Lucene search
K
CertMost viewed

3704 matches found

CERT
CERT
•added 2000/12/14 12:0 a.m.•22 views

Cenroll ActiveX Control allows creation of arbitrary files.

Overview The ActiveX control Cenroll permits unauthorized users to create files on the local system. Description The ActiveX control "Cenroll" clsid: 43F8F289-7A20-11D0-8F06-00C04FC295E1, which is ordinarily marked safe-for-scripting allows callers to create files and write to the registry with t...

6.7AI score
Exploits0References3
CERT
CERT
•added 2018/12/20 12:0 a.m.•21 views

Microsoft Windows MsiAdvertiseProduct function vulnerable to privilege escalation via race condition

Overview The Microsoft Windows MsiAdvertiseProduct function contains a race-condition vulnerability, which can allow an authentication attacker to elevate privileges to read protected files. Description The Microsoft Windows MsiAdvertiseProduct function allows a Windows installer product to...

6.9AI score
Exploits0References2
CERT
CERT
•added 2015/11/24 12:0 a.m.•21 views

Dell Foundation Services installs root certificate and private key (eDellRoot)

Overview Dell Foundation Services installs the eDellRoot certificate into theTrusted Root Certificate Store on Microsoft Windows systems. The certificate includes the private key. This allows attackers to create trusted certificates and perform impersonation, man-in-the-middle MiTM, and passive...

6.6AI score
Exploits0References13
CERT
CERT
•added 2015/08/17 12:0 a.m.•21 views

Cisco Prime Infrastructure contains SUID root binaries

Overview The Cisco Prime Infrastructure version 2.2 contains two binaries with SUID root world-executable privileges, allowing any local user to execute arbitrary commands as root. Description CWE-276: Incorrect Default Permissions Two binaries are included in Cisco Prime version 2.2 that run as...

8.2AI score
Exploits0References2
CERT
CERT
•added 2015/07/20 12:0 a.m.•21 views

N-Able RSMWinService contains hard coded security constants allowing decryption of domain administrator password

Overview SolarWinds N-Able N-Central is an agent-based enterprise support and management solution. N-Able N-Central contains several hard-coded encryption constants in the web interface that allow decryption of the password when combined. Description CWE-547: Use of Hard-coded, Security-relevant...

7.2AI score
Exploits0
CERT
CERT
•added 2015/03/17 12:0 a.m.•21 views

HP ArcSight contains multiple vulnerabilities

Overview HP ArcSight Logger and ESM contains multiple vulnerabilities. Description CWE-434: Unrestricted Upload of File with Dangerous Type - CVE PendingHP ArcSight Logger 5.3.1.6838.0 configuration import file upload capability does not sanitize file names, which allows a remote, authenticated...

7.9AI score
Exploits0References2
CERT
CERT
•added 2014/07/23 12:0 a.m.•21 views

Resin Pro improperly performs Unicode transformations

Overview Resin Pro 4.0.39 and possibly earlier versions improperly performs Unicode transformations. Description CWE-20:Improper Input Validation Resin Pro 4.0.39 and possibly earlier versions perform incorrect Unicode transformations on output to HTTP responses for ISO-8859-1. This allows an...

5CVSS6.2AI score0.01665EPSS
Exploits0References2
CERT
CERT
•added 2014/07/14 12:0 a.m.•21 views

Kaseya's agent driver contains NULL pointer dereference

Overview Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. Description CWE-476: NULL Pointer Dereference Kaseya's agent driver, kapfa.sys, is vulnerable to a NULL pointer dereference. --- Impact A local authenticated attacker may be able to cause a denial-of-service...

1.7CVSS6.7AI score0.0033EPSS
Exploits0References2
CERT
CERT
•added 2014/03/14 12:0 a.m.•21 views

Webmin contains a cross-site scripting vulnerability

Overview Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability. Description CWE-79: Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' Webmin 1.670, and possibly earlier versions, contains a cross-site scripting vulnerability in...

