X Tiger Dashboard executes arbitrary widgets with the same "bundle identifier" as a system widget. This can allow a user-installed widget to override a system-installed one. Description DashboardDashboard is a new feature introduced in Apple Mac OS X Tiger 10.4. Dashboard is...

7.5CVSS6.8AI score0.01832EPSS
Exploits1References6
cert
cert
•added 2005/05/16 12:0 a.m.•25 views

Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable

Overview A buffer overflow in Mac OS X Foundation Framework's processing of environment variables may lead to elevated privileges. Description A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of...

4.6CVSS7.3AI score0.00996EPSS
Exploits0References3
cert
cert
•added 2005/02/21 12:0 a.m.•25 views

WinAmp playlist handling may allow a remote buffer overflow and arbitrary code execution

Overview WinAmp contains a flaw which may allow a remote system compromise if a maliciously crafted playlist is loaded. Description Nullsoft's WinAmp is a multimedia system for Microsoft Windows. WinAmp allows users to create and use "playlists" to play their multimedia files in a customized...

10CVSS7.4AI score0.17257EPSS
Exploits1References7
cert
cert
•added 2005/01/20 12:0 a.m.•25 views

Microsoft Windows Indexing Service fails to properly handle query validation

Overview A vulnerability in the Microsoft Indexing Service could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Indexing Service provides applications and scripts with a means of managing, querying, and indexing information in file systems or web...

10CVSS7.9AI score0.42824EPSS
Exploits0References1
cert
cert
•added 2005/01/05 12:0 a.m.•25 views

Symantec Brightmail Anti-Spam Spamhunter UTF encoding error

Overview Symantec Brightmail Anti-Spam Spamhunter crashes when trying to convert certain valid character sets to UTF, resulting in a denial-of-service condition. Description Brightmail Anti-Spam Spamhunter is a spam filter designed for corporate environments. The Brightmail Anti-Spam Spamhunter...

6.9AI score
Exploits0References4
cert
cert
•added 2004/12/01 12:0 a.m.•25 views

Sun Java System Web Proxy Server vulnerable to buffer overflow

Overview Buffer overflow vulnerabilities in the Java System Web Proxy Server may allow remote attackers to execute arbitrary code or cause a denial-of-service condition. Description The Java System Web Proxy Server is a caching HTTP proxy server. A lack of bounds checking in the Java System Web...

8.5AI score
Exploits0References4
cert
cert
•added 2004/10/13 12:0 a.m.•25 views

Microsoft Windows SMTP component vulnerable to remote code execution

Overview A vulnerability in the mail handling service in some versions of Microsoft Windows could allow a remote attacker to compromise the affected system. Description The Simple Mail Transfer Protocol SMTP is the most common protocol for the delivery of electronic mail between systems on the...

10CVSS7AI score0.30291EPSS
Exploits0References2
cert
cert
•added 2004/09/09 12:0 a.m.•25 views

Apple Mac OS X CoreFoundation contains a buffer overflow vulnerability

Overview There is a vulnerability in the Mac OS X CoreFoundation framework that could allow a local attacker to execute arbitrary code. Description The Core Foundation framework CoreFoundation.framework is designed to allow code and data sharing between frameworks, libraries, and applications in...

7.2CVSS7.3AI score0.00529EPSS
Exploits0References4
cert
cert
•added 2004/07/12 12:0 a.m.•25 views

MySQL fails to properly handle overly long "scramble" values

Overview There is a buffer overflow vulnerability in the way MySQL handles overly long "scramble" strings, which could allow an attacker to cause a denial of service or potentially execute arbitrary code. Description MySQL is an open-source database system available for Microsoft Windows, Linux,...

10CVSS7.5AI score0.07816EPSS
Exploits0References4
cert
cert
•added 2004/06/15 12:0 a.m.•25 views

Cisco CatOS TCP ACK handling vulnerability

Overview A vulnerability in Cisco CatOS may allow a remote attacker to cause a denial of service on an affected device. Description Cisco's CatOS is an operating system that runs on some Cisco Catalyst switch products. A vulnerability in the way that TCP services on CatOS handle malformed...

