Lucene search
K

3704 matches found

CERT
CERT
added 2007/11/09 12:0 a.m.29 views

Guidance EnCase Enterprise uses weak authentication to identify target machines

Overview Guidance Software's EnCase Enterprise uses IP authentication to identify target machines. An attacker may be able to provide the EnCase SAFE server with a disk image from a different machine than an investigator requested. Description Guidance Software's EnCase Enterprise allows...

4.3CVSS5.9AI score0.01207EPSS
Exploits0References6
CERT
CERT
added 2007/11/09 12:0 a.m.30 views

Guidance EnCase fails to detect more than 25 partitions

Overview Guidance Software's EnCase Forensic can only detect the first 25 partitions on a volume. Description Guidance Software's EnCase Forensic is a tool that allows an investigator to acquire and analyze a disk image. EnCase names partitions either c: through z:, with an additional partition...

5CVSS5.9AI score0.01725EPSS
Exploits0References5
CERT
CERT
added 2007/11/08 12:0 a.m.31 views

Mozilla-based browsers jar: URI cross-site scripting vulnerability

Overview Mozilla-based web browsers including Firefox contain a vulnerability that may allow an attacker to execute code, or conduct cross-site scripting attacks. Description The jar: protocol is designed to extract content from ZIP compressed files. Mozilla-based browsers include support for jar...

4.3CVSS5.7AI score0.02712EPSS
Exploits0References7
CERT
CERT
added 2007/11/08 12:0 a.m.26 views

Apple QuickTime for Java may allow Java applets to gain elevated privileges

Overview Apple QuickTime for Java contains a vulnerability that may allow a malicious Java applet to gain elevated privileges. Description Apple QuickTime is a media player that includes a browser plugin. QuickTime for Java provides APIs which allow Java developers to include multimedia in Java...

9.3CVSS7AI score0.25662EPSS
Exploits0References3
CERT
CERT
added 2007/11/02 12:0 a.m.27 views

SonicWall NetExtender NELaunchCtrl ActiveX control stack buffer overflow

Overview The SonicWall NetExtender NELaunchCtrl ActiveX control contains a stack buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description SonicWall NetExtender is an SSL VPN client that is implemented by using an ActiveX...

9.3CVSS7.1AI score0.37981EPSS
Exploits4References3
CERT
CERT
added 2007/11/01 12:0 a.m.35 views

CUPS buffer overflow vulnerability

Overview The Common Unix Printing System contains a buffer overflow vulnerability. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Common Unix Printing System CUPS is a printing service used by many Linux and Unix operating systems. CUPS uses a print...

10CVSS9.3AI score0.07377EPSS
Exploits1References9
CERT
CERT
added 2007/10/30 12:0 a.m.27 views

Microsoft Kodak Image Viewer code execution vulnerability

Overview The Kodak Image Viewer which is included in Windows 2000 contains a code execution vulnerability. Description The Kodak Image Viewer is included in Windows 2000. It may also be present on other versions of Windows that were upgraded from Windows 2000.Per Microsoft Security Bulletin...

9.3CVSS7.3AI score0.41415EPSS
Exploits7References3
CERT
CERT
added 2007/10/26 12:0 a.m.51 views

RSA Keon cross-site scripting vulnerabilities

Overview The RSA KEON Registration Authority web interface contains multiple cross-site scripting XSS vulnerabilities. Description The RSA Keon Certificate Authority CA software is a digital certificate management system. The RSA KEON Registration Authority allows the CA to handle large numbers o...

4.3CVSS5.5AI score0.01884EPSS
Exploits0References5
CERT
CERT
added 2007/10/20 12:0 a.m.31 views

RealPlayer playlist name stack buffer overflow

Overview RealPlayer contains a stack buffer overflow in the handling of playlist names, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks RealPlayer is a multimedia application that allows users to view local and remote...

