Lucene search
K
CertMost viewed

3702 matches found

CERT
CERT
added 2004/02/23 12:0 a.m.13 views

IMail Server LDAP daemon buffer overflow

Overview A buffer overflow in the LDAP server component supplied with some versions of the Ipswitch IMail Server could allow a remote attacker to execute arbitrary code on the vulnerable system. Description A buffer overflow flaw exists in the way that the Lightweight Directory Access Protocol LD...

8AI score
Exploits0References2
CERT
CERT
added 2004/02/06 12:0 a.m.13 views

Multiple Real media players fail to properly validate RMP files

Overview Multiple Real media players fail to properly validate RealJukebox Metadata Package RMP files which may permit an attacker to download and execute arbitrary code on the user's system. Description RealNetworks Real media players are multimedia applications that allow users to view local an...

7.6AI score
Exploits0References3
CERT
CERT
added 2004/01/26 12:0 a.m.13 views

Sun Solaris allows unprivileged local user to load arbitrary kernel modules

Overview Sun Solaris allows an unprivileged local user to load arbitrary kernel modules. Description Sun Solaris supports loadable kernel modules LKMs. LKMs are pieces of code that can be dynamically loaded and unloaded into the kernel. Sun Solaris contains a vulnerability that could allow an...

7.1AI score
Exploits0References3
CERT
CERT
added 2003/09/25 12:0 a.m.13 views

Solaris libc getopt(3) contains buffer overflow

Overview Solaris libc getopt3 contains a buffer overflow vulnerability. Please note the date of this report: 1/27/1997. This does not affect current versions of Solaris. Description From :A buffer overflow condition exists in the getopt3 routine in Solaris libc. By supplying an invalid option and...

7.8AI score
Exploits0References2
CERT
CERT
added 2003/06/23 12:0 a.m.13 views

Sun Management Center (SunMC) allows user to create or overwrite arbitrary files

Overview The Sun Management Center SunMC contains a vulnerability that could allow an attacker to create or overwrite any file on the system. Description An unknown vulnerability exists in the Sun Management Center SunMC, according to a Sun Alert Notification. According to that document,...

6.8AI score
Exploits0References2
CERT
CERT
added 2003/05/28 12:0 a.m.13 views

HP-UX "rexec" command vulnerable to buffer overflow when supplied overly long command line argument to "-l" option

Overview A buffer overflow vulnerability in the rexec program supplied in some versions of the HP-UX operating system could allow local users to gain privileged access. Description The rexec program allows local users to execute commands on remote servers. rexec calls the rexec subroutine to act ...

7.9AI score
Exploits0References1
CERT
CERT
added 2003/03/19 12:0 a.m.13 views

IBM Tivoli Firewall Toolbox contains vulnerability

Overview A vulnerability in the Tivoli Firewall Toolbox version 1.2 has been discovered that can lead to remote unauthorized compromise of the environment with in the firewall system. Description A buffer overflow vulnerability in the communications layer of the Tivoli Firewall Toolbox has been...

8.1AI score
Exploits0
CERT
CERT
added 2003/02/18 12:0 a.m.13 views

Oracle9i Database contains remotely exploitable buffer overflow in "BFILENAME" function

Overview A remotely exploitable buffer overflow vulnerability exists in Oracle9i Database. Description A buffer overflow vulnerability exists on all platforms in the following versions of Oracle 9i Database: Oracle9i Database Release 2 9i Release 1 8i 8.1.7 8.0.6 A buffer overflow exists in...

8AI score
Exploits0References3
CERT
CERT
added 2003/02/18 12:0 a.m.13 views

Oracle9i Application Server MOD_ORADAV Module vulnerable to DoS

Overview A remotely exploitable denial-of-service vulnerability exists in the Oracle9i Application Server MODORADAV Module. Description Oracle has described this vulnerability as follows:A potential security vulnerability has been discovered in Oracle9i Application Server. A knowledgeable and...

6.7AI score
Exploits0References2
CERT
CERT
added 2003/01/15 12:0 a.m.13 views

BEA WebLogic Server "ResourceAllocationException" exception may disclose user password

Overview A vulnerability in BEA's WebLogic Server may disclose sensitive information. Description From the BEA WebLogic Server 7.0 Overview:BEA WebLogic Server is a fully featured, standards-based application server providing the foundation on which an enterprise can build its applications. BEA...