5CVSS6.6AI score0.03131EPSS
Exploits0References1
cert
cert
•added 2004/05/13 12:0 a.m.•25 views

Multiple Symantec firewall products contain a heap corruption vulnerability in the handling of NBNS response packets

Overview There is a heap corruption vulnerability in multiple Symantec firewall products in which attempts to process a specially crafted NetBIOS Name Service NBNS response packet could allow an unauthenticated, remote attacker to execute arbitrary code with kernel privileges. Description Symante...

10CVSS7.8AI score0.12798EPSS
Exploits0References3
cert
cert
•added 2004/04/30 12:0 a.m.•25 views

Gaim contains an off-by-one buffer overflow vulnerability in the gaim_quotedp_decode() function

Overview There is an off-by-one buffer overflow vulnerability in the Gaim MIME decoder. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It includes a feature that requires Gaim to decode MIME-encoded data. There is an off-by-one buffer overflow...

9.8CVSS9.6AI score0.11214EPSS
Exploits1References5
cert
cert
•added 2004/04/20 12:0 a.m.•25 views

Cisco IOS fails to properly process solicited SNMP operations

Overview Cisco IOS contains a vulnerability in the processing of solicited Simple Network Management Protocol SNMP operations that may result in memory corruption of the device causing it to reload. Sustained exploitation of this vulnerability could lead to a denial of service condition affect a...

7.3AI score
Exploits0References2
cert
cert
•added 2004/03/10 12:0 a.m.•25 views

Microsoft Windows Media Services fails to properly validate TCP requests

Overview Microsoft Windows Media Services fails to properly validate TCP requests which could allow a remote, unauthenticated attacker to cause the services to refuse new TCP connections. Description Microsoft Windows Media Services is an optional component that provides the ability to deliver...

5CVSS6.3AI score0.25824EPSS
Exploits0References3
cert
cert
•added 2004/02/27 12:0 a.m.•25 views

Oracle9i Database contains buffer overflow in TIME_ZONE session parameter

Overview Oracle9i Database contains a buffer overflow in the TIMEZONE session parameter which could allow anyone who can query the server to execute arbitrary code or access data with the privileges of the vulnerable process. Description The TIMEZONE parameter is a session parameter that specifie...

8.2AI score
Exploits0References3
cert
cert
•added 2004/02/23 12:0 a.m.•25 views

Microsoft Windows Internet Naming Service (WINS) fails to properly validate the length of specially crafted packets

Overview Microsoft Windows Internet Naming Service WINS fails to properly validate the length of specially crafted packets which could allow an unauthenticated, remote attacker to cause a denial-of-service condition. Description The Windows Internet Naming Service WINS maps IP addresses to NETBIO...

9.3CVSS6.7AI score0.12099EPSS
Exploits0References2
cert
cert
•added 2003/11/04 12:0 a.m.•25 views

Multiple vulnerabilities in X.400 implementations

Overview Multiple vulnerabilities exist in different vendors' X.400 implementations. The impacts of these vulnerabilities are varied and range from denial of service to potential remote execution of arbitrary code. Description The U.K. National Infrastructure Security Co-ordination Center NISCC h...

5CVSS7AI score0.02507EPSS
Exploits0References3
cert
cert
•added 2003/10/30 12:0 a.m.•25 views

Cisco Lightweight Extensible Authentication Protocol (LEAP) uses passwords that are vulnerable to dictionary attacks

Overview The Cisco LEAP protocol uses hashed passwords that are vulnerable to dictionary attacks. Successful attackers will be able to gain unauthorized access to affected networks. Description The Cisco Lightweight Extensible Authentication Protocol LEAP provides an authentication mechanism for...

7.7AI score
Exploits0References9
cert
cert
•added 2003/10/30 12:0 a.m.•25 views

Avaya Argent Office requests 'HoldMusic' file from broadcast address via TFTP

Overview This vulnerability allows unauthenticated users to upload call holding music to affected devices. Description The Avaya Argent Office sends broadcast TFTP requests to obtain a file named "HoldMusic" that is used to supply hold music for customers who dial into the device. Therefore, an...

6.8AI score
Exploits0References1
cert
cert
•added 2003/09/22 12:0 a.m.•25 views

WS_FTP Server vulnerable to buffer overflow when supplied overly long "STAT" command

Overview It has been reported that a vulnerability exists in the processing of a "STAT" command on WSFTP Servers versions 4.x and prior. Exploitation of this vulnerability may lead to an authenticated user executing arbitrary code with the elevated privileges of the server process. Description...