4.3CVSS5.9AI score0.01574EPSS
Exploits2References2
CERT
CERT
•added 2013/06/27 12:0 a.m.•21 views

Lookout Mobile Security contains a denial-of-service vulnerability

Overview Lookout Mobile Security version 8.14.1-7fe5f1, and possibly earlier versions, contains a denial-of-service vulnerability. Description Lookout Mobile Security version 8.14.1-7fe5f1 crashes if an intent is sent to com.lookout.security.ScanTell with no arguments. --- Impact A malicious...

4.3CVSS6.2AI score0.00975EPSS
Exploits0References1
CERT
CERT
•added 2011/05/02 12:0 a.m.•21 views

Proofpoint Protection Server contains multiple vulnerabilities

Overview Proofpoint Protection Server contains multiple vulnerabilities including authentication bypass, insufficient authorization checks, command injection, SQL injection, and directory traversal. Description Clear Skies Security's advisory states:"Enduser Authentication Bypass User-level acces...

8.3AI score
Exploits0References2
CERT
CERT
•added 2010/06/17 12:0 a.m.•21 views

Symantec AppStream and Workspace Streaming vulnerable to arbitrary code download and execution

Overview The Symantec AppStream and Workspace Streaming clients fail to properly validate downloads, which can allow a remote, unauthenticated attacker to download and execute arbitrary code on a vulnerable system. Description Symantec Workspace Streaming is a software distribution solution that...

9.3CVSS7AI score0.02477EPSS
Exploits0References4
CERT
CERT
•added 2010/04/02 12:0 a.m.•21 views

Foxit Reader vulnerable to arbitrary command execution

Overview Foxit Reader contains a vulnerability that may allow an attacker to execute arbitrary commands without requiring user interaction. Description Foxit Reader is software designed to view Portable Document Format PDF files. The Adobe PDF Reference supports a "Launch action" that "... launch...

7.9AI score
Exploits0References5
CERT
CERT
•added 2009/06/09 12:0 a.m.•21 views

eBay Enhanced Picture Uploader ActiveX control vulnerable to arbitrary command execution

Overview The eBay Enhanced Picture Uploader ActiveX control allows arbitrary commands to be executed. Description The eBay Enhanced Picture Uploader ActiveX control is used by the eBay web site to give Internet Explorer users additional functionality when uploading pictures to an auction. This...

9.3CVSS6.7AI score0.04065EPSS
Exploits0References3
CERT
CERT
•added 2009/02/26 12:0 a.m.•21 views

HP Virtual Rooms ActiveX control fails to restrict access to dangerous methods

Overview The HP Virtual Rooms ActiveX control contains methods that can be used to download and execute arbitrary code from an arbitrary server. Description HP Virtual Rooms is software for online collaboration. HP Virtual Rooms requires Internet Explorer, as one of the components is an ActiveX...

10CVSS6.3AI score0.07711EPSS
Exploits2References5
CERT
CERT
•added 2009/02/23 12:0 a.m.•21 views

Intercepting proxy servers may incorrectly rely on HTTP headers to make connections

Overview Proxy servers running in interception mode "transparent" proxies that make connection decisions based on HTTP header values may be used by an attacker to relay connections. Description HTTP Host Headers are defined in RFC 2616 and are often used to by web servers to allow multiple websit...

6.9AI score
Exploits0References8
CERT
CERT
•added 2008/05/21 12:0 a.m.•21 views

FireFTP filename directory traversal sequence vulnerability

Overview The FireFTP Mozilla Firefox extension contains a vulnerability that may allow an attacker to write files to arbitrary locations. Description FireFTP is a Firefox extension that provides FTP client functionality. Firefox extensions can run with Chrome privileges which allow them to...

7.1AI score
Exploits0References8
CERT
CERT
•added 2008/04/04 12:0 a.m.•21 views

C compilers may silently discard some wraparound checks

Overview Some C compilers optimize away pointer arithmetic overflow tests that depend on undefined behavior without providing a diagnostic a warning. Applications containing these tests may be vulnerable to buffer overflows if compiled with these compilers. Description In the C language, given th...

