Lucene search
K

3704 matches found

CERT
CERT
•added 2006/11/08 12:0 a.m.•37 views

Mozilla products allow execution of arbitrary JavaScript

Overview Multiple Mozilla products allow running JavaScript to be recompiled while executing. This vulnerability may allow a remote attacker to execute arbitrary JavaScript bytecode. Description According to Mozilla Foundation Security Advisory 2006-67: ...it was possible to modify a Script objec...

7.5CVSS6.6AI score0.02614EPSS
Exploits0References9
CERT
CERT
•added 2006/11/08 12:0 a.m.•37 views

Mozilla products vulnerable to memory corruption

Overview A vulnerability exists in the way Mozilla products process JavaScript. This vulnerability may allow an attacker to execute arbitrary code. Description The Mozilla Foundation supports several Open Source projects, including the Mozilla, Seamonkey, and Firefox web browsers. The Thunderbird...

5CVSS6.4AI score0.05522EPSS
Exploits0References18
CERT
CERT
•added 2006/11/08 12:0 a.m.•31 views

Mozilla products contain several unspecified errors in the layout engine

Overview The Mozilla layout engine contains several unspecified vulnerabilities that may allow an attacker to execute arbitrary code or crash the vulnerable application. Description The Mozilla layout engine, also known as Gecko, is responsible for parsing HTML, XML, CSS, layout, and rendering...

5CVSS6.8AI score0.04292EPSS
Exploits0References14
CERT
CERT
•added 2006/11/08 12:0 a.m.•19 views

Symantec Automated Support Assistant ActiveX control buffer overflow

Overview The Symantec Automated Support Assistant ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The Symantec Automated Support Assistant control is an ActiveX control that comes with...

5.1CVSS7.3AI score0.05935EPSS
Exploits0References7
CERT
CERT
•added 2006/11/07 12:0 a.m.•24 views

Apache mod_tcl module contains a format string error

Overview A format string vulnerability exists in the modtcl Apache module. This vulnerability may allow a remote attacker to execute arbitrary code. Description The Apache HTTP Server, also known as httpd, is an open-source HTTP server that runs on Microsoft Windows, Linux, Unix, and Apple OS X...

6.8CVSS6.8AI score0.15972EPSS
Exploits0References5
CERT
CERT
•added 2006/11/07 12:0 a.m.•25 views

Clam AntiVirus fails to properly handle crafted Portable Executable (PE) files

Overview A vulnerability in the way Clam AntiVirus processes Portable Executable PE files may lead to execution of arbitrary code. Description Clam AntiVirus is a GPL virus scanner that has built-in support for for a number of file types including PE. According to iDefense Public Advisory:...

7.5CVSS9.7AI score0.20224EPSS
Exploits1References12
CERT
CERT
•added 2006/11/06 12:0 a.m.•32 views

The Red Hat Enterprise Linux 3 SMP Kernel fails to properly handle IPC shared-memory

Overview The Red Hat Enterprise Linux 3 SMP Kernel may allow an authenticated attacker to cause a denial-of-service condition with specially crafted IPC shared-memory functions. Description Inter-Process Communication IPC shared-memory is a method of passing data between programs used by the Red...

5.5CVSS6.2AI score0.00386EPSS
Exploits1References3
CERT
CERT
•added 2006/11/05 12:0 a.m.•37 views

Microsoft XML Core Services XMLHTTP ActiveX control vulnerability

Overview The Microsoft XML Core Services XMLHTTP ActiveX control contains an unspecified vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use applications such as...

7.6CVSS6.6AI score0.75946EPSS
Exploits7References8
CERT
CERT
•added 2006/11/02 12:0 a.m.•38 views

Computer Associates BrightStor ARCserv and Protection Suite products RPC buffer overflow vulnerabilities

Overview Multiple vulnerabilities exist in Computer Associates backup products. If successfully exploited, these vulnerabilities may allow an attacker to execute arbitrary code. Description BrightStor ARCserve Backup is a backup and data retention tool that integrates with other BrightStor Data...

7.5CVSS7.6AI score0.78513EPSS
Exploits12References15
CERT
CERT
•added 2006/11/01 12:0 a.m.•63 views

WMI Object Broker ActiveX Control bypasses ActiveX security model

Overview The Microsoft WMI Object Broker ActiveX control bypasses the ActiveX security model, which can allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to create reusable software...

6.8CVSS6.5AI score0.42846EPSS
Exploits6References10
CERT
CERT
•added 2006/11/01 12:0 a.m.•29 views

Computer Associates Discovery Service buffer overflow

Overview Multiple Computer Associates products contain a buffer overflow in the code that handles the Discovery Service protocol. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description Computer Associates BrightStor ARCserve Backup, BrightStor...

