Lucene search
K

3702 matches found

CERT
CERT
added 2008/04/21 12:0 a.m.25 views

Microsoft HeartbeatCtl ActiveX control buffer overflow

Overview The Microsoft HeartbeatCtl ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft HeartbeatCtl ActiveX control is used to play multiplayer games on the MSN Games website. T...

9.3CVSS7.2AI score0.30179EPSS
Exploits1References2
CERT
CERT
added 2008/04/21 12:0 a.m.45 views

ClamAV upack heap buffer overflow vulnerability

Overview The ClamAV anti-virus scanner contains a vulnerability that may allow an attacker to execute code or cause ClamAV to crash. Description The Portable Executable PE file format is a file format for executable files that is used in Microsoft Windows. PE files can be packed with executable...

7.6AI score
Exploits0References5
CERT
CERT
added 2008/04/18 12:0 a.m.36 views

Mozilla Firefox JavaScript engine fails to properly handle garbage collection

Overview Mozilla Firefox JavaScript engine fails to properly handle garbage collection. This vulnerability result in memory corruption, which in some cases may be exploitable to execute arbitrary code. Description Per Mozilla Foundation Security Advisory 2008-20:Fixes for security problems in the...

9.3CVSS9.8AI score0.02897EPSS
Exploits1References3
CERT
CERT
added 2008/04/18 12:0 a.m.38 views

Apple Safari fails to properly handle a file name

Overview A vulnerabilty in Apple Safari handles specially crafted file name may allow execution of arbitrary code or denial of service. Description According to Apple Safari 3.1.1:A memory corruption issue exists in Safari's file downloading. By enticing a user to download a file with a malicious...

6.8CVSS7.5AI score0.04015EPSS
Exploits1References1
CERT
CERT
added 2008/04/18 12:0 a.m.35 views

Apple Safari WebKit fails to properly handle a crafted URL

Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute script in the context of another site.. Description According to Apple Safari 3.1.1: An issue exists in WebKit's handling of URLs containing a colon character in the host name. Openi...

4.3CVSS5.7AI score0.02893EPSS
Exploits1References1
CERT
CERT
added 2008/04/14 12:0 a.m.70 views

Ruby WEBrick vulnerable to directory traversal

Overview Ruby WEBrick is vulnerable to a directory traversal on systems that support backslash \ path separators. This vulnerability may allow an attacker to access arbitrary files outside of the web server root directory. Description WEBrick is a Ruby library program to build HTTP servers...

5CVSS6.6AI score0.18163EPSS
Exploits1References4
CERT
CERT
added 2008/04/11 12:0 a.m.35 views

Microsoft GDI buffer overflow vulnerability

Overview The Microsoft GDI contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description The Graphics Device Interface GDI is component of the Microsoft Windows user interface. Windows Metafile WMF and Enhanced Metafile EMF are image file formats...

9.3CVSS7.6AI score0.57102EPSS
Exploits1References5
CERT
CERT
added 2008/04/08 12:0 a.m.29 views

Microsoft Office Project vulnerable to remote code execution via specially crafted Project file

Overview A vulnerability in the way Microsoft Office Project parses files may lead to execution of arbitrary code. Description Microsoft Office Project contains a vulnerability that could be exploited when Project attempts to parse specially crafted files. According to Microsoft Security Bulletin...

9.3CVSS7AI score0.31934EPSS
Exploits1References1
CERT
CERT
added 2008/04/04 12:0 a.m.20 views

C compilers may silently discard some wraparound checks

Overview Some C compilers optimize away pointer arithmetic overflow tests that depend on undefined behavior without providing a diagnostic a warning. Applications containing these tests may be vulnerable to buffer overflows if compiled with these compilers. Description In the C language, given th...

7.3AI score
Exploits0References2
CERT
CERT
added 2008/03/28 12:0 a.m.13 views

Nik Software Sharpener Pro vulnerable to privilege escalation

Overview The Nik Software Shapener Pro installs files with insecure permissions, which may allow a local attacker to elevate privileges. Description Nik Software Sharpener Pro is an Adobe Photoshop plug-in that provides image sharpening capabilities. The Nik Software Sharpener Pro installer sets...

