Lucene search
K

3704 matches found

CERT
CERT
added 2006/12/15 12:0 a.m.41 views

Symantec Veritas NetBackup bpcd daemon buffer overflow

Overview Symantec Veritas NetBackup contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Symantec VERITAS NetBackup is a client/server based backup software solution. The NetBackup bpcd daemon is...

10CVSS7.7AI score0.11948EPSS
Exploits0References6
CERT
CERT
added 2006/12/14 12:0 a.m.35 views

Microsoft Word malformed pointer vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to compromise a vulnerable system. Description Data used by Microsoft Word to construct a destination address for a memory copy routine is embedded within a Word document itself. If an attacker constructs a Word document with a...

9.3CVSS6.4AI score0.40431EPSS
Exploits1References3
CERT
CERT
added 2006/12/14 12:0 a.m.29 views

Microsoft Remote Installation Service Writable Path Vulnerability

Overview A vulnerability in the way Microsoft Remote Installation Service handles TFTP may allow a remote, unauthorized attacker to create or overwrite arbitrary operating system files. Description Microsoft Remote Installation Service contains a vulnerability in the way that it provides TFTP...

7.5CVSS6.4AI score0.31291EPSS
Exploits0References2
CERT
CERT
added 2006/12/13 12:0 a.m.24 views

Microsoft Internet Explorer Script Error Handling Memory Corruption Vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles certain script errors may lead to memory corruption that may allow remote execution of arbitrary code. Description Microsoft Internet Explorer contains a memory corruption vulnerability that could be exploited when handling...

9.3CVSS6.8AI score0.31068EPSS
Exploits1References1
CERT
CERT
added 2006/12/13 12:0 a.m.30 views

Microsoft Windows SNMP Memory Corruption Vulnerability

Overview A vulnerability in the way Microsoft Windows handles SNMP may allow a buffer overflow that may allow remote execution of arbitrary code. Description Microsoft Windows contains a buffer overflow that may occur when handling malformed SNMP packets. According to Microsoft Security Bulletin...

10CVSS7.8AI score0.53477EPSS
Exploits1References2
CERT
CERT
added 2006/12/13 12:0 a.m.57 views

Sun Secure Global Desktop Software (SSGD) contains multiple cross-site scripting vulnerabilities

Overview The Sun Secure Global Desktop SSGD contains cross-site scripting vulnerabilities. Description Sun Secure Global Desktop formerly Tarantella contains multiple input validation vulnerabilities due to failure to properly sanitize user input. The following modules do not properly filter HTML...

6.8CVSS6.7AI score0.0285EPSS
Exploits0References8
CERT
CERT
added 2006/12/13 12:0 a.m.25 views

Microsoft Internet Explorer TIF Folder arbitrary file access vulnerability

Overview A vulnerability in the way Microsoft Internet Explorer handles drag and drop operations may allow access of arbitrary files within the Temporary Internet Files folder. Description Microsoft Internet Explorer contains a vulnerability that could be exploited when handling drag and drop...

2.6CVSS5.7AI score0.21775EPSS
Exploits1References1
CERT
CERT
added 2006/12/13 12:0 a.m.21 views

MySpace fails to properly filter user-supplied content

Overview The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting. Description MySpace is a social networking web site that allows users to post blog entries, photos, videos, and other content. MySpace blocks user-supplied JavaScript and VBScri...

6.2AI score
Exploits0References6
CERT
CERT
added 2006/12/12 12:0 a.m.29 views

Microsoft Internet Explorer fails to properly handle malformed DHTML script function calls

Overview A vulnerability in the way Microsoft Internet Explorer handles malformed DHTML script function calls may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Microsoft Security Bulletin MS06-072:When Internet Explorer interprets certain DHTML scrip...

9.3CVSS6.2AI score0.35544EPSS
Exploits1References1
CERT
CERT
added 2006/12/11 12:0 a.m.33 views

Microsoft Word malformed data structure vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word fails to properly handle malformed data structures allowing memory corruption to occur. This vulnerability can be triggered by opening a specially crafte...