7.5CVSS7.3AI score0.78513EPSS
Exploits12References17
CERT
CERT
•added 2006/10/27 12:0 a.m.•50 views

ADODB.Connection ActiveX control memory corruption vulnerability

Overview The Execute function of the ADODB.Connection ActiveX object contains an unspecified vulnerability. This may allow a remote, unauthenticated attacker to cause Internet Explorer to crash or possibly execute arbitrary code. Description Microsoft ADO ActiveX Data Objects are "...

9.3CVSS7.1AI score0.43785EPSS
Exploits1References6
CERT
CERT
•added 2006/10/27 12:0 a.m.•20 views

AOL Nullsoft Winamp Lyrics3 heap buffer overflow

Overview AOL Nullsoft Winamp contains a heap-based buffer overflow in the code that handles Lyrics3 tags. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description Lyrics3 is a system for embedding the lyrics inside an MP3 song file...

8.2AI score
Exploits0References5
CERT
CERT
•added 2006/10/26 12:0 a.m.•31 views

Novell GroupWise Messenger fails to properly handle HTTP POST requests.

Overview Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may allow a remote attacker to cause a denial of service condition. Description Novell GroupWise Messenger fails to properly handle HTTP POST requests. This vulnerability may be triggered by sendin...

5CVSS6.6AI score0.03004EPSS
Exploits0References4
CERT
CERT
•added 2006/10/26 12:0 a.m.•28 views

Microsoft Internet Explorer 7 may allow address bar spoofing

Overview Internet Explorer 7 may allow address bar spoofing in pop-up windows. This could let an attacker spoof the address of a web site. Description Internet Explorer 7 includes a new feature called "Address bar protection." This makes sure that every window, including pop-ups, will present an...

6.2AI score
Exploits0References5
CERT
CERT
•added 2006/10/25 12:0 a.m.•29 views

Wireshark SSCOP dissector fails to properly handle malformed packets

Overview Wireshark contains a vulnerability in the SSCOP dissector that may cause a denial of service condition. Description Wireshark contains a vulnerability in the Service-Specific Connection Oriented Protocol SSCOP dissector.Wireshark states that: If the SSCOP dissector has a port range...

5.4CVSS7.4AI score0.03707EPSS
Exploits0References14
CERT
CERT
•added 2006/10/25 12:0 a.m.•35 views

Wireshark contains multiple off-by-one errors in the IPSec ESP preference parser

Overview Wireshark contains a vulnerability in the IPSec ESP preference parser that may cause a denial of service condition. Description Wireshark contains multiple off-by-one vulnerabilities in the IPSec ESP preference parser when the application has been compiled with ESP decryption support.Thi...

5CVSS8AI score0.04132EPSS
Exploits0References10
CERT
CERT
•added 2006/10/25 12:0 a.m.•32 views

X.Org fails to check for setuid failure on Linux systems

Overview Programs distributed as part of the X.Org software distribution fail to properly handle test results for effective user ID. This vulnerability may lead to privilege escalation. Description Linux, like most Unix systems, provides a system call, setuid, to set the effective user ID of a...

7.2CVSS7.3AI score0.00434EPSS
Exploits0References8
CERT
CERT
•added 2006/10/25 12:0 a.m.•31 views

Wireshark contains an unspecified vulnerability in the SCSI dissector

Overview Wireshark contains a vulnerability in the SCSI dissector that may cause a denial-of-service condition. Description The SCSI dissector in Wireshark contains an unspecified error that may allow remote attackers to cause a denial-of-service condition.Wireshark states that Wireshark version...

4.3CVSS7.3AI score0.03336EPSS
Exploits0References13
CERT
CERT
•added 2006/10/24 12:0 a.m.•34 views

Opera Web Browser fails to properly process overly long URLs

Overview The Opera Web Browser fails to properly process overly long URLs. This vulnerability may allow arbitrary code execution. Description Opera is a multi-platform web browser that is available for a range of operating systems and embedded Internet products. Opera contains a heap buffer...

5.1CVSS7.8AI score0.04724EPSS
Exploits0References3
CERT
CERT
•added 2006/10/24 12:0 a.m.•33 views

Oracle MDSYS.SDO_LRS package vulnerable to PL/SQL injection

Overview The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle MDSYS.SDOLRS package is vulnerable to PL/SQL injection...

7.1CVSS6.9AI score0.03844EPSS
Exploits0References4
CERT
CERT
•added 2006/10/24 12:0 a.m.•17 views

Oracle CREATE_CHANGE_TABLE procedure vulnerable to PL/SQL injection

Overview The Oracle CREATECHANGETABLE procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle CREATECHANGETABLE procedure fails to properly filter us...