7.3AI score
Exploits0References2
CERT
CERT
•added 2008/01/15 12:0 a.m.•21 views

UPnP enabled by default in multiple devices

Overview Multiple vendors ship devices with UPnP enabled by default. By convincing a user to open a malicious URL, an attacker may be able to remotely control or configure UPnP enabled devices. Description Universal Plug and Play UPnP is a collection of protocols maintained and distributed by the...

6.5AI score
Exploits0References11
CERT
CERT
•added 2007/08/17 12:0 a.m.•21 views

Yahoo! Messenger webcam stream heap overflow

Overview Yahoo! Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description Yahoo! Messenger is an instant messaging application that is available for Windows, Mac, Unix, web, and mobile systems. Some version of Yahoo! Messenger, suc...

9.3CVSS7.6AI score0.09314EPSS
Exploits0References6
CERT
CERT
•added 2007/06/15 12:0 a.m.•21 views

Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods

Overview The Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Novell exteNd Director is a set of software development tools and...

9.3CVSS6.8AI score0.05971EPSS
Exploits1References4
CERT
CERT
•added 2007/05/29 12:0 a.m.•21 views

British Telecommunications Business Connect webhelper ActiveX control buffer overflows

Overview The British Telecommunications Business Connect webhelper ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The registration process for British Telecommunications BT intern...

7.8AI score
Exploits0References2
CERT
CERT
•added 2007/05/18 12:0 a.m.•21 views

OPeNDAP filesystem enumeration vulnerability

Overview The OPeNDAP server version 4 contains a file enumeration vulnerability. This vulnerability may allow an attacker to enumerate filesystem contents. Description OPeNDAP is a software package designed to help researchers exchange data sets that are stored in different formats. The most rece...

6.6AI score
Exploits0References3
CERT
CERT
•added 2007/04/30 12:0 a.m.•22 views

OPeNDAP code execution vulnerability

Overview OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server. Description From the OPenNDAP website:OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tool...

7.8AI score
Exploits0References5
CERT
CERT
•added 2007/04/23 12:0 a.m.•21 views

Microgaming Download Helper ActiveX control stack buffer overflow

Overview The Microgaming Download Helper ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microgaming provides software for online gaming, including online casinos. The Microgaming...

7.6AI score
Exploits0References4
CERT
CERT
•added 2007/02/21 12:0 a.m.•21 views

Trend Micro ServerProtect CMON_NetTestConnection() stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONNetTestConnectionroutine possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by sending a specially...

10CVSS7.2AI score0.73767EPSS
Exploits27References4
CERT
CERT
•added 2007/02/21 12:0 a.m.•21 views

Trend Micro ServerProtect STCommon stack buffer overflow

Overview Trend Micro ServerProtect contains a stack-based buffer overflow. Description Trend Micro ServerProtect fails to properly handle data passed to the CMONActiveUpdate and CMONActiveRollbackroutines possibly allowing a stack-based buffer overflow to occur. This overflow can be triggered by...

10CVSS7.2AI score0.73767EPSS
Exploits27References4
CERT
CERT
•added 2007/02/19 12:0 a.m.•21 views

Sourcefire Snort DCE/RPC preprocessor does not properly reassemble fragmented packets

Overview A vulnerability in the Sourcefire Snort DCE/RPC preprocessor may allow a remote, unauthenticated attacker to execute arbitrary code. Description Sourcefire Snort is a widely-deployed, open-source network intrusion detection system IDS. Snort and its components are used in other IDS...

10CVSS7.1AI score0.79319EPSS
Exploits15References10
CERT
CERT
•added 2007/01/31 12:0 a.m.•21 views

Sun Solaris fails to properly process ICMP packets

Overview Sun Solaris fails to properly handle ICMP packets, which may allow a remote, unauthenticated attacker to cause a denial of service. Description Sun Solaris 10 contains an unspecified error that can cause a system panic when handling a specially crafted ICMP packet. Note that Solaris 8 an...