9.3CVSS7.1AI score0.42365EPSS
Exploits9References6
CERT
CERT
added 2007/10/19 12:0 a.m.36 views

Mozilla products vulnerable to memory corruption in the JavaScript engine

Overview A number of vulnerabilities in the Mozilla JavaScript engine may allow the execution of arbitrary code or denial of service. Description The Mozilla JavaScript engine contains several vulnerabilities that may result in memory corruption. The impact of this memory corruption in specific...

4.3CVSS7.4AI score0.0343EPSS
Exploits1References5
CERT
CERT
added 2007/10/19 12:0 a.m.29 views

Mozilla products vulnerable to memory corruption in the browser engine

Overview A number of vulnerabilities in the Mozilla browser engine may allow the execution of arbitrary code or denial of service. Description The Mozilla browser engine contains several vulnerabilities that may result in memory corruption. The impact of this memory corruption in specific cases i...

4.3CVSS7.5AI score0.0343EPSS
Exploits1References2
CERT
CERT
added 2007/10/19 12:0 a.m.39 views

Mozilla XUL web applications may hide the titlebar

Overview Mozilla's XUL contains a vulnerability that may allow a web application to cover an active window's titlebar. Description XUL is Mozilla's XML-based user interface language. XUL can be used to create Mozilla applications, extensions, and web applications.From Mozilla Foundation Security...

4.3CVSS5.7AI score0.03017EPSS
Exploits1References3
CERT
CERT
added 2007/10/13 12:0 a.m.34 views

Cisco IOS LPD buffer overflow vulnerability

Overview The Cisco IOS Line Printer Daemon contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition . Description The Cisco IOS includes support for the UNIX Line Printer Daemon...

9.3CVSS7.7AI score0.14682EPSS
Exploits1References5
CERT
CERT
added 2007/10/08 12:0 a.m.24 views

Electronic Arts SnoopyCtrl ActiveX control and plug-in stack buffer overflows

Overview The Electronic Arts SnoopyCtrl ActiveX control and plug-in contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Electronic Arts EA.com provides an ActiveX control and Netscape-style...

6.8CVSS7.3AI score0.3089EPSS
Exploits3References4
CERT
CERT
added 2007/10/05 12:0 a.m.39 views

Sun Java JRE vulnerable to unauthorized network access

Overview The Sun Java Runtime Environment JRE contains a vulnerability that may allow unintended access to network resources. Description The Sun Java Runtime Environment JRE allows users to run Java applications in a browser or as standalone programs. Sun has made the JRE available for multiple...

4CVSS6.1AI score0.03418EPSS
Exploits0References4
CERT
CERT
added 2007/10/01 12:0 a.m.17 views

Google Gmail cross-site request forgery vulnerability

Overview According to public reports, Google Gmail contained a cross-site request forgery XSRF vulnerability that allowed attackers to create email filters that could forward mail and attachments to arbitrary email addresses. Description Google Gmail is a web-based mail service. Gmail provides...

6.3AI score
Exploits0References5
CERT
CERT
added 2007/09/20 12:0 a.m.25 views

Microsoft MFC FindFile function heap buffer overflow

Overview A buffer overflow vulnerability in the Microsoft Foundation Class MFC Library could allow an attacker to execute arbitrary code on an affected system. Description The Microsoft Foundation Class MFC Library is a Microsoft library that wraps parts of the Windows API in C++ classes. The MFC...

10CVSS7.5AI score0.19667EPSS
Exploits1References2
CERT
CERT
added 2007/09/14 12:0 a.m.24 views

PhotoChannel Networks Photo Upload Plugin ActiveX control stack buffer overflows

Overview The PhotoChannel Networks Photo Upload Plugin ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description PNI Digital Media, which is a division of PhotoChannel Networks, provides pho...

9.3CVSS7.3AI score0.06715EPSS
Exploits1References2
CERT
CERT
added 2007/09/13 12:0 a.m.34 views

Apple QuickTime remote command execution vulnerability

Overview Apple QuickTime contains a vulnerability that may allow an attacker to pass arbitrary commands to other applications. Description Apple QuickTime is a media player that is available for Microsoft Windows and Apple OS X. Apple QuickTime includes browser plugins for Internet Explorer,...

