Lucene search
K

3704 matches found

CERT
CERT
added 2007/08/14 12:0 a.m.27 views

IBM and Lenovo Access Support acpRunner ActiveX control format string vulnerability

Overview The IBM Lenovo Access Support acpRunner ActiveX control contains a format string vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

5.8CVSS6.7AI score0.0457EPSS
Exploits1References4
CERT
CERT
added 2007/08/14 12:0 a.m.34 views

IBM and Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures

Overview The IBM Lenovo Access Support acpRunner ActiveX control fails to validate digital signatures, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Access Support software package for IBM and Lenovo systems includes several...

5.8CVSS6.8AI score0.0264EPSS
Exploits1References4
CERT
CERT
added 2007/08/14 12:0 a.m.29 views

Microsoft Windows VML compressed content integer underflow

Overview Microsoft Windows VML fails to properly handle compressed content, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft IE version 5.0 and higher supports the Vector Markup Language VML, which is a set of XML tags for...

9.3CVSS6AI score0.41547EPSS
Exploits1References4
CERT
CERT
added 2007/08/13 12:0 a.m.29 views

InterActual Player IAKey ActiveX control stack buffer overflow

Overview The InterActual Player IAKey ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...

9.3CVSS7.2AI score0.0818EPSS
Exploits0References4
CERT
CERT
added 2007/08/13 12:0 a.m.37 views

InterActual Player IAMCE ActiveX control stack buffer overflow

Overview The InterActual Player IAMCE ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems. InterActual Player wa...

9.3CVSS7.3AI score0.0818EPSS
Exploits0References2
CERT
CERT
added 2007/08/12 12:0 a.m.27 views

Microsoft DirectX Media 6.0 Live Picture Corporation DirectTransform FlashPix ActiveX control buffer overflow

Overview The Live Picture Corporation DirectTransform FlashPix ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft DirectX Media 6.0 SDK includes an ActiveX control that is...

7.9AI score
Exploits0References3
CERT
CERT
added 2007/08/09 12:0 a.m.14 views

Cisco IOS fails to properly handle Next Hop Resolution Protocol packets

Overview Cisco IOS fails to properly handle Next Hop Resolution Protocol packets, which could allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description Cisco IOS is an operating system that is used on Cisco network devices. Cisco IOS supports a...

8AI score
Exploits0References3
CERT
CERT
added 2007/08/01 12:0 a.m.31 views

Atheros wireless network drivers may fail to properly handle malformed frames

Overview Atheros wireless drivers fail to properly handle malformed wireless frames. This vulnerability may allow a remote, unauthenticated attacker to create a denial-of-service condition. Description Some versions of the Microsoft Windows drivers for Atheros 802.11 a/b/g wireless adapters fail ...

5CVSS6.4AI score0.2579EPSS
Exploits1References4
CERT
CERT
added 2007/08/01 12:0 a.m.42 views

RSA key reconstruction vulnerability

Overview Various implementations of RSA may contain a vulnerability that could allow an attacker to retrieve encryption keys. Description Some implementations of RSA may contain a vulnerability that could allow a local attacker to retrieve encryption keys. OpenSSL is a widely used open source...

1.2CVSS7AI score0.00409EPSS
Exploits1References4
CERT
CERT
added 2007/07/27 12:0 a.m.40 views

ISC BIND generates cryptographically weak DNS query IDs

Overview ISC Internet Systems Consortiuim BIND generates cryptographically weak DNS query IDs which could allow a remote attacker to poison DNS caches. Description From the ISC Bind security page:The DNS query id generation is vulnerable to cryptographic analysis which provides a 1 in 8 chance of...

4.3CVSS7.2AI score0.1309EPSS
Exploits0References6
CERT
CERT
added 2007/07/27 12:0 a.m.36 views

Microsoft Windows URI protocol handling vulnerability

Overview Microsoft Windows fails to properly handle protocols specified in a URI, which could allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a...