8AI score
Exploits0References2
cert
cert
•added 2003/06/23 12:0 a.m.•25 views

Cisco VPN 3000 Concentrator vulnerable to DoS via large number of malformed ICMP packets

Overview A vulnerability in some Cisco Virtual Private Network VPN products could allow a remote attacker to cause a denial of service. Description The Cisco VPN 3000 Series Concentrators and the Cisco VPN 3002 Hardware Clients are Virtual Private Network VPN platforms designed to provide secure...

5CVSS6.6AI score0.02131EPSS
Exploits0References2
cert
cert
•added 2003/06/01 12:0 a.m.•25 views

OpenVMS page management vulnerability

Overview Old versions circa 1993 of OpenVMS and OpenVMS AXP contain a vulnerability related to page management. Description There is a vulnerability related to page management in old versions circa 1993 of Open VMS. An exploit for this vulnerability, written in MACRO-32, was available at the time...

7.2CVSS6.3AI score0.00351EPSS
Exploits0
cert
cert
•added 2003/04/10 12:0 a.m.•25 views

Microsoft Windows Virtual Machine (VM) ByteCode Verifier fails to properly check Java applets for malicious code

Overview The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. Description The Microsoft VM bytecode verifier fails to check for certain malicious code in a Java applet. If an intruder can convince a victim to run a malicious Java applet, the intruder coul...

7.5CVSS6.8AI score0.41212EPSS
Exploits0References10
cert
cert
•added 2003/04/10 12:0 a.m.•25 views

SGI IRIX "xfsdump" creates quota information files insecurely

Overview A vulnerability exists in xfsdump on SGI IRIX. Exploitation of this vulnerability may allow a local attacker to gain root privileges. Because other operating systems ship with xfsdump, vendors other than SGI may be affected. Description From the xfsdump man page:xfsdump backs up files an...

7.2CVSS5.6AI score0.00489EPSS
Exploits0References2
cert
cert
•added 2003/03/13 12:0 a.m.•25 views

Protegrity Secure.Data for Microsoft SQL Server 2000 contains buffer overflows in extended stored procedures

Overview Protegrity Secure.Data for Microsoft SQL Server 2000 includes several extended stored procedures that contain buffer overflow vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code, gain access to databases, or cause a denial of service. Descriptio...

10CVSS8.3AI score0.04751EPSS
Exploits0References6
cert
cert
•added 2003/02/19 12:0 a.m.•25 views

Lotus Notes and Domino COM Object Control Handler contains buffer overflow

Overview Lotus Notes is a client application that provides access to Lotus Domino servers. A vulnerability exists that could permit a remote attacker to cause a user to execute arbitrary code. Description A buffer overflow vulnerability exists in the in both Lotus Notes clients and Domino Servers...

8.1AI score
Exploits0References4
cert
cert
•added 2002/12/12 12:0 a.m.•25 views

Microsoft Internet Explorer does not adequately validate references to cached objects and methods

Overview Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zon...

7.5CVSS8AI score0.11986EPSS
Exploits0References17
cert
cert
•added 2002/12/09 12:0 a.m.•25 views

Pine MUA contains buffer overflow in addr_list_string()

Overview Pine is a mail user agent MUA written and distributed by the University of Washington. Some versions contain a buffer overflow vulnerability in email address handling. Description Versions of Pine prior to 4.50 contain a remotely exploitable buffer overflow in the addrliststring function...

5CVSS6.9AI score0.09617EPSS
Exploits1References3
cert
cert
•added 2002/12/05 12:0 a.m.•25 views

Sun Solaris priocntl(2) does not adequately validate path to kernel modules that implement lightweight process (LWP) scheduling policy

Overview The Sun Solaris priocntl2 function does not adequately validate a memory structure that specifies the name of a kernel module. As a result, a local attacker could execute arbitrary code with superuser privileges on a vulnerable system. Description The Sun Solaris priocntl2 function...

7.2CVSS6.8AI score0.00619EPSS
Exploits0References6
cert
cert
•added 2002/10/17 12:0 a.m.•25 views

gv contains buffer overflow in sscanf() function

Overview A remotely exploitable buffer overflow vulnerability exists in gv. Description A remotely exploitable buffer overflow vulnerability exists in gv. gv allows a user to view and navigate PostScript and PDF documents by providing an interface to the ghostscript interpreter. This vulnerabilit...