9.3CVSS6.8AI score0.02407EPSS
Exploits0References11
CERT
CERT
added 2007/09/12 12:0 a.m.45 views

Callisto PhotoParade Player PhPInfo ActiveX control buffer overflow

Overview The Callisto PhotoParade Player PhPInfo ActiveX control contains a buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Callisto PhotoParade Player includes an ActiveX control called PhPinfo. The ActiveX control...

9.3CVSS7AI score0.06506EPSS
Exploits0References2
CERT
CERT
added 2007/09/12 12:0 a.m.32 views

Microsoft Windows Services for UNIX privilege escalation vulnerability

Overview Microsoft Windows Services for UNIX contains a vulnerability that may allow a local, authenticated attacker to gain elevated privileges. Description Windows Services for UNIX fails to properly handle setuid binary files. An attacker may be able to trigger this vulnerability by running a...

6.9CVSS5.9AI score0.02398EPSS
Exploits1References2
CERT
CERT
added 2007/09/11 12:0 a.m.33 views

Microsoft Agent fails to properly handle specially crafted URLs

Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...

9.3CVSS6.4AI score0.57217EPSS
Exploits6References4
CERT
CERT
added 2007/09/07 12:0 a.m.17 views

Web sites may transmit authentication tokens unencrypted

Overview Web services that rely on cookies for authentication may be vulnerable to an authentication bypass vulnerability. Some web sites transmit authentication material often cookies without encrypting the entire session, even when the authentication material is initially set over an encrypted...

7.1AI score
Exploits0References14
CERT
CERT
added 2007/09/06 12:0 a.m.29 views

VUPlayer malformed playlist buffer overflow

Overview VUPlayer fails to properly handle malformed playlists. This vulnerability may allow a remote attacker to execute arbitrary code. Description VUPlayer is a freeware audio player for the Microsoft Windows platform. It can play various types of media files, such as MP3s. A Playlist .PLS or...

7.5CVSS7.4AI score0.67345EPSS
Exploits6References4
CERT
CERT
added 2007/09/06 12:0 a.m.42 views

Earth Resource Mapping NCSView ActiveX control stack buffer overflows

Overview The Earth Resource Mapping NCSView ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Earth Resource Mapping NCSView ActiveX control, which is provided by...

9.3CVSS7.3AI score0.06628EPSS
Exploits0References4
CERT
CERT
added 2007/09/05 12:0 a.m.27 views

Broderbund Expressit 3DGreetings Player ActiveX control buffer overflows

Overview The Broderbund Expressit 3DGreetings Player ActiveX control contains multiple buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The 3DGreetings Player is an ActiveX control that displays 3D greeting cards...

9.3CVSS7AI score0.06628EPSS
Exploits0References2
CERT
CERT
added 2007/09/05 12:0 a.m.20 views

Cisco Adaptive Security Appliance insecurely logs passwords

Overview The Cisco Adaptive Security Appliance ASA firewall may log user credentials, including passwords, as plain text when AAA authentication is enabled. Description The Cisco Adapative Security Appliance ASA is a firewall with Intrusion Protection System IPS, Stateful Packet Inspection SPI, a...

7.8AI score
Exploits0References3
CERT
CERT
added 2007/09/05 12:0 a.m.36 views

Intuit QuickBooks Online Edition ActiveX control stack buffer overflows

Overview The Intuit QuickBooks Online Edition ActiveX control contains multiple stack buffer overflows, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that functions withi...

9.3CVSS7.1AI score0.05971EPSS
Exploits1References4
CERT
CERT
added 2007/09/05 12:0 a.m.31 views

Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to methods

Overview The Intuit QuickBooks Online Edition ActiveX control fails to properly restrict access to dangerous methods, which could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Intuit QuickBooks Online Edition is a version of QuickBooks that is implemented a...