7AI score
Exploits0References1
CERT
CERT
added 2002/12/03 12:0 a.m.13 views

Cyrus IMAP Server contains a buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in versions of Cyrus IMAP Server up to and including 2.1.10. This vulnerability may allow a remote attacker to execute arbitrary code on the mail server with the privileges of the Cyrus IMAP Server. Description Cyrus IMAP Server is an e-mail...

8.4AI score
Exploits0References1
CERT
CERT
added 2002/09/24 12:0 a.m.13 views

Cherokee Web Server does not adequately validate user input thereby allowing directory traversal

Overview Cherokee contains a directory traversal vulnerability caused by failure to filter '../' character sequences. Description Cherokee is a compact, open-source web server. Cherokee does not filter '../' sequences from HTTP requests. As a result, it is possible for a remote attacker to reques...

6.9AI score
Exploits0References2
CERT
CERT
added 2002/09/16 12:0 a.m.13 views

IBM AIX vulnerable to buffer overflow in RPC routines

Overview IBM AIX contains a possible buffer-overflow vulnerability. Description Version 4.3 of IBM AIX has a possible buffer-overflow vulnerability in its RPC routines, due to use of an incorrect variable data type. No further information is available from the vendor. --- Impact The complete impa...

6.5AI score
Exploits0References1
CERT
CERT
added 2002/09/10 12:0 a.m.13 views

HP Tru64 UNIX "csh" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "csh" contains a locally exploitable buffer overflow. Description "csh" is used to invoke the C shell and interpret commands. A locally exploitable buffer overflow in "csh" may permit a local attacker to gain elevated privileges and execute arbitrary...

8.3AI score
Exploits0References1
CERT
CERT
added 2002/09/10 12:0 a.m.13 views

HP Tru64 UNIX "inc" contains buffer overflow (SSRT2275)

Overview The HP Tru64 UNIX implementation of "inc" contains a locally exploitable buffer overflow. Description "inc" is used to incorporate new mail. A locally exploitable buffer overflow in "inc" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...

8.2AI score
Exploits0References1
CERT
CERT
added 2002/09/10 12:0 a.m.13 views

HP Tru64 UNIX "ps" contains buffer overflow (SSRT2256)

Overview The HP Tru64 UNIX implementation of "ps" contains a locally exploitable buffer overflow. Description "ps" is used to display information about running processes. A locally exploitable buffer overflow in "ps" may permit a local attacker to gain elevated privileges and execute arbitrary co...

8.2AI score
Exploits0References1
CERT
CERT
added 2002/09/09 12:0 a.m.13 views

HP Tru64 UNIX "at" contains buffer overflow (SSRT2189)

Overview The HP Tru64 UNIX implementation of "at" contains a locally exploitable buffer overflow. Description "at" is used to run a job at a later time. A locally exploitable buffer overflow in "at" may permit a local attacker to gain elevated privileges and execute arbitrary code on a vulnerable...

8.2AI score
Exploits0References1
CERT
CERT
added 2002/08/01 12:0 a.m.13 views

ncompress vulnerable to buffer overflow via long filename

Overview Some versions of ncompress contain a buffer-overflow vulnerability. Description Versions 4.2.4 and earlier of ncompress do not properly handle filenames longer than 1023 characters. --- Impact By supplying long filenames to ncompress, an attacker may be able to gain local access to the...

7.6AI score
Exploits0References1
CERT
CERT
added 2002/04/05 12:0 a.m.13 views

AOL Instant Messenger vulnerable to DoS via crafted GIF file

Overview AOL Instant Messenger AIM is an application that allows one peer to communicate with another. A vulnerability exists that can crash the client of a victim. Description AIM allows users to send image files to one another. By sending a crafted GIF image, an attacker can cause the victim's...

6.7AI score
Exploits0References1
CERT
CERT
added 2002/03/29 12:0 a.m.13 views

Apache Web Server vulnerable to DoS via crafted HTTP request

Overview Some versions of the Apache Web server are vulnerable to denial-of-service attacks by crafted HTTP requests. Description A vulnerability exists in some versions the Apache Web HTTPD Server running on Windows 98SE, Windows 2000 SP1, and OS/2. The vulnerability appears to be a bounds...