6.7AI score
Exploits0References1
CERT
CERT
added 2008/03/27 12:0 a.m.52 views

Mozilla JavaScript privilege escalation

Overview Mozilla products contain multiple vulnerabilities that may allow a remote, unauthenticated attacker to execute arbitrary code. Description Mozilla Firefox, Thunderbird, and SeaMonkey do not properly handle JavaScript, which may allow privilege escalation and execution of arbitrary code o...

10AI score
Exploits0References1
CERT
CERT
added 2008/03/26 12:0 a.m.28 views

Cisco IOS denial-of-service vulnerability

Overview A vulnerability in the way Cisco IOS handles IPv6 packets could result in a remotely exploitable denial of service. Description The Cisco Internetwork Operating System IOS includes support for processing Internet Protocol version 6 IPv6 packets.Per Cisco Advisory...

7.1CVSS6.2AI score0.05584EPSS
Exploits2References3
CERT
CERT
added 2008/03/25 12:0 a.m.42 views

Adobe Flash Player may load arbitrary, malformed cross-domain policy files

Overview Adobe Flash Player may load arbitrary, malformed cross-domain policy files. This could allow an attacker to control cross-domain data loading, potentially allowing the attacker to gain access to sensitive information or to manipulate content in other domains. Description Adobe Flash Play...

9.3CVSS5.6AI score0.08467EPSS
Exploits1References6
CERT
CERT
added 2008/03/22 12:0 a.m.46 views

Microsoft Jet Engine stack buffer overflow

Overview The Microsoft Jet Engine contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Jet, or Joint Engine Technology, is a database engine that is used by several Microsoft products, includin...

7.2AI score
Exploits0References7
CERT
CERT
added 2008/03/21 12:0 a.m.23 views

AirSpan Base Station Distribution Unit default root password

Overview AirSpan Base Station Distribution Units may contain an undocumented telnet server that authenticates via a known password and is enabled by default. Description From the AirSpan MicroMax product page:The base station is highly modular in design and is composed of two main components: the...

7.3AI score
Exploits0References5
CERT
CERT
added 2008/03/20 12:0 a.m.28 views

libarchive does not properly terminate loop

Overview libarchive contains a vulnerability that may allow an attacker to cause a denial of service. Description The libarchive library provides an interface for reading and writing archive files.There is a vulnerability in libarchive that occurs when it parses the pax interchange format. If an...

4.3CVSS8.9AI score0.03919EPSS
Exploits0References4
CERT
CERT
added 2008/03/20 12:0 a.m.51 views

Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value

Overview Microsoft Windows fails to properly handle the NoDriveTypeAutoRun registry value, which may prevent Windows from effectively disabling AutoRun and AutoPlay features. Description AutoRun, which was introduced with Windows 95, is a feature that causes Windows to automatically take an actio...

9.3CVSS7AI score0.30112EPSS
Exploits0References11
CERT
CERT
added 2008/03/19 12:0 a.m.30 views

Apple Safari vulnerable to xss via the processing of JavaScript URLs

Overview A vulnerability in the way Apple Safari handles JavaScript URLs may allow execution of JavaScript in the context of another site. Description Apple Safari contains a vulnerability that may cause a cross-site script injection when processing JavaScript URLs. According to Apple Security...

4.3CVSS5.8AI score0.03016EPSS
Exploits1References1
CERT
CERT
added 2008/03/19 12:0 a.m.33 views

X.Org PCF font parser buffer overflow

Overview A vulnerability in the X.Org server could allow a remote attacker to execute arbitrary code on an affected system. Description The X.Org project provides an open source implementation of the X Window System. The server supports bitmapped fonts in various formats, including Portable...

7.5CVSS8.8AI score0.05108EPSS
Exploits0References1
CERT
CERT
added 2008/03/19 12:0 a.m.72 views

MIT Kerberos krb4-enabled KDC contains multiple vulnerabilities

Overview Vulnerabilities in the MIT Kerberos Key Distribution Center server could allow a remote attacker to compromise the key database, gain access to sensitive information, or cause a denial of service. Description Several vulnerabilities exist in the Authentication Service and Key Distributio...

