Lucene search
K

3704 matches found

CERT
CERT
added 2007/05/03 12:0 a.m.21 views

Cisco ASA clientless SSL VPN denial of service vulnerability

Overview The Cisco ASA firewall's SSL VPN component contains an denial-of-service vulnerability. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing, intrusion prevention system IPS, and VPN components. The clientless SSL VPN allows remote users with a web...

7.2AI score
Exploits0References7
CERT
CERT
added 2007/05/02 12:0 a.m.32 views

Cisco PIX and ASA authentication bypass vulnerability

Overview The Cisco ASA and PIX firewalls contain an authentication bypass vulnerability. This vulnerability may allow a remote attacker to gain unauthorized access to the internal network or firewall. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and...

10CVSS6.9AI score0.06451EPSS
Exploits0References4
CERT
CERT
added 2007/05/02 12:0 a.m.29 views

Apple QuickTime for Java QTPointerRef heap memory corruption vulnerability

Overview Apple QuickTime for Java contains a heap memory corruption vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Apple QuickTime includes the ability to integrate QuickTime into Java applications and applets. This...

7.6CVSS7.1AI score0.83804EPSS
Exploits1References9
CERT
CERT
added 2007/05/02 12:0 a.m.19 views

LiveData Server fails to properly handle Connection-Oriented Transport Protocol packets

Overview The LiveData Server fails to handle malformed Connection-Oriented Transport Protocol COTP packets. This vulnerability may allow a remote attacker to crash the LiveData Server. Description The LiveData Server records and transmits data between two or more control systems. The...

7.8CVSS6.4AI score0.03749EPSS
Exploits0References2
CERT
CERT
added 2007/05/02 12:0 a.m.25 views

Cisco ASA fails to properly process DHCP relay packets

Overview The Cisco Adaptive Security Appliance contains a memory exhaustion vulnerability that may occur when the DHCP service relay is enabled. Description The Cisco Adaptive Security Appliance ASA is firewall that includes routing and intrusion prevention system IPS features. DHCP relay allows...

6.9AI score
Exploits0References5
CERT
CERT
added 2007/04/30 12:0 a.m.22 views

OPeNDAP code execution vulnerability

Overview OPeNDAP server version 3 contains a vulnerability that allows an attacker to execute comands on the server. Description From the OPenNDAP website:OPeNDAP provides software which makes local data accessible to remote locations regardless of local storage format. OPeNDAP also provides tool...

7.8AI score
Exploits0References5
CERT
CERT
added 2007/04/26 12:0 a.m.40 views

IncrediMail IMMenuShellExt ActiveX control stack buffer overflow vulnerability

Overview The IncrediMail IMMenuShellExt ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description IncrediMail is an email application that includes animations and 1000's of emoticons...

6.8CVSS7.2AI score0.37744EPSS
Exploits1References1
CERT
CERT
added 2007/04/26 12:0 a.m.35 views

Cisco NetFlow Collection Engine contains known default passwords

Overview A vulnerability in the Cisco NetFlow Collection Engine could allow a remote attacker to gain access to a vulnerable system. Description The Cisco Network Services CNS NetFlow Collection Engine NFC is a software package for supported UNIX platforms and is used to collect and monitor NetFl...

10CVSS6.9AI score0.04733EPSS
Exploits0References1
CERT
CERT
added 2007/04/25 12:0 a.m.20 views

Airodump-ng buffer overflow vulnerability

Overview The airodump-ng program, which is a part of the aircrack-ng suite, contains a buffer overflow vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute code. Description The aircrack-ng suite is a group of related programs that can be used to recover W...

8.6AI score
Exploits0References6
CERT
CERT
added 2007/04/25 12:0 a.m.16 views

HP-UX sendmail vulnerable to denial of service

Overview HP-UX contains an unspecified vulnerability in sendmail, which may allow a remote, unauthenticated attacker to cause a denial of service. Description HP-UX systems running sendmail are vulnerable to an unspecified denial of service. According to HP technical document c00841370, the...