7AI score
Exploits0References2
CERT
CERT
added 2001/09/26 12:0 a.m.13 views

IBM AIX nslookup buffer overflow in hostname to lookup

Overview There is a buffer overflow in nslookup that will allow local attackers to gain root privileges on vulnerable AIX systems. Description The nslookup command contains a buffer overflow in the hostname to lookup, allowing local attackers to gain root privileges. The vendor IBM has reported...

7.6AI score
Exploits0References2
CERT
CERT
added 2001/05/04 12:0 a.m.13 views

Hewlett Packard HP-UX text editors contain buffer overflow

Overview A buffer overflow in the text editor on certain Hewlett-Packard systems could compromise system availability. Description Various text editing programs on HP systems that rely upon the same facilities, including e, ex, vi, edit, view, and vedit, contain a buffer overflow that could...

7.5AI score
Exploits0
CERT
CERT
added 2001/05/01 12:0 a.m.13 views

Cisco IOS creates SNMP read-only community string

Overview There is a vulnerability that permits unauthorized access to several switch and router products manufactured by Cisco Systems. An attacker who gains access to an affected device can read its configuration, creating an information leak. Description Certain versions of the Cisco...

6.7AI score
Exploits0References2
CERT
CERT
added 2001/04/10 12:0 a.m.13 views

Alcatel ADSL modems contain a null default password

Overview The San Diego Supercomputer Center SDSC has recently discovered several vulnerabilities in the Alcatel Speed Touch line of Asymmetric Digital Subscriber Line ADSL modems. These vulnerabilities are the result of weak authentication and access control policies and result in one or more of...

8.1AI score
Exploits0References2
CERT
CERT
added 2001/01/05 12:0 a.m.13 views

Check Point FireWall-1 allows fragmented packets through firewall if Fast Mode is enabled

Overview If any rules include the "Fast Mode" option, Check Point Firewall-1 and VPN-1 will incorrectly allow unauthorized connection attempts to hosts that should be restricted. Description A feature called "Fast Mode" or "FASTPATH", included in Check Point FireWall-1 and VPN-1 is designed to...

6.9AI score
Exploits0References1
CERT
CERT
added 2000/12/14 12:0 a.m.13 views

Microsoft Internet Explorer vulnerable to file disclosure via code containing GetObject() function

Overview Internet Explorer may disclose files on your computer if you visit a malicious web site or read a mail message with Active Scripting enabled. Description By design, Microsoft Internet Explorer prevents programs on web sites from reading files on your computer without authorization...

5.9AI score
Exploits0References1
CERT
CERT
added 2026/06/03 12:0 a.m.12 views

Securly Chrome Extension contains multiple weak encryption and access control vulnerabilities

Overview Version 3.0.7 of the Securly Chrome Extension contains multiple vulnerabilities involving insecure data transmission, weak cryptography, and improper access control. These issues may expose sensitive filtering rules, enable the manipulation of downloaded configuration files, and allow...

7.5CVSS5.5AI score0.00432EPSS
Exploits0
CERT
CERT
added 2026/06/02 12:0 a.m.12 views

Collibra Agent contains improper authentication and path traversal vulnerabilities

Overview The Collibra Platform Agent contains vulnerabilities that can be chained by a remote, unauthenticated attacker to achieve remote code execution. An attacker can exploit these issues by uploading a crafted ZIP archive that writes attacker-controlled files to arbitrary locations on the...

8.2CVSS6.5AI score0.00442EPSS
Exploits0
CERT
CERT
added 2026/06/01 12:0 a.m.12 views

PCTCore64.sys Windows kernel driver contains missing access control vulnerability

Overview The PCTCore64.sys Windows kernel driver from PC Tools Internet Security exposes its \.\PCTCoreDriver device interface with no access control, allowing any user-mode process to interact with the driver and invoke privileged IOCTL I/O Control commands. In a Bring Your Own Vulnerable Driver...

7.8CVSS6AI score0.00161EPSS
Exploits0
CERT
CERT
added 2026/05/18 12:0 a.m.12 views

SGLang contains two remote code execution and one path traversal vulnerability

Overview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution RCE, and one regarding a path traversal vulnerability. In order for an attacker to exploit these vulnerabilities, the multimodal generation mode must be enabled, and an attacker must have...