9.6AI score
Exploits0References1
CERT
CERT
added 2008/03/18 12:0 a.m.17 views

Check Point VPN-1 information disclosure vulnerability

Overview The Check Point VPN-1 firewall contains an information disclosure vulnerability that may allow an authenticated attacker to access data that they are not authorized to access. Description The Check Point VPN-1 is an application layer firewall that supports remote and site-to-site virtual...

6.8AI score
Exploits0References2
CERT
CERT
added 2008/03/18 12:0 a.m.42 views

MIT Kerberos contains array overrun in RPC library used by kadmind

Overview Vulnerabilities in the MIT Kerberos libgssrpc library may allow an attacker to cause a denial of service or potentially execute arbitrary code. Description The MIT krb5 Kerberos implementation includes a GSS RPC library used in the Kerberos administration server kadmind. Two flaws exist ...

9.8AI score
Exploits0References1
CERT
CERT
added 2008/03/18 12:0 a.m.19 views

BusinessObjects RptViewerAX ActiveX control stack buffer overflow

Overview The BusinessObjects RptViewerAX ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description BusinessObjects 6.5 includes an ActiveX control called RptViewerAX, which is provided by...

9.3CVSS6.8AI score0.06459EPSS
Exploits2References2
CERT
CERT
added 2008/03/15 12:0 a.m.42 views

UltraVNC buffer overflow vulnerability

Overview UltraVNC viewer contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute arbitrary code. Description UltraVNC viewer is a remote desktop application that allows a user to control compatible VNC servers. The UltraVNC viewer includes a...

9.3CVSS7.2AI score0.38757EPSS
Exploits7References6
CERT
CERT
added 2008/03/12 12:0 a.m.29 views

Adobe Form Designer and Advanced Form Client ActiveX controls contain multiple buffer overflows

Overview Adobe Form Designer and Advanced Form Client contain multiple ActiveX buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Adobe Form Designer and Advanced Form Client software provide multiple ActiveX...

9.3CVSS7.3AI score0.07412EPSS
Exploits1References4
CERT
CERT
added 2008/03/12 12:0 a.m.40 views

Microsoft Office Web Components Spreadsheet ActiveX control URL parsing stack buffer overflow

Overview The Microsoft Office Web Components ActiveX controls contain a stack buffer overflow in the processing of URLs, which allows a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Office Web Components are ActiveX controls that provide...

9.3CVSS6.7AI score0.4014EPSS
Exploits6References3
CERT
CERT
added 2008/03/11 12:0 a.m.94 views

Microsoft Office mailto URI remote code execution

Overview A vulnerability in the way that Microsoft Outlook handles a certain type of hyperlink could allow a remote attacker to execute arbitrary code on the vulnerable system. Description Microsoft Outlook provides a centralized application for managing and organizing e-mail messages, schedules,...

9.3CVSS7AI score0.31934EPSS
Exploits1References2
CERT
CERT
added 2008/03/11 12:0 a.m.33 views

RealNetworks RealPlayer ActiveX controls property heap memory corruption

Overview Multiple RealPlayer ActiveX controls fail to properly handle properties, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer provides multiple ActiveX controls to allow integration with Internet Explorer...

9.3CVSS6.7AI score0.4595EPSS
Exploits6References5
CERT
CERT
added 2008/03/07 12:0 a.m.22 views

GNOME Evolution format string vulnerability

Overview The GNOME Evolution mail client contains a format string vulnerability that may allow an attacker to execute code. Description Evolution is the default mail client for the GNOME desktop environment. Evolution supports both GPG and S/MIME mail encryption.From Secunia Advisory SA29057: A...

6.8CVSS6.7AI score0.06018EPSS
Exploits0References5
CERT
CERT
added 2008/03/06 12:0 a.m.25 views

AirSpan WiMAX ProST web management interface authentication bypass vulnerability

Overview The AirSpan WiMAX ProST contains an authentication bypass vulnerability that could allow an unauthenticated, remote attacker to make arbitrary configuration changes. Description The AirSpan WiMAX ProST is customer premise equipment that provides WiMAX wireless networking. The web...