9.3CVSS6.8AI score0.53831EPSS
Exploits7References12
CERT
CERT
added 2007/07/27 12:0 a.m.26 views

ISC BIND does not correctly set default access controls

Overview ISC Internet Systems Consortiuim BIND fails to properly set default access control lists. This may allow unauthorized users to make recursive querries and querry the cache. Description From the ISC BIND security page:The default access control lists acls are not being correctly set. If n...

5.8CVSS7.9AI score0.06199EPSS
Exploits0References2
CERT
CERT
added 2007/07/26 12:0 a.m.32 views

Mozilla Firefox URI filtering vulnerability

Overview Mozilla Firefox does not filter input when sending certain URIs to registered protocol handlers. This may allow a remote, authenticated attacker to use Firefox as a vector for executing commands on a vulnerable system. Description A Uniform Resource Identifier URI is a string of characte...

9.3CVSS6.7AI score0.05699EPSS
Exploits0References10
CERT
CERT
added 2007/07/23 12:0 a.m.27 views

VLC Media Player format string vulnerability

Overview VLC contains a format string vulnerability that may allow an attacker to execute code. Description VideoLAN VLC is a streaming media player that runs on multiple platforms. From VideoLAN Security Advisory 0702: VLC media player Ogg/Vorbis, Ogg/Theora, CDDA CD Digital Audio and SAP Servic...

9.3CVSS6.8AI score0.17079EPSS
Exploits0References6
CERT
CERT
added 2007/07/22 12:0 a.m.44 views

Apache Tomcat SendMailServlet example vulnerable to cross-site scripting via FROM field

Overview The example SendMailServlet page that comes with Apache Tomcat is vulnerable to cross-site scripting via the "From" field. Description Apache Tomcat is an implementation of the Java Servlet and JavaServer Page JSP technologies. Apache Tomcat includes a sample page called SendMailServlet,...

4.3CVSS6.1AI score0.09479EPSS
Exploits0References2
CERT
CERT
added 2007/07/19 12:0 a.m.15 views

Oracle Collaboration Suite denial of service vulnerability

Overview The Oracle collaboration suite contains a vulnerability that may allow an attacker to create a denial-of-service condition. Description The Oracle collaboration suite contains a vulnerability. From Oracle Critical Patch Update - July 2007:There is 1 new Oracle Collaboration Suite specifi...

6.7AI score
Exploits0References1
CERT
CERT
added 2007/07/16 12:0 a.m.21 views

Trillian Instant Messenger client fails to properly handle malformed URIs

Overview The Trillian Instant Messaging client contains a buffer overflow vulnerability that may allow an attacker to execute code. Description A Uniform Resource Identifier URI is a string of characters that can be used to identify a location, resource, or protocol. The Trillian Instant Messenge...

9.3CVSS7.7AI score0.11807EPSS
Exploits0References6
CERT
CERT
added 2007/07/12 12:0 a.m.29 views

Adobe Flash Player fails to properly validate HTTP Referers

Overview The Adobe Flash Player fails to properly validate HTTP Referers. This may allow an attacker to conduct cross-site request forgery attacks. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser...

4.3CVSS6.1AI score0.06727EPSS
Exploits0References3
CERT
CERT
added 2007/07/12 12:0 a.m.34 views

Flash Player information disclosure vulnerability

Overview The Adobe Flash player contains an information disclosure vulnerability that affects the Konqueror and Opera web browsers. Description Konqueror is the default web browser for the KDE desktop. Opera is a web browser that is available for Windows, Linux and BSD systems.The Adobe Flash...

6.8CVSS5.6AI score0.04958EPSS
Exploits0References8
CERT
CERT
added 2007/07/12 12:0 a.m.30 views

Apple QuickTime fails to properly handle malformed movie files

Overview Apple QuickTime fails to properly handle malformed movie files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description Apple QuickTime is multimedia software that allows users to view local and remote...