9.8CVSS6.5AI score0.00585EPSS
Exploits0References2
CERT
CERT
added 2026/04/21 12:0 a.m.12 views

Terrarium contains a vulnerability that allows arbitrary code execution

Overview Terrarium is a sandbox-based code execution platform that enables users to run and execute code in a controlled environment, providing a secure way to test and validate code. However, a vulnerability has been discovered in Terrarium that allows arbitrary code execution with root privileg...

9.3CVSS6.8AI score0.00209EPSS
Exploits0References4
CERT
CERT
added 2026/03/24 12:0 a.m.12 views

IDrive for Windows contains local privilege escalation vulnerability

Overview The IDrive Cloud Backup Client for Windows, versions 7.0.0.63 and earlier, contains a privilege escalation vulnerability that allows any authenticated user to run arbitrary executables with NT AUTHORITY\SYSTEM permissions. Description IDrive is a cloud backup service that allows users to...

7.8CVSS6.3AI score0.00171EPSS
Exploits0References1
CERT
CERT
added 2026/03/16 12:0 a.m.12 views

LibreChat RAG API contains a log-injection vulnerability

Overview A log-injection vulnerability in the LibreChat RAG API, version 0.7.0, is caused by improper sanitization of user-supplied input written to system logs. An authenticated attacker can forge or manipulate log entries by inserting CRLF characters, compromising the integrity of audit records...

7.5CVSS5.8AI score0.00277EPSS
Exploits0
CERT
CERT
added 2026/01/20 12:0 a.m.12 views

Open5GS WebUI uses a hard-coded secrets including JSON Web Token signing key

Overview The Open5GS WebUI component contains default hardcoded secrets used for security-sensitive operations, including JSON Web Token JWT signing. If these defaults are not changed, an attacker can forge valid authentication tokens and gain administrative access to the WebUI. This can result i...

6.5CVSS5.7AI score0.00408EPSS
Exploits0References4
CERT
CERT
added 2026/01/16 12:0 a.m.12 views

Livewire Filemanager contains an insecure .php component that allows for unauthenticated RCE in Laravel Products

Overview A vulnerability, tracked as CVE-2025-14894, has been discovered within Livewire Filemanager, a tool designed for usage within Laravel applications. The Livewire Filemanager tool allows for users to upload various files, including PHP files, and host them within the Laravel application...

9.8CVSS8.2AI score0.00571EPSS
Exploits0References2
CERT
CERT
added 2021/12/22 12:0 a.m.12 views

Saviynt Enterprise Identity Cloud vulnerable to local user enumeration and authentication bypass

Overview Saviynt Enterprise Identity Cloud contains user enumeration and authentication bypass vulnerabilities in the local password reset feature. Together, these vulnerabilities could allow a remote, unauthenticated attacker to gain administrative privileges if an SSO solution is not configured...

7.9AI score
Exploits0
CERT
CERT
added 2009/01/28 12:0 a.m.12 views

Autonomy Ultraseek URL redirection vulnerability

Overview The Autonomy Ultraseek search engine contains a URL redirection vulnerability that may allow an attacker to redirect website users to other sites. Description The Autonomy Ultraseek search engine contains a URL redirection vulnerability in the /cs.html?url= paramater. The destination URL...

6.7AI score
Exploits0References4
CERT
CERT
added 2007/03/02 12:0 a.m.12 views

Cisco Catalyst Systems with a NAM may allow system access via spoofing the SNMP communication

Overview A vulnerabilty in Cisco Catalyst Systems that have a Network Analysis Module NAM installed may allow a remote, unauthenticated attacker to gain complete control of this device. Description Cisco Catalyst 6000, 6500, and Cisco 7600 series switches may utilize Cisco's NAM to monitor and...

7.2AI score
Exploits0References5
CERT
CERT
added 2007/02/22 12:0 a.m.12 views

Google Desktop vulnerable to cross-site scripting

Overview A cross-site scripting vulnerability exists in the Google Desktop Search application. This vulnerability may allow an attacker to take any action on a vulnerable system that the Google Desktop Search can. Description Google Desktop Search is a desktop search program that is integrated in...

6.3AI score
Exploits0References8
CERT
CERT
added 2006/11/14 12:0 a.m.12 views

Broadcom wireless driver fails to properly process 802.11 probe response frames

Overview A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The BCMWL5.SYS driver is a wireless 802.11 device driver...