10CVSS6.7AI score0.08527EPSS
Exploits1References8
CERT
CERT
added 2008/03/06 12:0 a.m.32 views

Sun Java WebStart stack buffer overflow

Overview Sun Java WebStart contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Sun Java WebStart is a technology for launching stand-alone Java applications. On Microsoft Windows systems, Java WebStart ...

6.8CVSS8.8AI score0.07255EPSS
Exploits0References3
CERT
CERT
added 2008/03/06 12:0 a.m.39 views

IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) allows buffer overflow via HTTP request

Overview The IBM Tivoli Provisioning Manager for OS Deployment TPMfOSD contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service. Description IBM Tivoli Provisioning...

10CVSS7.6AI score0.08377EPSS
Exploits5References5
CERT
CERT
added 2008/03/06 12:0 a.m.33 views

Mozilla Thunderbird external-body MIME type buffer overflow

Overview Mozilla Thunderbird contains a heap-based buffer overflow which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Mozilla Thunderbird is an open source, cross-platform email and news client. Thunderbird uses Multipurpose Internet...

7.5CVSS7.1AI score0.06049EPSS
Exploits1References3
CERT
CERT
added 2008/02/29 12:0 a.m.26 views

Learn2 STRunner ActiveX control stack buffer overflows

Overview The Learn2 STRunner ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Learn2 Corporation STRunner ActiveX control, which is provided by iestm32.dll, can view...

6.8CVSS7.3AI score0.03061EPSS
Exploits0References2
CERT
CERT
added 2008/02/28 12:0 a.m.30 views

Canon digital multifunction copiers FTP bounce vulnerability

Overview Some models of Canon digital multifunction copiers are vulnerable to the FTP bounce attack. Description From the Problems With The FTP PORT Command document:The FTP Bounce Attack To conform with the FTP protocol, the PORT command has the originating machine specify an arbitrary destinati...

6.4CVSS6.4AI score0.02051EPSS
Exploits0References4
CERT
CERT
added 2008/02/22 12:0 a.m.25 views

OpenCA allows Cross site request forgery (XSRF)

Overview OpenCA contains a cross site request forgery XSRF vulnerability that may allow an attacker to leverage an administrator's creditials to exectue activities on the Certification Authority. Description The OpenCA PKI Development Project\t is an open source out-of-the-box Certification...

7.5CVSS6.2AI score0.00961EPSS
Exploits0References3
CERT
CERT
added 2008/02/20 12:0 a.m.49 views

Samba "send_mailslot()" function buffer overflow

Overview The Samba "sendmailslot" function contains a stack-based buffer overflow vulnerability which could be exploited by a remote, unauthenticated attacker to execute arbitrary code. Description Samba is a widely used open-source implementation of Server Message Block SMB/Common Internet File...

9.3CVSS8AI score0.27482EPSS
Exploits1References3
CERT
CERT
added 2008/02/14 12:0 a.m.43 views

Apache mod_jk2 host header buffer overflow

Overview A vulnerability exists in the legacy version of the modjk2 Apache module. If successfully exploited, the vulnerability may allow an attacker to run arbitrary code on affected system. Description The host header field allows HTTP 1.1 RFC 2616 compliant servers to host multiple domains usi...

7.5CVSS7.8AI score0.40847EPSS
Exploits0References4
CERT
CERT
added 2008/02/13 12:0 a.m.26 views

SkypeFind fails to properly sanitize user-supplied input

Overview The Skype client does not properly filter user-supplied input that was received from the SkypeFind service. This vulnerability may allow an attacker to execute arbitrary code. Description Skype is a peer-to-peer application that provides Voice over IP VoIP and Instant Messaging services...

6.9AI score
Exploits0References4
CERT
CERT
added 2008/02/13 12:0 a.m.25 views

Microsoft Internet Explorer property memory corruption vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles malformed property objects may may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret Web pages that...