7.8AI score
Exploits0References3
CERT
CERT
•added 2006/10/24 12:0 a.m.•33 views

Oracle DISABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle DISABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle DISABLEHIERARCHYINTERNAL procedure fails to...

9CVSS7.1AI score0.0302EPSS
Exploits0References3
CERT
CERT
•added 2006/10/24 12:0 a.m.•35 views

Oracle SYS.DBMS_CDC_IMPDP package vulnerable to PL/SQL injection

Overview The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle SYS.DBMSCDCIMPDP package is vulnerable to PL/SQL injection...

9CVSS7AI score0.02777EPSS
Exploits0References4
CERT
CERT
•added 2006/10/24 12:0 a.m.•31 views

Integer overflow vulnerability in Asterisk driver for Cisco SCCP-enabled phones

Overview Asterisk contains an integer overflow vulnerability. This vulnerability may allow an attacker to run arbitrary code. Description Asterisk is an open-source PBX software package that provides voicemail, three-way calling, and other features. Skinny Client Control Protocol SCCP is a...

7.5CVSS7.2AI score0.84962EPSS
Exploits1References9
CERT
CERT
•added 2006/10/20 12:0 a.m.•30 views

IBM Lotus Notes sets insecure default permissions on program data

Overview IBM Lotus Notes sets insecure default permissions on the Notes directory. This vulnerability may allow a local attacker to gain unintended access to Lotus Notes program data. Description IBM Lotus Notes installs numerous program files and program data in a special directory known as the...

4.6CVSS6AI score0.00423EPSS
Exploits0References3
CERT
CERT
•added 2006/10/19 12:0 a.m.•27 views

Oracle ENABLE_HIERARCHY_INTERNAL procedure vulnerable to PL/SQL injection

Overview The Oracle ENABLEHIERARCHYINTERNAL procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle ENABLEHIERARCHYINTERNAL procedure fails to proper...

9CVSS7.3AI score0.04459EPSS
Exploits0References5
CERT
CERT
•added 2006/10/19 12:0 a.m.•16 views

Oracle PREPARE_UNBOUNDED_VIEW procedure vulnerable to PL/SQL injection

Overview The Oracle PREPAREUNBOUNDEDVIEW procedure is vulnerable to PL/SQL injection. This vulnerability may allow a remote, authenticated attacker to execute arbitrary PL/SQL commands on a vulnerable Oracle installation. Description The Oracle PREPAREUNBOUNDEDVIEW procedure fails to properly...

8AI score
Exploits0References4
CERT
CERT
•added 2006/10/17 12:0 a.m.•28 views

NVIDIA Display Driver for Unix systems vulnerable to buffer overflow

Overview A vulnerability in the NVIDIA Display Driver for Unix systems may allow a remote attacker to execute code on a vulnerable system. Description The NVIDIA Display Driver for Unix systems provides access to the display adapter's accelerated features on supported systems, and includes a modu...

7.5CVSS7.5AI score0.26046EPSS
Exploits1References3
CERT
CERT
•added 2006/10/13 12:0 a.m.•32 views

Cisco products contain hard-coded SNMP values

Overview Certain versions of the Cisco IOS software have a hard-coded SNMP read-write community string that cannot be changed by an administrator. Description Some versions of the Cisco IOS have a hardcoded SNMP read-write community string. This community string is designed to ensure that...

10CVSS8.5AI score0.05668EPSS
Exploits0References2
CERT
CERT
•added 2006/10/12 12:0 a.m.•29 views

Microsoft XML Core Services contain a buffer overflow in the XSLT component

Overview The XSLT component of the Microsoft XML Core Services contains a buffer overflow. An attacker may be able to use this vulnerability to execute arbitrary code on a vulnerable system. Description Microsoft XML Core Services MSXML allow developers who use JScript, Visual Basic Scripting...

7.5CVSS7.3AI score0.28949EPSS
Exploits0References4
CERT
CERT
•added 2006/10/12 12:0 a.m.•37 views

Wireshark contains an unspecified vulnerability in the DHCP dissector

Overview Wireshark contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. Description Wireshark for Microsoft Windows contains a vulnerability in the DHCP dissector that may cause a denial-of-service condition. This vulnerability may be exploited when the...

5CVSS7.2AI score0.04132EPSS
Exploits0References9
CERT
CERT
•added 2006/10/12 12:0 a.m.•33 views

Microsoft Word vulnerable to remote code execution

Overview A remote code execution vulnerability in Microsoft Word can allow a remote attacker to execute arbitrary code via a specially crafted mail merge file. Description Microsoft Word contains a remote code execution vulnerability that can be exploited when a specially crafted mail merge file ...