9.3CVSS6.8AI score0.31449EPSS
Exploits0References7
CERT
CERT
added 2006/12/11 12:0 a.m.23 views

Cisco Security Agent Management Center vulnerable to authentication bypass

Overview Cisco Security Agent Management Center CSAMC may be vulnerable to authentication bypass when configured to use an external Lightweight Directory Access Protocol LDAP server for authentication. Description Cisco Security Agent Management Center CSAMC is a component of the CiscoWorks VPN...

7.5CVSS7AI score0.0365EPSS
Exploits0References2
CERT
CERT
added 2006/12/08 12:0 a.m.24 views

Madwifi wireless driver buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the Madwifi wireless driver. If successfully exploited, an attacker may be able to execute arbitrary code, or cause a denial-of-service condition. Description The Madwifi driver is a Linux kernel device driver for Atheros-based 802.11 a/b/g...

7.5CVSS7.2AI score0.19817EPSS
Exploits5References4
CERT
CERT
added 2006/12/08 12:0 a.m.45 views

Microsoft Windows Media Player fails to properly handle malformed Windows Media Metafiles

Overview Windows Media Player does not properly handle malformed Windows Media Metafiles. This vulnerability may allow a remote attacker to execute arbitrary code or crash Windows Media Player. Description Windows Media Player WMP is a multimedia application that comes with Microsoft Windows...

7.5CVSS7AI score0.41285EPSS
Exploits2References6
CERT
CERT
added 2006/12/07 12:0 a.m.59 views

The Ipswitch IMail Server is vulnerable to a buffer overflow

Overview The Ipswitch IMail Server is vulnerable to a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code or cause a denial-of-service condition. Description According to Ipswitch Security Advisory 20061101:A vulnerability that allowed remote...

7.5CVSS7.9AI score0.60041EPSS
Exploits8References4
CERT
CERT
added 2006/12/07 12:0 a.m.24 views

Adobe Download Manager buffer overflow

Overview Adobe Download Manager contains a buffer overflow. This vulnerability may allow a remote, unauthenticated attacker to run arbitrary code with the privileges of the affected user or cause a denial-of-service condition. Description Adobe Download Manager ADM ADM is a utility that Adobe...

6.8CVSS7.1AI score0.14329EPSS
Exploits0References4
CERT
CERT
added 2006/12/06 12:0 a.m.35 views

Microsoft Word malformed string vulnerability

Overview A vulnerability in Microsoft Word could allow an attacker to execute arbitrary code on a vulnerable system. Description Microsoft Word contains a vulnerability that could be exploited when Word opens a specially crafted document. It is possible that the vulnerability can be exploited by...

9.3CVSS6.6AI score0.31301EPSS
Exploits0References8
CERT
CERT
added 2006/12/05 12:0 a.m.20 views

Microsoft Windows Print Spooler service fails to properly handle RPC requests

Overview The Microsoft Windows Print Spooler fails to properly handle malformed RPC requests. This vulnerability may allow a remote attacker to cause a denial-of-service condition. Description The Microsoft Print Spooler service manages printing operations on a system. The Print Spooler service...

7.5AI score
Exploits0References1
CERT
CERT
added 2006/12/05 12:0 a.m.24 views

Google Mini and Google Search Appliance vulnerable to cross-site scripting

Overview Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs. This vulnerability may allow a remote attacker to read or modify data in web pages. Description Google Mini and Google Search Appliance fail to properly handle UTF-7 encoded URIs, possibly allowing a remo...

4.3CVSS6AI score0.03032EPSS
Exploits0References5
CERT
CERT
added 2006/12/04 12:0 a.m.31 views

Apple Mac OS X Security Framework Online Certificate Status Protocol (OCSP) service fails to properly retrieve certificate revocation lists

Overview Apple Mac OS X Security Framework Online Certificate Status Protocol OCSP service is unable to retrieve certificate revocation lists on systems that are configured to use an HTTP proxy. This vulnerability may result in the use of revoked certificates. Description The Online Certificate...

5CVSS5.7AI score0.01538EPSS
Exploits2References2
CERT
CERT
added 2006/12/01 12:0 a.m.33 views

Autonomy Ultraseek default configuration does not adequately restrict in-document highlighting

Overview A vulnerability exists in the Ultraseek /highlight/index.html script. Successful exploitation of this vulnerability may allow an attacker to enumerate and access content from non-public servers or execute cross-site scripting attacks. Description Ultraseek is a search engine used on...