9.3CVSS6.7AI score0.05155EPSS
Exploits1References4
CERT
CERT
added 2007/09/04 12:0 a.m.23 views

Move Networks Quantum Streaming Player ActiveX stack buffer overflows

Overview The Move Networks Quantum Streaming Player ActiveX controls contain multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Move Networks Quantum Streaming Player is an ActiveX video player for use ...

6.8CVSS7.4AI score0.10072EPSS
Exploits9References1
CERT
CERT
added 2007/09/04 12:0 a.m.31 views

MIT Kerberos 5 kadmind privilege escalation vulnerability

Overview MIT Kerberos kadmind contains a privilege escalation vulnerability that may allow an authenticated attacker to execute code with root privileges. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It ...

8.5CVSS9.9AI score0.06139EPSS
Exploits1References2
CERT
CERT
added 2007/09/04 12:0 a.m.36 views

MIT Kerberos 5 kadmind buffer overflow vulnerability

Overview An unspecified vulnerability in MIT Kerberos kadmind server may allow an attacker to execute arbitrary code. Description Kerberos is a network authentication system that uses a trusted third party to authenticate clients and servers to each other. It is designed to provide strong...

10CVSS9.7AI score0.10997EPSS
Exploits4References3
CERT
CERT
added 2007/08/29 12:0 a.m.46 views

Quiksoft EasyMail SMTP ActiveX control stack buffer overflow vulnerabilities

Overview The Quiksoft EasyMail SMTP ActiveX control contains multiple stack buffer overflow vulnerabilities, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Quiksoft EasyMail Objects is a set of ActiveX controls that provides emai...

8.2AI score
Exploits0References2
CERT
CERT
added 2007/08/28 12:0 a.m.40 views

Oracle JInitiator ActiveX control stack buffer overflows

Overview The Oracle JInitiator ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Oracle JInitiator allows users to run Oracle Developer Server applications within a web...

9.3CVSS6.9AI score0.21066EPSS
Exploits1References7
CERT
CERT
added 2007/08/28 12:0 a.m.47 views

BIND version 8 generates cryptographically weak DNS query identifiers

Overview ISC BIND version 8 generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. Version 8 of the BIND...

4.3CVSS6.6AI score0.07585EPSS
Exploits0References3
CERT
CERT
added 2007/08/28 12:0 a.m.25 views

MSN Messenger and Windows Live Messenger webcam stream heap overflow

Overview MSN Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description MSN Messenger is an instant messaging application. Starting with version 8, MSN Messenger was renamed to Windows Live Messenger. Windows Live Messenger and some...

9.3CVSS7AI score0.55451EPSS
Exploits2References2
CERT
CERT
added 2007/08/23 12:0 a.m.28 views

Trend Micro ServerProtect Integer Overflow Vulnerability

Overview Trend Micro ServerProtect contains an integer overflow vulnerability that may allow a remote attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application designed to run on Microsoft Windows servers. The application provides administrators with...

10CVSS7.5AI score0.10469EPSS
Exploits0References3
CERT
CERT
added 2007/08/23 12:0 a.m.22 views

Trend Micro ServerProtect Agent service RPC stack-buffer overflow

Overview Trend Micro ServerProtect Agent service fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Trend Micro ServerProtect Agent service handles RPC Remote Procedure Calls RPC using port 3628/tcp. Th...

10CVSS7.8AI score0.13021EPSS
Exploits12References4
CERT
CERT
added 2007/08/23 12:0 a.m.23 views

Trend Micro ServerProtect RPC buffer overflows

Overview The Trend Micro ServerProtect fails to properly handle RPC requests. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Trend Micro ServerProtect is an anti-virus application that is designed to run on Microsoft Windows servers. Trend...

10CVSS7.4AI score0.13021EPSS
Exploits12References6
CERT
CERT
added 2007/08/17 12:0 a.m.29 views

Yahoo! Installer Plugin for Widgets ActiveX control stack buffer overflow

Overview The Yahoo! Installer Plugin for Widgets ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Widgets is a program for Windows that allows the user to run applications call...