4.6CVSS7.1AI score0.02025EPSS
Exploits1References4
cert
cert
•added 2002/09/27 12:0 a.m.•25 views

Savant Web Server has a buffer overflow vulnerability

Overview Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. Description Savant Web Server has a buffer overflow vulnerability in handling of the HTTP 1.1 Host header. HTTP requests with long Host headers will cause Savant to crash. --- Impact Remote...

8.2AI score
Exploits0References1
cert
cert
•added 2002/09/27 12:0 a.m.•25 views

PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution

Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...

7.5CVSS7.1AI score0.01875EPSS
Exploits0References1
cert
cert
•added 2002/09/27 12:0 a.m.•25 views

MS Excel XLM Text Macro execution fails to trigger warning when default medium security set

Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...

7.2CVSS7.1AI score0.01554EPSS
Exploits0References7
cert
cert
•added 2002/09/27 12:0 a.m.•25 views

Microsoft Windows Media Player ActiveX control allows execution of javascript in "already open" frames

Overview A vulnerability in the Windows Media Player may allow remote attackers to view the contents of local files on the victim's computer. Description Using the "LaunchURL" method of the Windows Media Player ActiveX control, a web page author may be able to circumvent the frame security featur...

7.7AI score
Exploits0References2
cert
cert
•added 2002/09/24 12:0 a.m.•25 views

AdCycle does not adequately validate user input thereby allowing for SQL injection

Overview AdCycle does not adequately filter user input, allowing remote attackers to execute arbitrary MySQL queries. Description AdCycle is a shareware banner ad management system written in Perl and designed to work with a MySQL database. AdCycle does not adequately filter multiple unspecified...

5CVSS6.8AI score0.0152EPSS
Exploits0References2
cert
cert
•added 2002/09/16 12:0 a.m.•25 views

Microsoft Windows 2000 vulnerable to DoS via malformed packets sent to port 445/tcp

Overview The default configuration of Microsoft Windows 2000 does not properly handle malformed packets received on TCP port 445. As a result, Windows may cease to function normally upon receipt of malformed packets on this port. Description Microsoft LAN Manager LANMAN is enabled by default on...

5CVSS6.3AI score0.515EPSS
Exploits1References1
cert
cert
•added 2002/08/27 12:0 a.m.•25 views

Microsoft Windows Terminal Services Advanced Client (TSAC) contains buffer overflow in process that handles input parameters

Overview Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. Description The Microsoft Windows Terminal Services Advanced Client TSAC contains a remotely exploitable buffer overflow. This ActiveX control provides a way to deliver Terminal...

7.5CVSS7.6AI score0.1737EPSS
Exploits0References2
cert
cert
•added 2002/06/12 12:0 a.m.•25 views

Microsoft Internet Explorer contains buffer overflow in handling of gopher replies

Overview There is a buffer overflow in Internet Explorer when IE receives information from a gopher service. Description Gopher is a protocol that presents documents and services in a hierarchal representation, and is similar in some ways to HTTP. Internet Explorer reportedly contains a buffer...

7.5CVSS7.4AI score0.54441EPSS
Exploits0References4
cert
cert
•added 2002/05/29 12:0 a.m.•25 views

Macromedia JRun ISAPI DLL filter vulnerable to buffer overflow via request for long Host header field

Overview A remotely exploitable buffer overflow exists in Macromedia's JRun version 3.1 on Win32 platforms. Description A remotely exploitable buffer overflow exists in the Win32 version of Macromedia's JRun version 3.1 on Win32 platforms.JRun is an application server that works with most popular...

10CVSS7.5AI score0.09133EPSS
Exploits0References5
cert
cert
•added 2002/05/21 12:0 a.m.•25 views

SSHD allows users to override "AllowedAuthentications" configuration thereby permitting users to provide any type of authentication

Overview A remotely exploitable authentication vulnerability exists in the SSH Communications Security SSH Secure Shell server, and possibly other SSH servers. Description SSH is a program used to provide secure communications between hosts. Versions 3.0.0 - 3.1.1 of SSH Secure Shell for Servers...