6.9AI score
Exploits0References4
CERT
CERT
•added 2006/12/13 12:0 a.m.•21 views

MySpace fails to properly filter user-supplied content

Overview The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting. Description MySpace is a social networking web site that allows users to post blog entries, photos, videos, and other content. MySpace blocks user-supplied JavaScript and VBScri...

6.2AI score
Exploits0References6
CERT
CERT
•added 2006/09/01 12:0 a.m.•21 views

Retro64 / Miniclip CR64Loader ActiveX control buffer overflow

Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...

7.5CVSS7.4AI score0.04345EPSS
Exploits0References2
CERT
CERT
•added 2006/07/06 12:0 a.m.•21 views

eBay Enhanced Picture Services ActiveX control buffer overflow

Overview The eBay Enhanced Picture Services EPUImageControl Class ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to...

7.5CVSS7.2AI score0.04536EPSS
Exploits0References4
CERT
CERT
•added 2006/05/30 12:0 a.m.•21 views

Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages

Overview The Secure Elements Class 5 AVR client fails to properly validate pathnames supplied in messages, which may allow an attacker to overwrite any file on a vulnerable client as root. Description Class 5 AVR Secure Elements Class 5 AVR Automated Vulnerability Remediation is a security produc...

7.2AI score
Exploits0References1
CERT
CERT
•added 2005/10/20 12:0 a.m.•21 views

Oracle Enterprise Manager Oracle Agent contains a buffer overflow

Overview Oracle Enterprise Manager Oracle Agent contains a buffer overflow vulnerability. Exploitation may allow a remote, unauthenticated attacker to execute arbitrary code, possibly with elevated privileges. Description The Oracle Agent provides remote management services for Oracle Enterprise...

8.2AI score
Exploits0References4
CERT
CERT
•added 2005/10/11 12:0 a.m.•21 views

Microsoft DirectShow buffer overflow

Overview A buffer overflow in Microsoft DirectShow may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft DirectShow is a programming architecture for streaming multimedia on the Microsoft Windows platform. An input validation error in...

5CVSS7.5AI score0.40492EPSS
Exploits0References2
CERT
CERT
•added 2005/06/14 12:0 a.m.•21 views

Microsoft ISA Server 2000 vulnerable to privilege escalation via "NETBIOS" connection

Overview Microsoft Internet Security and Acceleration Server 2000 contains an elevation of privilege vulnerability that allows an attacker to create unintended NetBIOS service connections within the affected ISA Server host. Description Microsoft ISA Server 2000 contains firewall, virtual private...

7.5CVSS6.2AI score0.25806EPSS
Exploits0References2
CERT
CERT
•added 2005/05/19 12:0 a.m.•21 views

Groove Virtual Office COM objects may be accessed insecurely

Overview Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other too...

7.5AI score
Exploits0References6
CERT
CERT
•added 2005/05/11 12:0 a.m.•21 views

Sun StorEdge 6130 array may allow unauthorized users to delete data

Overview Some Sun StorEdge 6130 controller arrays may contain a flaw that allows a remote unprivileged user to gain unintended access and to delete arbitrary data. Description Sun StorEdge 6130 controller arrays with a serial number in the range 0451AWF00G - 0513AWF00J may contain an unknown flaw...

7.3AI score
Exploits0References2
CERT
CERT
•added 2005/03/14 12:0 a.m.•21 views

Apache Tomcat fails to properly handle certain requests

Overview Apache Tomcat does not properly handle certain types of requests allowing a remote attacker to cause a denial of service. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Tomcat uses the AJP12 protocol on TCP 8007 by default for...

7AI score
Exploits0
CERT
CERT
•added 2005/01/13 12:0 a.m.•21 views

Debian Linux Netkit telnetd-ssl contains a format string vulnerability

Overview Debian Linux Netkit telnetd-ssl contains a format string vulnerability that may allow a remote attacker to execute arbitrary code. Description An unspecified format string vulnerability in Debian Linux Netkit telnetd-ssl may allow a remote attacker to execute arbitrary code on a vulnerab...

7.5CVSS6.8AI score0.055EPSS
Exploits0References2
CERT
CERT
•added 2004/12/21 12:0 a.m.•21 views

phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter

Overview phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Description phpBB is an open-source bulletin board. A lack of inpu...