9.3CVSS7.4AI score0.0606EPSS
Exploits1References1
CERT
CERT
added 2007/07/11 12:0 a.m.27 views

Symantec Backup Exec contains heap overflow in RPC interface

Overview Symantec Backup Exec for Windows Servers contains a vulnerability that may allow a remote attacker to cause a denial of service or potentially execute arbitrary code on an affected system. Description Symantec Backup Exec for Windows Servers is a client/server based backup software...

7.5CVSS8.1AI score0.06943EPSS
Exploits0References1
CERT
CERT
added 2007/07/11 12:0 a.m.39 views

Mozilla Firefox URL protocol handling vulnerability

Overview Mozilla Firefox protocol handlers may allow remotely supplied JavaScript to execute with elevated privileges. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description On Microsoft Windows systems, Mozilla Firefox installs protocol...

4.3CVSS8.4AI score0.29355EPSS
Exploits3References12
CERT
CERT
added 2007/07/11 12:0 a.m.47 views

Microsoft Windows Vista Teredo IPv6 interface firewall bypass vulnerability

Overview A vulnerability in the Microsoft Windows Vista firewall may allow an attacker to send unfiltered IPv6 traffic to a vulnerable system. Description Internet Protocol version 6 IPv6 is an IP standard that is designed to replace the Internet Protocol version 4 IPv4. The Microsoft Teredo...

7.8CVSS5.8AI score0.35175EPSS
Exploits0References5
CERT
CERT
added 2007/07/11 12:0 a.m.36 views

Adobe Flash Player FLV integer overflow

Overview A vulnerability in the Adobe Flash Player could allow a remote attacker to execute arbitrary code on an affected system. Description Adobe Flash Player is a player for the Flash media format and enables frame-based animations with sound to be viewed within a web browser. An integer...

9.3CVSS8AI score0.56309EPSS
Exploits0References4
CERT
CERT
added 2007/07/11 12:0 a.m.38 views

Microsoft Windows Active Directory fails to properly validate client sent LDAP requests

Overview Microsoft Windows Active Directory fails to properly validate client-sent LDAP requests and may result in a denial of service condition. Description Microsoft Windows Active Directory contains a vulnerability in the way that the LDAP service validates the number of convertible attributes...

5CVSS6.2AI score0.39668EPSS
Exploits1References1
CERT
CERT
added 2007/07/10 12:0 a.m.31 views

Microsoft Windows Active Directory fails to properly validate LDAP requests

Overview A vulnerability in Windows Active Directory could allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Lightweight Directory Access Protocol LDAP is a standard protocol that enables users to query or modify the data in a meta directory. Microsoft's...

10CVSS7.3AI score0.3917EPSS
Exploits0References3
CERT
CERT
added 2007/07/10 12:0 a.m.32 views

SAP DB Web Server buffer overflow vulnerability

Overview The SAP Web Server contains a vulnerability that may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Description SAP DB is a database server that includes a series of web-based configuration tools.A stack based buffer overlfow exists in the SAP DB web...

7.5CVSS7.3AI score0.70004EPSS
Exploits4References6
CERT
CERT
added 2007/07/09 12:0 a.m.31 views

SAP Message Server heap buffer overflow

Overview The SAP Message Server contains a flaw that may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description The SAP Message Server is used to exchange and regulate messages between servers in a SAP network. A heap-based buffer...

10CVSS7.7AI score0.36586EPSS
Exploits1References6
CERT
CERT
added 2007/07/06 12:0 a.m.44 views

Lhaca buffer overflow vulnerability

Overview The Lhaca archiving program contains a buffer overflow vulnerability that may allow an attacker to execute arbitrary code. Description LHA is an archive file format. LHA is used by the Lhaca compression utility.A stack buffer overflow vulnerability exists in the Lhaca program. This...

6.8AI score
Exploits0References8
CERT
CERT
added 2007/06/28 12:0 a.m.32 views

RealNetworks players SMIL "wallclock" buffer overflow

Overview A buffer overflow in RealNetworks media players could allow a remote attacker to execute arbitrary code on an affected system. Description The RealNetworks RealPlayer and Helix Player applications allow users to view local and remote audio and video content. These players support multipl...