9.3CVSS8.5AI score0.37186EPSS
Exploits1References3
CERT
CERT
added 2008/02/12 12:0 a.m.63 views

Adobe Reader EScript.api arbitrary code execution

Overview The Adobe Acrobat Reader contains a vulnerability that may allow an attacker to execute arbitrary code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files insi...

9.3CVSS9.5AI score0.13273EPSS
Exploits1References6
CERT
CERT
added 2008/02/12 12:0 a.m.29 views

Apple Mac OS X fails to properly handle a crafted URL

Overview A vulnerability in the way Apple Mac OS X handles specially crafted URLs may allow an attacker to execute arbitrary code. Description According to Apple Security Update 2008-001:An input validation issue exists in the processing of URL schemes handled by Terminal.app. By enticing a user ...

6.8CVSS7.2AI score0.04441EPSS
Exploits1References2
CERT
CERT
added 2008/02/12 12:0 a.m.36 views

Microsoft Word code execution vulnerability

Overview Microsoft Word contains a vulnerability that may allow an attacker to execute arbitrary code. Description Per Microsoft Security Bulletin MS08-009:A remote code execution vulnerability exists in the way that Word handles specially crafted Word files. The vulnerability could allow remote...

9.3CVSS7.2AI score0.30869EPSS
Exploits1References1
CERT
CERT
added 2008/02/11 12:0 a.m.42 views

Mozilla products may allow directory traversal

Overview A vulnerability exists in the way Mozilla products with certain extensions handle chrome: URIs that may allow directory traversal. Description Mozilla extensions are small add-ons that can be integrated with Mozilla products to provide added functionality. Mozilla products contain a...

4.3CVSS9AI score0.08633EPSS
Exploits0References4
CERT
CERT
added 2008/02/11 12:0 a.m.48 views

Mozilla browsers fail to properly handle images

Overview A vulnerability exists in Mozilla products that may allow a remote attacker to view browser history or cause a denial of service. Description Mozilla products contain a vulnerability in the browser engine that may result in information disclosure or a denial of service when handling...

9.3CVSS9.6AI score0.03796EPSS
Exploits1References2
CERT
CERT
added 2008/02/11 12:0 a.m.47 views

Adobe Reader and Acrobat JavaScript methods buffer overflow vulnerabilities

Overview Adobe Reader and Acrobat contains multiple buffer overflow vulnerabilities. Successful exploitation of this vulnerability may allow an attacker to execute code. Description Adobe Acrobat Reader is software designed to view Portable Document Format PDF files. Adobe also distributes the...

9.3CVSS9.1AI score0.94222EPSS
Exploits9References8
CERT
CERT
added 2008/02/06 12:0 a.m.42 views

KAME project IPv6 IPComp header denial of service vulnerability

Overview The KAME project's IPv6 implementation does not properly process IPv6 packets that contain the IPComp header. If exploited, this vulnerability may allow an attacker to cause a vulnerable system to crash. Description Per RFC 3173:IP payload compression is a protocol to reduce the size of ...

7.8CVSS5.8AI score0.15542EPSS
Exploits6References8
CERT
CERT
added 2008/02/05 12:0 a.m.35 views

Yahoo! Music Jukebox YMP Datagrid ActiveX control stack buffer overflows

Overview The Yahoo! Music Jukebox YMP Datagrid ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes...

6.8AI score
Exploits0References3
CERT
CERT
added 2008/02/05 12:0 a.m.31 views

Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control stack buffer overflow

Overview The Yahoo! Music Jukebox Yahoo! MediaGrid ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Music Jukebox is a music player for Microsoft Windows, which includes multip...

4.3CVSS7.1AI score0.08104EPSS
Exploits5References3
CERT
CERT
added 2008/02/04 12:0 a.m.26 views

Aurigma ImageUploader ActiveX control stack buffer overflows

Overview The Aurigma ImageUploader ActiveX control contains multiple stack buffer overflow vulnerabilities, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Aurigma ImageUploader is an ActiveX control that provides the ability to upload pictures usin...

7.1AI score
Exploits0References10
Total number of security vulnerabilities3702