10CVSS5.9AI score0.06339EPSS
Exploits0References3
CERT
CERT
added 2006/11/30 12:0 a.m.23 views

Apple Mac OS X Apple Type Services server contains multiple buffer overflows

Overview The Apple Mac OS X Apple Type Services server contains multiple buffer overflow vulnerabilities. These vulnerabilities may allow a local attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X Apple Type Services server fails to properly validate service...

7.2CVSS7.3AI score0.01011EPSS
Exploits2References2
CERT
CERT
added 2006/11/30 12:0 a.m.31 views

Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI

Overview Apple Mac OS X CFNetwork may allow arbitrary FTP commands to be executed via a crafted FTP URI. Description According to Apple Security Update 2006-007:By enticing a user to access a maliciously crafted FTP URI, an attacker can cause the user's FTP client to issue arbitrary FTP commands ...

5.1CVSS6.7AI score0.02309EPSS
Exploits2References2
CERT
CERT
added 2006/11/30 12:0 a.m.26 views

Apple Mac OS X Apple Type Services server fails to securely create error log files

Overview The Apple Mac OS X Apple Type Services server insecurely creates error log files, which may allow a local attacker to overwrite or create files with system privileges. Description Apple Mac OS X Apple Type Services server fails to securely create error log files. A local attacker may be...

4.6CVSS5.5AI score0.00891EPSS
Exploits2References2
CERT
CERT
added 2006/11/30 12:0 a.m.37 views

Apple Mac OS X ftpd may allow arbitrary users to determine account name validity

Overview Apple Mac OS X ftpd may allow arbitrary users to determine account name validity. This vulnerability may reveal protected information or allow an attacker to cause a denial-of-service condition. Description According to Apple Security Update 2006-007:When attempting to authenticate a val...

4CVSS6AI score0.0358EPSS
Exploits2References2
CERT
CERT
added 2006/11/30 12:0 a.m.39 views

Apple AirPort driver fails to properly handle probe response frames

Overview A buffer overflow in certain Apple AirPort drivers may allow an attacker to execute arbitrary code with system privileges, or create a denial-of-service condition. Description Apple Airport products are 802.11b and 802.11g compatible wireless devices that are produced by Apple. Airport...

7.5CVSS7.6AI score0.18071EPSS
Exploits2References5
CERT
CERT
added 2006/11/30 12:0 a.m.50 views

Wireshark contains an unspecified vulnerability in the XOT dissector

Overview Wireshark contains a vulnerability in the XOT dissector that may cause the application to crash. Description Wireshark contains a vulnerability in the XOT dissector that may allow the application to allocate a large amount of memory and cause the application to crash. This vulnerability...

5CVSS7.4AI score0.04059EPSS
Exploits0References9
CERT
CERT
added 2006/11/30 12:0 a.m.30 views

Newtone ImageKit ActiveX buffer overflow vulnerabilities

Overview The Newtone ImageKit ActiveX controls contain several buffer overflow vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Newtone ImageKit is a set of ActiveX controls that provide image processing, scanning, a...

10CVSS7.6AI score0.06536EPSS
Exploits0References6
CERT
CERT
added 2006/11/30 12:0 a.m.61 views

Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input

Overview The Adobe Acrobat AcroPDF ActiveX control fails to properly handle malformed input to its methods. This could allow an attacker to cause the application using the ActiveX control to crash. Description Adobe Acrobat and Adobe Reader provide an ActiveX control to allow applications such as...

9.3CVSS6.3AI score0.42952EPSS
Exploits1References7
CERT
CERT
added 2006/11/30 12:0 a.m.36 views

Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available

Overview Apple Mac OS X Security Framework Secure Transport may not negotiate the best cipher available. This vulnerability may allow traffic to be weakly encrypted. Description Secure Transport refers to Apple’s implementation of SSL and TLS that is used by Mac OS X to create secure connections...