9.3CVSS7.6AI score0.36069EPSS
Exploits6References1
CERT
CERT
added 2007/06/27 12:0 a.m.25 views

602pro Lan Suite 2003 buffer overflow vulnerability

Overview 602pro Lan Suite 2003 contains a buffer overflow vulnerability that may allow an attacker to execute code. Description 602pro Lan Suite 2003 is a mail, firewall and proxy server that runs on the Microsoft Windows operating system.The 602pro Lan Suite 2003 SMTP server contains a buffer...

8.2AI score
Exploits0References3
CERT
CERT
added 2007/06/27 12:0 a.m.32 views

Novell NetWare NFS denial of service vulnerability

Overview The Novell NetWare NFS mount daemon contains a denial of service vulnerability. Description Network File System NFS is an ONC RPC based file and print sharing protocol. Novell Netware includes support for the NFS protocol.From Novell Support Document 3008097: If an NFS client attempts a...

7.1CVSS6.6AI score0.02184EPSS
Exploits0References6
CERT
CERT
added 2007/06/26 12:0 a.m.47 views

MIT Kerberos kadmind RPC library gssrpc__svcauth_unix() integer conversion error

Overview The MIT Kerberos administration daemon kadmind contains an integer conversion error vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthunix function used by the Kerberos administration...

8.3CVSS10AI score0.03479EPSS
Exploits1References6
CERT
CERT
added 2007/06/26 12:0 a.m.42 views

MIT Kerberos kadmind RPC library gssrpc__svcauth_gssapi() uninitialized pointer free vulnerability

Overview The MIT Kerberos administration daemon kadmind can free an uninitialized pointer, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description The gssrpcsvcauthgssapi function used by the Kerberos administration daemon can free an...

10CVSS10AI score0.11376EPSS
Exploits1References6
CERT
CERT
added 2007/06/26 12:0 a.m.39 views

MIT Kerberos kadmind principal renaming stack buffer overflow

Overview The MIT Kerberos administration daemon kadmind contains a stack buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the principal renaming operation used by the Kerberos...

9CVSS9.9AI score0.07519EPSS
Exploits1References8
CERT
CERT
added 2007/06/25 12:0 a.m.34 views

Apple Safari cross-domain HTTP redirection race condition

Overview Apple Safari contains a race condition when handling HTTP redirection when updating pages. This can allow a cross-domain violation. Description Apple Safari contains a race condition when updating pages. When this race condition is used in combination with an HTTP redirection, Safari may...

4.3CVSS5.4AI score0.02551EPSS
Exploits1References5
CERT
CERT
added 2007/06/22 12:0 a.m.32 views

Apple WebCore XMLHttpRequest fails to properly serialize headers into an HTTP request

Overview Apple WebCore fails to properly serialize headers into an HTTP request, which can cause a cross-domain security violation. Description Apple WebCore is one of the components of the WebKit web browser engine that is used by Safari, Dashboard, Mail, and other applications. WebCore provides...

4.3CVSS5.5AI score0.0706EPSS
Exploits1References7
CERT
CERT
added 2007/06/22 12:0 a.m.32 views

Apple WebKit frame rendering memory corruption vulnerability

Overview The Apple Webkit contains a memory corruption vulnerability.This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X...

9.3CVSS7.2AI score0.07288EPSS
Exploits1References7
CERT
CERT
added 2007/06/20 12:0 a.m.34 views

Cerulean Studios Trillian Instant Messenger fails to properly handle "UTF-8" sequences

Overview A vulnerability in Cerulean Studios Trillian Instant Messenger client may lead to execution of arbitrary code. Description Cerulean Studios Trillian Instant Messenger client fails to properly handle specially crafted UTF-8 text. A heap overflow may occur when Trillian receives a messages...

9.3CVSS6.2AI score0.06228EPSS
Exploits0References3
CERT
CERT
added 2007/06/19 12:0 a.m.27 views

RealNetworks GameHouse dldisplay ActiveX control stack buffer overflows

Overview The RealNetworks GameHouse dldisplay ActiveX control contains multiple stack buffer overflows, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description RealNetworks GameHouse is a web site that provides games. GameHouse has an...