7AI score
Exploits0References2
CERT
CERT
added 2007/04/25 12:0 a.m.29 views

CA BrightStor ARCserve Backup Media Server RPC service buffer overflows

Overview The CA BrightStor ARCserve Backup Media Server contains multiple buffer overflows in the RPC service, which can allow a remote, unauthenticated attacker to execute arbitrary code with elevated privileges. Description BrightStor ARCserve Backup is a backup and data retention tool that...

10CVSS7.1AI score0.77996EPSS
Exploits8References3
CERT
CERT
added 2007/04/23 12:0 a.m.21 views

Microgaming Download Helper ActiveX control stack buffer overflow

Overview The Microgaming Download Helper ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microgaming provides software for online gaming, including online casinos. The Microgaming...

7.6AI score
Exploits0References4
CERT
CERT
added 2007/04/21 12:0 a.m.15 views

McAfee VirusScan Enterprise heap buffer overflow vulnerability

Overview The McAfee VirusScan progream contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to arbitrary execute code. Description McAfee VirusScan Enterprise includes an anti-virus, firewall, and host-based intrusion protection system. The on-demand...

8.3AI score
Exploits0References4
CERT
CERT
added 2007/04/20 12:0 a.m.27 views

Apple Macintosh OS X VideoConference SIP heap buffer overflow

Overview The Apple VideoConference framework contains a buffer overflow vulnerability. If exploited, this vulnerability may allow an attacker to execute code. Description Apple's VideoConference framework is used in iChat and other applications to stream video. iChat uses SIP to make and receive...

10CVSS7.3AI score0.10187EPSS
Exploits0References3
CERT
CERT
added 2007/04/20 12:0 a.m.26 views

Apple Macintosh OS X fails to properly mount WebDAV filesystems

Overview A vulnerability in the way that Apple Macintosh OS X mounts WebDAV filesystems could allow a local attacker to execute commands with elevated privileges. Description Web-based Distributed Authoring and Versioning WebDAV is a set of extensions to the HTTP protocol which allows collaborati...

7.2CVSS6.3AI score0.00868EPSS
Exploits0References1
CERT
CERT
added 2007/04/19 12:0 a.m.30 views

Apple AFP Client privilege escalation vulnerability

Overview The Apple File Protocol AFP Client fails to properly clean its environment before executing commands. This vulnerability may allow a local attacker execute commands with elevated privileges. Description The Apple File Protocol service allows Apple Mac OS clients to access files remotely...

7.2CVSS6AI score0.00885EPSS
Exploits0References2
CERT
CERT
added 2007/04/18 12:0 a.m.16 views

Google Reader cross-site request forgery vulnerability

Overview Google Reader is vulnerable to a persistent cross-site request forgery attack that may be exploited by a specially crafted RSS feed. Description Google Reader is an online RSS feed reader. It can display text and images when displaying RSS feeds.Google Reader contains a cross-site reques...

7.2AI score
Exploits0References6
CERT
CERT
added 2007/04/18 12:0 a.m.24 views

Oracle Database vulnerable to privilege escalation

Overview A vulnerability in Oracle Database for Microsoft Windows could allow a remote attacker to log on to the system with elevated privileges. Description A vulnerability exists in Oracle Database's Core Relational Database Management System RDBMS that may allow a remote attacker to log on to...

6.7AI score
Exploits0References5
CERT
CERT
added 2007/04/18 12:0 a.m.25 views

Second Sight Software ActiveMod ActiveX control stack buffer overflow

Overview The Second Sight Software ActiveMod ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveMod is a music player that is provided as an ActiveX control...

6.8CVSS7.3AI score0.0585EPSS
Exploits0References3
CERT
CERT
added 2007/04/18 12:0 a.m.32 views

Second Sight Software ActiveGS ActiveX control stack buffer overflows

Overview The Second Sight Software ActiveGS ActiveX control contains several stack buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Second Sight Software ActiveGS is an Apple IIGS emulator that is provided as an...