7.4AI score
Exploits0References3
cert
cert
•added 2002/03/29 12:0 a.m.•25 views

Jana Server does not adequately validate user input thereby allowing directory traversal

Overview Jana Server contains a directory traversal vulnerability. Description Versions 1.4x of Jana Server, a web server for Windows developed by T. Hauck, do not properly filter requests for hexadecimal encodings of ".." dot-dot and allows directory traversal out of the HTTP document root...

5CVSS6.2AI score0.10532EPSS
Exploits1References3
cert
cert
•added 2002/03/12 12:0 a.m.•25 views

Oracle9i Application Server Apache PL/SQL module vulnerable to buffer overflow via HTTP Location header

Overview A buffer overflow vulnerability exists in the Apache Procedural Language/Structured Query Language PL/SQL module used by Oracle9i Application Server iAS. This vulnerability could allow an unauthenticated remote attacker to cause a denial of service or execute arbitrary code on the system...

8.7AI score
Exploits0References2
cert
cert
•added 2002/01/31 12:0 a.m.•25 views

AOL Instant Messenger exposes local file path during file transfers

Overview AOL Instant Messenger AIM disclose local file paths during transfer. Description AOL Instant Messenger AIM is a program for communicating with other users over the Internet. AIM permits users to transfer files from one client to another. When the file is transferred, the entire local pat...

5CVSS5.9AI score0.00992EPSS
Exploits0References1
cert
cert
•added 2001/09/14 12:0 a.m.•25 views

Beck GmbH IPC@Chip does not adequately validate user input thereby disclosing sensitive network data via crafted URL

Overview An insecure default configuration in the Beck IPC@CHIP allows an intruder to obtain priviledged system information. Description The Beck IPC@CHIP is a single chip embedded webserver. The Beck IPC@CHIP ships with a cgi script named "ChipCfg". Using a specially crafted url, an attacker can...

5CVSS5.8AI score0.03202EPSS
Exploits4References2
cert
cert
•added 2001/08/21 12:0 a.m.•25 views

Linux dump uses environment variables insecurely, allowing for root compromise

Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...

7.2CVSS7.1AI score0.01146EPSS
Exploits1References3
cert
cert
•added 2001/08/18 12:0 a.m.•25 views

Microsoft Windows 2000 SMTP service fails to properly authenticate credentials of unauthorized user (MS01-037)

Overview A vulnerability exists in the SMTP service installed by default on Microsoft Windows 2000 Server and optionally on Windows 2000 professional that could allow an intruder to use the service to send mail. Description The Simple Mail Transfer Protocol SMTP is the standard protocol used to...

7.5CVSS5.9AI score0.23061EPSS
Exploits0References4
cert
cert
•added 2001/07/30 12:0 a.m.•25 views

Allaire ColdFusion Server contains vulnerability allowing unauthorized user read/delete access to files

Overview A vulnerability exists in Allaire ColdFusion Server which allows an attacker to have unauthorized read and delete access to files on the target host. Description A remotely exploitable vulnerability exists in the Allaire ColdFusion Server which could allow an attacker to have unauthorize...

6.4CVSS6.1AI score0.01926EPSS
Exploits0References2
cert
cert
•added 2001/07/24 12:0 a.m.•25 views

Microsoft Services for UNIX Telnet server is vulnerable to denial of service via memory leak

Overview The telnet server included in the Microsoft Services for Unix package contains a denial-of-service vulnerability that may cause the system to become unstable or crash. Description The telnet server included in the Microsoft Services for Unix SFU package contains a memory leak that can le...

5CVSS6AI score0.33363EPSS
Exploits0References2
cert
cert
•added 2001/06/18 12:0 a.m.•25 views

man 'makewhatis' insecurely uses /tmp

Overview The 'makewhatis' script in the Linux man package allows local users to overwrite files via a symlink attack. Description The 'makewhatis' program is a Bourne shell script that ships with many Linux distributions in the 'man' package of programs. The 'makewhatis' script creates files in t...

7.2CVSS6.2AI score0.00398EPSS
Exploits0References5
cert
cert
•added 2001/05/01 12:0 a.m.•25 views

Hewlett-Packard HP-UX newgrp command does not function properly

Overview A security vulnerability exists in thenewgrp command on certain Hewlett-Packard systems. Description HP9000 servers running HP-UX release 11.11 contain a security vulnerability allowing users to gain increased capability. No further details are available. See HP document HPSBUX0103-147...

7AI score
Exploits0
Total number of security vulnerabilities3704