10CVSS7AI score0.07637EPSS
Exploits1References3
CERT
CERT
added 2007/06/15 12:0 a.m.20 views

Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods

Overview The Novell exteNd Director 4.1 LocalExec ActiveX control fails to restrict access to dangerous methods, which can allow a remote, unauthenticated attacker to execute arbitrary commands on a vulnerable system. Description Novell exteNd Director is a set of software development tools and...

9.3CVSS6.8AI score0.05971EPSS
Exploits1References4
CERT
CERT
added 2007/06/14 12:0 a.m.33 views

Microsoft Windows Secure Channel integer underflow

Overview A vulnerability in Microsoft Windows Secure Channel security package may lead to execution of arbitrary code. Description Microsoft Windows Secure Channel Schannel security package implements standard network authentication protocols Secure Sockets Layer SSL and Transport Layer Security...

9.3CVSS6.1AI score0.12544EPSS
Exploits0References3
CERT
CERT
added 2007/06/13 12:0 a.m.45 views

Microsoft Windows "MHTML" protocol handler fails to properly handle URL redirections

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret URL redirections, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets URL redirections. The...

4.3CVSS5.6AI score0.4031EPSS
Exploits1References1
CERT
CERT
added 2007/06/13 12:0 a.m.113 views

Corel / Micrografx ActiveCGM Browser ActiveX control buffer overflows

Overview The Corel / Micrografx ActiveCGM Browser ActiveX control contains multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Corel ActiveCGM Browser is an ActiveX control that allows viewing of Computer...

9.3CVSS7AI score0.07829EPSS
Exploits0References2
CERT
CERT
added 2007/06/13 12:0 a.m.37 views

Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP header

Overview Microsoft Windows "MHTML" protocol handler fails to properly interpret HTTP headers, which may cause information disclosure. Description The Microsoft Windows "MHTML" protocol handler contains an information disclosure vulnerability in the way that it interprets HTTP headers. The "MHTML"...

4.3CVSS5.6AI score0.2504EPSS
Exploits1References2
CERT
CERT
added 2007/06/12 12:0 a.m.27 views

Microsoft Windows Win32 API fails to properly validate function parameters

Overview The Microsoft Windows Win32 API fails to properly validate function parameters, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Microsoft Windows Win32 API is a set of application programming interfaces for the...

9.3CVSS6.7AI score0.31808EPSS
Exploits0References3
CERT
CERT
added 2007/06/12 12:0 a.m.34 views

Microsoft Speech API ActiveX controls contain buffer overflows

Overview The Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls contain multiple buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Speech API is a software package that provides text-to-spee...

9.3CVSS7AI score0.57521EPSS
Exploits5References2
CERT
CERT
added 2007/06/11 12:0 a.m.24 views

Zoomify Viewer ActiveX control multiple stack buffer overflows

Overview The Zoomify Viewer ActiveX control contains multiple stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Zoomify provides software to incorporate zoomable images into web sites. One of the Zoomify produc...

9.3CVSS7AI score0.06506EPSS
Exploits0References2
CERT
CERT
added 2007/06/08 12:0 a.m.458 views

Mozilla Firefox allows cross-domain iframe access via JavaScript

Overview Mozilla Firefox allows cross-domain access to an iframe. This vulnerability could allow an attacker to interact with a web site in a different domain. The attacker could read content and cookies, capture keystrokes, and modify content. Description An iframe is an HTML element which allow...

4.3CVSS8.9AI score0.02774EPSS
Exploits1References13
CERT
CERT
added 2007/06/08 12:0 a.m.52 views

Yahoo! Webcam view utilities ActiveX control vulnerable to arbitrary code execution

Overview The Yahoo! Webcam view utilities ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Webcam is a component of Yahoo! Messenger that allows users to chat via webcams over ...

7.8AI score
Exploits0References3
Total number of security vulnerabilities3704