5CVSS6.1AI score0.01724EPSS
Exploits2References2
CERT
CERT
added 2006/11/29 12:0 a.m.26 views

Apple Type Services server font processing buffer overflow

Overview A stack-based buffer overflow in Apple Type Services server may allow attackers to execute arbitrary code. Description The Apple Type Services server fails to properly handle malformed font files possibly allowing a stack-based buffer overflow to occur. Note that according to Apple, font...

5.1CVSS7.2AI score0.0457EPSS
Exploits2References1
CERT
CERT
added 2006/11/29 12:0 a.m.31 views

Apple Mac OS X WebKit deallocated object access vulnerability

Overview Apple Safari WebKit fails to properly deallocate objects. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description According to Apple: WebKit is the open source core of Apple's Safari web browser. It is available as a framework in Mac OS X fo...

6.8CVSS7.1AI score0.05406EPSS
Exploits2References3
CERT
CERT
added 2006/11/29 12:0 a.m.40 views

Apple Mac OS X Finder fails to properly handle malformed .DS_Store files

Overview Apple Finder fails to properly handle malformed .DSStore files. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description .DSStore files are hidden files used by Apple Finder to control the display of a folder and its contents.According to App...

5.1CVSS7.7AI score0.06232EPSS
Exploits2References2
CERT
CERT
added 2006/11/29 12:0 a.m.41 views

Apple Mac OS X PPP driver fails to properly validate PADI packets

Overview The Apple Mac OS X PPP driver fails to properly handle PPPoE Active Discovery Initiation PADI packets. This vulnerability may allow a remote attacker to execute arbitrary code with system privileges. Description The Apple Mac OS X PPP driver fails to properly handle PADI packets allowing...

7.5CVSS7.4AI score0.07456EPSS
Exploits2References3
CERT
CERT
added 2006/11/28 12:0 a.m.32 views

GNU gv buffer overflow vulnerability

Overview A buffer overflow vulnerability exists in the GNU gv viewer application. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description From the GNU gv website:GNU gv allows to view and navigate through...

5.1CVSS7.8AI score0.14838EPSS
Exploits1References3
CERT
CERT
added 2006/11/27 12:0 a.m.18 views

NetGear wireless driver fails to properly process specially-crafted 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear WG311ND5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG311ND5.SYS driver is a wireless 802.11g device driv...

7.5CVSS7.4AI score0.14498EPSS
Exploits1References3
CERT
CERT
added 2006/11/22 12:0 a.m.31 views

Apple Mac OS X fails to properly handle corrupted DMG image structures

Overview Apple Mac OS X fails to properly handle corrupted DMG image structures. The complete impact of this vulnerability is unclear, but may include execution of arbitrary code or denial of service. Description A vulnerability in the way Mac OS X com.apple.AppleDiskImageController handles...

9.3CVSS7.9AI score0.09446EPSS
Exploits1References7
CERT
CERT
added 2006/11/22 12:0 a.m.31 views

Computer Associates BrightStor ARCserve Backup Tape Engine fails to properly handle RPC requests

Overview A vulnerability exists in the Computer Associates BrightStor ARCserve Backup Tape Engine. If successfully exploited, this vulnerability may allow a remote attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with...

10CVSS7.1AI score0.70215EPSS
Exploits11References9
CERT
CERT
added 2006/11/21 12:0 a.m.26 views

NaviCOPA Web Server fails to properly handle certain HTTP requests

Overview A vulnerability exists in the NaviCOPA Web Server. If successfully exploited, this vulnerability may allow an attacker to execute arbitrary code. Description NaviCOPA Web Server is an HTTP server that is available for multiple versions of Microsoft Windows including Windows 98, NT, 2000,...

7.5CVSS7AI score0.66826EPSS
Exploits4References6
CERT
CERT
added 2006/11/20 12:0 a.m.16 views

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability exists in the Netgear MA521nd5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The MA521nd5.SYS driver is a wireless 802.11b device driv...

10CVSS7.5AI score0.18755EPSS
Exploits1References2
CERT
CERT
added 2006/11/17 12:0 a.m.16 views

NetGear wireless driver fails to properly process certain 802.11 management frames

Overview A buffer overflow vulnerability has been reported in the Netgear WG111v2.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The WG111v2.SYS driver is a wireless 802.11...