6.8CVSS7.2AI score0.0585EPSS
Exploits0References3
CERT
CERT
added 2007/04/17 12:0 a.m.42 views

Akamai Download Manager ActiveX control buffer overflow

Overview The Akamai Download Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Akamai Download Manager is software designed to enhance the ability to download content. The Akamai...

9.3CVSS6.9AI score0.06772EPSS
Exploits0References5
CERT
CERT
added 2007/04/17 12:0 a.m.22 views

Microsoft Content Management Server fails to properly process crafted HTTP requests

Overview A vulnerability in the way Microsoft Content Managment Server handles HTTP requests may lead to execution of arbitrary code. Description Microsoft Content Managment Server CMS contains a vulnerability that could be exploited when it attempts to process specially crafted HTTP requests...

10CVSS7.6AI score0.45633EPSS
Exploits0References2
CERT
CERT
added 2007/04/16 12:0 a.m.30 views

The Wizz RSS Reader chrome access vulnerability

Overview The Wizz RSS Reader contains a vulnerability that may allow an attacker to take any action that Mozlla Firefox can. Description The Mozilla Firefox user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window...

6.2AI score
Exploits0References5
CERT
CERT
added 2007/04/13 12:0 a.m.47 views

Microsoft Windows DNS RPC buffer overflow

Overview The Microsoft DNS service Remote Procedure Call RPC implementation contains a stack buffer overflow. This vulnerability may allow a remote attacker to execute arbitrary code with SYSTEM privileges. Description The Microsoft Windows DNS service uses RPC to facilitate remote management. Th...

10CVSS9.5AI score0.79128EPSS
Exploits17References7
CERT
CERT
added 2007/04/12 12:0 a.m.25 views

HP Mercury Interactive Quality Center Spider Module ActiveX control stack buffer overflow

Overview The HP Mercury Interactive Quality Center Spider Module ActiveX control contains a stack buffer overflow, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description HP Mercury Interactive Quality Center includes an ActiveX control...

9.3CVSS7.1AI score0.39735EPSS
Exploits4References5
CERT
CERT
added 2007/04/12 12:0 a.m.27 views

HP-UX ICMP vulnerable to DoS via ICMP Path Maximum Transmission Unit (PMTU) Discovery

Overview A vulnerability in HP-UX may allow a remote attacker to cause a denial of service by sending a specially crafted ICMP packet. Description A number of widely accepted Internet standards describe different aspects of the relationships between the Internet Control Message Protocol ICMP and...

5CVSS6.6AI score0.02654EPSS
Exploits0References4
CERT
CERT
added 2007/04/12 12:0 a.m.56 views

PhpWiki fails to properly restrict uploaded files

Overview PhpWiki fails to properly restrict uploaded files, which can allow a remote attacker to execute arbitrary commands on a vulnerable system. Description PhpWiki is Wiki software that is implemented in PHP. PhpWiki includes an "UpLoad" feature that allows users to upload files. Files with a...

6.8CVSS7.5AI score0.03279EPSS
Exploits0References2
CERT
CERT
added 2007/04/10 12:0 a.m.27 views

Microsoft Windows Agent fails to properly process crafted URLs

Overview Microsoft Agent fails to properly handle specially crafted URLs, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Agent is software that provides animated characters to enhance interaction with computer systems...

9.3CVSS6.4AI score0.30914EPSS
Exploits0References3
CERT
CERT
added 2007/04/10 12:0 a.m.33 views

Microsoft Windows Kernel vulnerable to privilege escalation

Overview The Microsoft Windows Kernel contains a privilege escalation vulnerability that may allow a local attacker to take control of the system. Description The Microsoft Windows Kernel fails to properly set permissions when mapping to a memory segment. By running a specially crafted applicatio...

7.2CVSS6.8AI score0.02709EPSS
Exploits1References1
CERT
CERT
added 2007/04/10 12:0 a.m.58 views

Microsoft Windows Vista CSRSS privilege escalation vulnerability

Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Client/Server Run-time Subsystem CSRSS is an essential subsystem. CSRSS is responsib...