9.3CVSS6.9AI score0.1296EPSS
Exploits6References4
CERT
CERT
added 2007/08/17 12:0 a.m.21 views

Yahoo! Messenger webcam stream heap overflow

Overview Yahoo! Messenger fails to properly handle webcam streams, which may allow a remote attacker to execute arbitrary code. Description Yahoo! Messenger is an instant messaging application that is available for Windows, Mac, Unix, web, and mobile systems. Some version of Yahoo! Messenger, suc...

9.3CVSS7.6AI score0.09314EPSS
Exploits0References6
CERT
CERT
added 2007/08/15 12:0 a.m.30 views

GIMP integer overflow vulnerability

Overview GIMP contains a vulnerability that may allow a remote attacker to execute code, or create a denial-of-service condition. Description The Photoshop Document PSD format is the native file format used by Adobe Photoshop. The GNU Image Manipulation Program GIMP can open and manipulate .psd...

6.8CVSS7AI score0.07169EPSS
Exploits0References3
CERT
CERT
added 2007/08/15 12:0 a.m.28 views

Microsoft Windows Vista Weather Gadget vulnerability

Overview The Windows Vista Weather gadget contains a vulnerability that may allow and attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to t...

6.8CVSS6.5AI score0.25192EPSS
Exploits1References4
CERT
CERT
added 2007/08/15 12:0 a.m.35 views

Microsoft Windows Vista Contacts Gadget vulnerability

Overview The Windows Vista Contacts gadget contains a vulnerability that may allow an attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets similar to t...

6.8CVSS6.8AI score0.25165EPSS
Exploits1References3
CERT
CERT
added 2007/08/15 12:0 a.m.32 views

Microsoft Windows Vista Feed Headlines Gadget vulnerability

Overview The Windows Vista Feed Headlines gadget contains a vulnerability that may allow and attacker to execute code. Description From Microsoft Security Bulletin MS07-048:Gadgets are mini-applications designed to provide the user with information or utilities. Windows Vista treats gadgets simil...

4.3CVSS6.5AI score0.28367EPSS
Exploits1References4
CERT
CERT
added 2007/08/14 12:0 a.m.42 views

Microsoft XML Core Services XMLDOM substringData() buffer overflow

Overview Microsoft XML Core Services contains an unspecified memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...

9.3CVSS6.9AI score0.48722EPSS
Exploits1References6
CERT
CERT
added 2007/08/14 12:0 a.m.38 views

Microsoft GDI Windows Metafile AttemptWrite integer overflow

Overview Microsoft Windows GDI contains an integer overflow in the handling of Windows metafiles, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Windows GDI Graphics Device Interface enables applications to use graphics a...

9.3CVSS7.2AI score0.54749EPSS
Exploits1References4
CERT
CERT
added 2007/08/14 12:0 a.m.32 views

Motive Communications ActiveUtils EmailData ActiveX control stack buffer overflows

Overview The Motive Communications ActiveUtils EmailData ActiveX control contains multiple stack buffer overflows, which could allow an attacker to execute arbitrary code on a vulnerable system. Description Motive Communications ActiveUtils is a software package used by multiple ISPs to provide...

6.8CVSS7.2AI score0.05576EPSS
Exploits0References3
CERT
CERT
added 2007/08/14 12:0 a.m.89 views

Apache Tomcat fails to properly handle cookies containing single quotes

Overview Apache Tomcat fails to properly handle cookies that contain a single quote, which may allow session hijacking. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat incorrectly treats a single quote as a cookie delimiter...

4.3CVSS7.2AI score0.37497EPSS
Exploits1References3
CERT
CERT
added 2007/08/14 12:0 a.m.27 views

IBM and Lenovo Access Support acpRunner ActiveX control fails to restrict access to methods

Overview The IBM Lenovo Access Support acpRunner ActiveX control fails to restrict access to its methods, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes severa...

5.8CVSS6.7AI score0.0258EPSS
Exploits1References4
Total number of security vulnerabilities3704