8.2AI score
Exploits0References2
CERT
CERT
added 2006/11/16 12:0 a.m.29 views

Sky Software FileView ActiveX control allows arbitrary command execution via unsafe methods

Overview The Sky Software FileView ActiveX control contains unsafe methods, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several applications, such as...

4CVSS6.8AI score0.602EPSS
Exploits5References4
CERT
CERT
added 2006/11/16 12:0 a.m.41 views

Sky Software FileView ActiveX control buffer overflow vulnerability

Overview The Sky Software FileView ActiveX control contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Sky Software FileView object is an ActiveX control that is provided with several...

7.1AI score
Exploits0References4
CERT
CERT
added 2006/11/15 12:0 a.m.37 views

Microsoft Internet Explorer fails to properly interpret HTML with certain layout combinations

Overview A vulnerability in the way Microsoft Internet Explorer interprets malformed Web pages may lead to execution of arbitrary code. Description Microsoft Internet Explorer contatins a vulnerabilty that could be exploited when Internet Explorer attempts to interpret specially crafted Web pages...

5.1CVSS7AI score0.24798EPSS
Exploits0References2
CERT
CERT
added 2006/11/15 12:0 a.m.30 views

Microsoft Workstation Service fails to properly parse malformed network messages

Overview A vulnerability in the way Microsoft Workstation Service parses malformed network messages may lead to execution of arbitrary code. Description Microsoft Workstation Service contains a vulnerability that could be exploited when Workstation Service attempts to parse specially crafted...

10CVSS6.9AI score0.80214EPSS
Exploits8References2
CERT
CERT
added 2006/11/14 12:0 a.m.31 views

Microsoft DirectAnimation Path ActiveX control Spline method integer overflow

Overview A vulnerability in the Microsoft DirectAnimation ActiveX controls may allow a remote attacker to execute arbitrary code on an affected system. Description Microsoft's DirectAnimation is a suite of development functionality, predating Microsoft DirectX, that provides animation support for...

5CVSS7.3AI score0.6033EPSS
Exploits1References6
CERT
CERT
added 2006/11/14 12:0 a.m.26 views

Microsoft Agent fails to properly handle specially crafted .ACF files

Overview Microsoft Agent fails to properly handle specially crafted .ACF files and may allow a remote attacker to execute arbitrary code. Description Microsoft Agent is a software technology that enables an enriched form of user interaction that can make using and learning to use a computer easie...

7.5CVSS6.7AI score0.40143EPSS
Exploits0References3
CERT
CERT
added 2006/11/14 12:0 a.m.12 views

Broadcom wireless driver fails to properly process 802.11 probe response frames

Overview A buffer overflow vulnerability exists in the Broadcom BCMWL5.SYS wireless driver. Successful exploitation of this vulnerability may allow an attacker to execute arbitrary code, or cause a denial-of-service condition. Description The BCMWL5.SYS driver is a wireless 802.11 device driver...

7.9AI score
Exploits0References2
CERT
CERT
added 2006/11/10 12:0 a.m.41 views

Citrix Access Gateway LDAP authentication bypass

Overview An error with LDAP authentication in Citrix Access Gateway appliances may allow an attacker to successfully authenticate without providing correct login credentials. Description Citrix Access Gateway appliances use SSL VPN technology to give remote users secure access shared resources...

5.1CVSS6.5AI score0.0367EPSS
Exploits0References4
CERT
CERT
added 2006/11/08 12:0 a.m.29 views

The Mozilla Network Security Services library fails to properly verify RSA signatures

Overview The Mozilla Network Security Services library fails to properly verify RSA signatures. This vulnerability may allow an attacker to forge RSA signatures. Description RSA signatures are used to authenticate the source of a message. To prevent RSA signatures from being forged, messages are...

6.4CVSS5.7AI score0.02633EPSS
Exploits0References14
CERT
CERT
added 2006/11/08 12:0 a.m.38 views

Mozilla products allow execution of arbitrary JavaScript

Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...

7.5CVSS6.6AI score0.02614EPSS
Exploits0References9
Total number of security vulnerabilities3704