7.9AI score
Exploits0References2
CERT
CERT
added 2006/04/19 12:0 a.m.12 views

Oracle Collaboration Suite Email Server contains a vulnerability that may compromise system confidentiality

Overview An unspecified vulnerability in the Oracle Collaboration Suite Email Server may allow a remote, unauthenticated attacker to compromise system confidentiality. Description Oracle Collaboration Suite Email Server contains an unspecified vulnerability. Oracle states this issue can allow an...

6.9AI score
Exploits0References2
CERT
CERT
added 2006/04/19 12:0 a.m.12 views

Oracle Reporting Framework vulnerability

Overview An unspecified vulnerability in the Oracle Reporting Framework may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Reporting Framework contains a vulnerability.The details of this vulnerability are not clear. However, Oracle...

7AI score
Exploits0References2
CERT
CERT
added 2005/11/17 12:0 a.m.12 views

IBM Tivoli Directory Server may allow unauthorized access

Overview IBM Tivoli Directory Server may allow unauthorized access to change, modify, and/or delete directory data under certain circumstances. Description The IBM Tivoli Directory Server product is described as:IBM Tivoli Directory Server provides a powerful Lightweight Directory Access Protocol...

6.5AI score
Exploits0References2
CERT
CERT
added 2005/10/21 12:0 a.m.12 views

Oracle Application Server Internet Directory vulnerability

Overview An unspecified vulnerability in the Oracle Internet Directory may allow a remote, unauthenticated attacker to compromise system confidentiality and integrity. Description Oracle Internet Directory provides directory services, such as LDAP support, for the Oracle Application Server. There...

6.7AI score
Exploits0References3
CERT
CERT
added 2005/09/07 12:0 a.m.12 views

Cisco IOS Firewall Authentication Proxy vulnerable to buffer overflow via specially crafted user authentication credentials

Overview A buffer overflow vulnerability in Cisco IOS Firewall Authentication Proxy may allow a remote unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS Firewall Authentication Proxy is a feature that allows network administrators to apply...

8.9AI score
Exploits0References6
CERT
CERT
added 2005/04/27 12:0 a.m.12 views

Oracle products contain multiple vulnerabilities

Overview Multiple vulnerabilities exist in numerous Oracle products. The impacts of these vulnerabilities are varied and may include remote execution of arbitrary code, the diclosure of sensitive information, and denial-of-service conditions. Description Multiple vulnerabilities exist in numerous...

7.3AI score
Exploits0References8
CERT
CERT
added 2005/02/25 12:0 a.m.12 views

Golden FTP server contains a buffer overflow

Overview Golden FTP server contains a buffer overflow that may allow a remote attacker to execute arbitrary code. Description Golden FTP server is a personal FTP server for the Microsoft Windows platform. The RNTO rename to command is used in conjunction with the RNFR rename from to rename a file...

8.4AI score
Exploits0References2
CERT
CERT
added 2005/01/26 12:0 a.m.12 views

Cisco IOS contains DoS vulnerability in MPLS packet processing

Overview A denial-of-service vulnerability exists in Cisco's Internetwork Operating System IOS. This vulnerability may allow attackers to conduct denial-of-service attacks on an affected device. Description Multi Protocol Label Switching MPLS is designed to increase the speed of IP...

6.8AI score
Exploits0References3
CERT
CERT
added 2004/11/04 12:0 a.m.12 views

Microsoft Internet Explorer does not properly interpret IFRAME elements when displaying URLs in the status bar

Overview Microsoft Internet Explorer does not properly display the location of HTML documents in the status bar. An attacker could exploit this behavior to mislead users into revealing sensitive information. Description Web browsers frequently display the Uniform Resource Locator URL in the statu...

5.8AI score
Exploits0
CERT
CERT
added 2004/10/20 12:0 a.m.12 views

Multiple Symantec security appliances do not allow the SNMP read-write community string to be changed

Overview A vulnerability exists in multiple Symantec security appliances that could allow a remote attacker to modify the configuration of the device using SNMP. Description The Simple Network Management Protocol SNMP enables network and system administrators to remotely monitor and configure...

7.1AI score
Exploits0References7
Total number of security vulnerabilities3702