7.2CVSS6.5AI score0.02686EPSS
Exploits0References1
CERT
CERT
added 2007/04/10 12:0 a.m.25 views

Microsoft Windows CSRSS error handling vulnerability

Overview The Microsoft Windows Client/Server Run-time Subsystem CSRSS process fails to properly handle error messages. This vulnerability may allow a remote attacker to execute arbitrary code. Description According to Microsoft Security Bulletin MS07-021:CSRSS is the user-mode portion of the Win3...

6.6CVSS7AI score0.06786EPSS
Exploits0References5
CERT
CERT
added 2007/04/09 12:0 a.m.24 views

Yahoo! Messenger AudioConf ActiveX Control buffer overflow vulnerability

Overview The Yahoo! Messenger AudioConf ActiveX control contains a buffer overflow, which could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Yahoo! Messenger is an instant messaging application. Yahoo! Messenger includes several ActiveX...

9.3CVSS7.1AI score0.08375EPSS
Exploits4References7
CERT
CERT
added 2007/04/09 12:0 a.m.36 views

Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows

Overview The Internet Pictures Corporation iPIX Image Well ActiveX controls contain buffer overflows, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Internet Pictures Corporation has produced equipment and software to create 360...

10CVSS7.3AI score0.11112EPSS
Exploits0References1
CERT
CERT
added 2007/04/05 12:0 a.m.29 views

AOL SuperBuddy ActiveX fails to properly validate method arguments

Overview The AOL SuperBuddy ActiveX control does not properly validate arguments to the LinkSBIcons method. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The AOL SuperBuddy ActiveX control Sb.SuperBuddy.1 is a compone...

9.3CVSS6.7AI score0.08434EPSS
Exploits5References4
CERT
CERT
added 2007/04/05 12:0 a.m.31 views

Intel Centrino wireless drivers fail to properly process malformed frames

Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow an attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless adapters fail to...

7.7AI score
Exploits0References4
CERT
CERT
added 2007/04/03 12:0 a.m.43 views

MIT Kerberos 5 GSS-API library double-free vulnerability

Overview The GSS-API library provided with MIT krb5 contains a vulnerability that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability in the way the GSS-API library provided with MIT krb5 handles messages with an invalid...

9CVSS9.4AI score0.09878EPSS
Exploits0References8
CERT
CERT
added 2007/04/03 12:0 a.m.43 views

MIT Kerberos 5 administration daemon stack overflow in krb5_klog_syslog()

Overview The Kerberos administration daemon contains a buffer overflow that may allow a remote, authenticated attacker to execute arbitrary code or cause a denial of service. Description A vulnerability exists in the way the krb5klogsyslog function used by the Kerberos administration daemon handl...

9CVSS9.7AI score0.10327EPSS
Exploits1References13
CERT
CERT
added 2007/04/03 12:0 a.m.35 views

SolidWorks sldimdownload ActiveX control fails to restrict access to methods

Overview The SolidWorks sldimdownload ActiveX control contains methods that can allow a remote, unauthenticated attacker to run arbitrary code on a vulnerable system. Description SolidWorks provides 3D CAD software solutions. The SolidWorks sldimdownload ActiveX control is provided by the file...

9.3CVSS7.1AI score0.04662EPSS
Exploits0References5
CERT
CERT
added 2007/04/03 12:0 a.m.44 views

MIT Kerberos 5 telnet daemon allows login as arbitrary user

Overview A vulnerability exists in the version of the telnet daemon included with the MIT Kerberos 5 distribution that may allow a remote, unauthorized attacker to log on to the system with elevated privileges. Description A vulnerability exists version of the telnet daemon included with the MIT...

10CVSS9.5AI score0.29842EPSS
Exploits1References7
CERT
CERT
added 2007/04/02 12:0 a.m.26 views

CA Brightstor ARCserve Backup fails to properly process RPC requests

Overview The Computer Associates BrightStor ARCserve Backup contains a buffer overflow in the handling of RPC data that may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...