7.9AI score
Exploits0References3
CERT
CERT
•added 2004/11/03 12:0 a.m.•21 views

MailPost vulnerable to cross-site scripting via an executable requested with a trailing slash appended to the filename

Overview A cross-site scripting vulnerability is reported to exist in MailPost version 5.1.1sv and possibly earlier versions. Description According to a report by ProCheckUp, MailPost is vulnerable to a Cross-Site Scripting attack by adding a trailing '/' character to the executable filename. The...

6.1AI score
Exploits0References1
CERT
CERT
•added 2004/10/12 12:0 a.m.•21 views

Macromedia JRun Server is vulnerable to a cross-site scripting attack

Overview A cross-site scripting vulnerability exists in the Macromedia JRun Server Management Console that may allow an attacker to execute arbitrary code. Description JRun is an application server that works with most popular web servers such as Apache and IIS. Macromedia states that JRun is...

7AI score
Exploits0References4
CERT
CERT
•added 2004/09/17 12:0 a.m.•21 views

Mozilla may allow violation of cross-domain scripting policies via dragging

Overview A vulnerability affecting Mozilla web browsers may allow violation of cross-domain scripting policies and possibly execute code originating from a remote source. Description Mozilla web browsers allow the dragging of links and objects from one window to another. Should the object copied ...

6.9AI score
Exploits0References5
CERT
CERT
•added 2004/08/23 12:0 a.m.•21 views

Powie's PSCRIPT Forum fails to filter user posts

Overview Powie's PSCRIPT Forum fails to properly sanitize user input, which allows an attacker to create a user profile that can execute arbitrary scripts in a victim's web browser when the victim views the profile. Description Powie's PSCRIPT Forum is an online forum application written in PHP...

6.9AI score
Exploits0References5
CERT
CERT
•added 2004/06/09 12:0 a.m.•21 views

Cisco IPsec VPNSM vulnerable to DoS via malformed IKE packet

Overview A vulnerability in a Cisco VPN module can allow a remote attacker to cause a denial-of-service to the device in which the module is installed. Description The Cisco IP Security IPsec VPN Services Module VPNSM is a high-speed module for the Cisco Catalyst 6500 Series Switch and the Cisco...

7AI score
Exploits0References1
CERT
CERT
•added 2004/04/30 12:0 a.m.•21 views

Gaim contains a buffer overflow vulnerability in the yahoo_decode() function

Overview There is a buffer overflow vulnerability in the Gaim yahoodecode function, which could cause a pointer to reference memory beyond the terminating null byte. Description Gaim is a multi-protocol instant messenger available for a number of operating systems. It supports a variety of instan...

9.8CVSS9.7AI score0.11214EPSS
Exploits1References5
CERT
CERT
•added 2004/04/06 12:0 a.m.•21 views

Monit fails to properly handle negative Content-Length fields

Overview Monit fails to properly handle HTTP requests containing a negative Content-Length field. Description Monit is a utility to monitor system processes, files, directories, devices, and remote hosts. It provides a web-based interface that can be used to access the Monit server. When processi...

7.2AI score
Exploits0References5
CERT
CERT
•added 2004/01/27 12:0 a.m.•21 views

KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability in VCF information reader

Overview KDE Personal Information Management suite "kdepim" contains a buffer overflow vulnerability. Exploitation of this vulnerability could lead to the arbitrary execution of commands. Description KDE Personal Information Management suite shipped with KDE versions 3.1.0 through 3.1.4 contains ...

7.5CVSS7.5AI score0.06151EPSS
Exploits0References3
CERT
CERT
•added 2003/03/24 12:0 a.m.•21 views

Multi-Tech ProxyServers ship with null password for administrative access

Overview Some versions of the Multi-Tech ProxyServer products ship without a default password for the administrative interface. Description Some versions of the Multi-Tech ProxyServer products ships without a default password for the administrative interface permitting unauthenticated access via...

7.4AI score
Exploits0References1
Total number of security vulnerabilities3704