7.1CVSS7.5AI score0.15352EPSS
Exploits0References2
CERT
CERT
added 2007/03/29 12:0 a.m.150 views

Microsoft Windows animated cursor stack buffer overflow

Overview Microsoft Windows contains a stack buffer overflow in the handling of animated cursor files. This vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Description Animated cursor files .ani contain animated graphics for icons and...

9.3CVSS6.8AI score0.7288EPSS
Exploits12References10
CERT
CERT
added 2007/03/28 12:0 a.m.16 views

IBM Lotus Domino LDAP server DN message heap buffer overflow

Overview The IBM Lotus Domino LDAP server is vulnerable to a heap buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial of service. Description IBM Lotus Domino server software provides email, calendar, scheduling, and collaboration...

8.3AI score
Exploits0References2
CERT
CERT
added 2007/03/26 12:0 a.m.36 views

file integer overflow vulnerability

Overview The file program contains a vulnerability that may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description file is a program for Unix-like operating systems that is used to determine what type of data is contained in a file.file contains a buffer...

9.3CVSS8.9AI score0.12226EPSS
Exploits1References13
CERT
CERT
added 2007/03/22 12:0 a.m.33 views

McAfee ePolicy Orchestrator and ProtectionPilot ActiveX control buffer overflow vulnerability

Overview A vulnerability in an ActiveX control provided with the McAfee ePolicy Orchestrator and ProtectionPilot software could allow a remote attacker to execute arbitrary code on an affected system. Description The McAfee ePolicy Orchestrator and ProtectionPilot are applications that are design...

9.3CVSS7.3AI score0.07729EPSS
Exploits8References11
CERT
CERT
added 2007/03/21 12:0 a.m.29 views

InterActual Player SyscheckObject ActiveX controls contain stack buffer overflows

Overview InterActual Player provides multiple ActiveX controls that are vulnerable to buffer overflows. This can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description InterActual Player is a video DVD playing application for Windows systems...

9.3CVSS6.8AI score0.35137EPSS
Exploits3References2
CERT
CERT
added 2007/03/20 12:0 a.m.36 views

NETxAutomation NETxEIB OPC Server fails to properly validate OPC server handles

Overview The NETxAutomation NETxEIB OPC Server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control and...

7.5CVSS7.1AI score0.04442EPSS
Exploits0References4
CERT
CERT
added 2007/03/19 12:0 a.m.34 views

Takebishi Electric DeviceXPlorer OPC Server fails to properly validate OPC server handles

Overview The Takebishi Electric DeviceXPlorer OPC server contains a vulnerability that may allow a remote attacker to execute arbitary code or cause a denial-of-service. Description OLE for Process Control OPC is a specification for a standard set of OLE COM objects for use in the process control...

10CVSS7.1AI score0.09055EPSS
Exploits0References4
CERT
CERT
added 2007/03/17 12:0 a.m.28 views

CA BrightStor ARCserver Tape Engine memory corruption vulnerability

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a memory corruption vulnerability. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code or create a denial-of-service condition. Description BrightStor ARCserve Backup is a...

10CVSS7.3AI score0.14468EPSS
Exploits0References5
CERT
CERT
added 2007/03/17 12:0 a.m.31 views

CA BrightStor ARCserver Tape Engine denial-of-service vulnerability

Overview The Computer Associates BrightStor ARCserve Backup Tape Engine contains a vulnerability. If successfully exploited, this vulnerability may allow a remote attacker to shut down the tape engine interface. Description BrightStor ARCserve Backup is a backup and data retention tool that...

2.1CVSS6.4AI score0.00908EPSS
Exploits0References5
CERT
CERT
added 2007/03/16 12:0 a.m.31 views

Apple Mac OS X fails to properly handle crafted AppleSingleEncoding disk images

Overview A vulnerabilty in the Apple Mac OS X AppleSingleEncoding disk image handler may allow execution of arbitrary code or denial of service. Description Apple Mac OS X contains a vulnerability that may be exploited when a user mounts a specially crafted AppleSingleEncoding disk image file...

6.8CVSS8.3AI score0.04039EPSS
Exploits0References2
Total number of security vulnerabilities3704