9.3CVSS7.2AI score0.30926EPSS
Exploits0References1
CERT
CERT
•added 2006/10/11 12:0 a.m.•30 views

Trend Micro OfficeScan Management Console ActiveX control format string vulnerability

Overview The Trend Micro OfficeScan Management Console ActiveX control, AtxConsole, contains a format string vulnerability. This vulnerability may be exploited by an attacker to execute arbitrary code, or create a denial-of-service condition. Description Trend Micro's OfficeScan product includes ...

5.1CVSS6.6AI score0.06264EPSS
Exploits0References5
CERT
CERT
•added 2006/10/11 12:0 a.m.•38 views

Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations

Overview The Microsoft XML Core Services XMLHTTP ActiveX control fails to properly interpret certain HTTP operations. An attacker who exploits this vulnerability may be able to read cookies or view other sensitive data from a vulnerable system. Description Microsoft XML Core Services MSXML allow...

2.6CVSS5.5AI score0.19696EPSS
Exploits0References3
CERT
CERT
•added 2006/10/11 12:0 a.m.•39 views

Microsoft Office fails to properly parse malformed records

Overview A vulnerability in the way Microsoft Office parses files containing malformed records may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when Office attempts to parse specially crafted records. According to Microsoft...

9.3CVSS7AI score0.32242EPSS
Exploits0References1
CERT
CERT
•added 2006/10/11 12:0 a.m.•33 views

Microsoft Office fails to properly parse malformed chart records

Overview A vulnerability in the way Microsoft Office parses files containing malformed chart records may lead to execution of arbitrary code. Description Microsoft Office fails to properly handle malformed chart records. According to Microsoft Security Bulletin MS06-062:When Office opens a...

9.3CVSS7AI score0.36791EPSS
Exploits0References1
CERT
CERT
•added 2006/10/11 12:0 a.m.•30 views

Microsoft Server Service fails to properly handle network messages

Overview A vulnerability in the way Microsoft Server Service handles network messages may lead to execution of arbitrary code. Description Microsoft Server Service provides support for Remote Proceedure Call RPC, resource sharing, and named pipe communication over the network. Microsoft Server...

9CVSS7.3AI score0.43485EPSS
Exploits0References1
CERT
CERT
•added 2006/10/11 12:0 a.m.•35 views

Microsoft Office fails to properly parse malformed strings

Overview A vulnerability in the way Microsoft Office parses files with malformed strings may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted strings. According to Microsoft Security Bulletin...

9.3CVSS6.9AI score0.29568EPSS
Exploits0References1
CERT
CERT
•added 2006/10/11 12:0 a.m.•30 views

Microsoft Office fails to properly parse malformed Smart Tags

Overview A vulnerability in the way Microsoft Office parses files containing malformed Smart Tags may lead to execution of arbitrary code. Description Microsoft Office contains a vulnerability that could be exploited when parsing specially crafted Smart Tags. According to Microsoft Security...

5.1CVSS7.2AI score0.23619EPSS
Exploits0References1
CERT
CERT
•added 2006/10/10 12:0 a.m.•42 views

Microsoft PowerPoint fails to properly handle malformed object pointers

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed object pointers, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoi...

9.3CVSS6.8AI score0.3634EPSS
Exploits0References3
CERT
CERT
•added 2006/10/10 12:0 a.m.•32 views

Microsoft Excel fails to properly process malformed DATETIME records

Overview Microsoft Excel contains a vulnerability in the handling of malformed DATETIME records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

5.1CVSS6.8AI score0.12212EPSS
Exploits0References3
CERT
CERT
•added 2006/10/10 12:0 a.m.•32 views

Microsoft Excel fails to properly process malformed STYLE records

Overview Microsoft Excel contains a vulnerability in the handling of malformed STYLE records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

7.5CVSS6.9AI score0.2832EPSS
Exploits1References4
CERT
CERT
•added 2006/10/10 12:0 a.m.•24 views

Microsoft PowerPoint malformed record memory corruption

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint opens...

9.3CVSS6.8AI score0.12509EPSS
Exploits0References4
CERT
CERT
•added 2006/10/10 12:0 a.m.•46 views

Microsoft Object Packager fails to properly display file types

Overview The Microsoft Object Packager fails to properly display the file types. This vulnerability may allow a remote, unauthenticated attacker execute arbitrary code on a vulnerable system. Description According to Microsoft: Object Packager is a tool you can use to create a package that you ca...

5.1CVSS7AI score0.27697EPSS
Exploits0References2
CERT
CERT
•added 2006/10/10 12:0 a.m.•29 views

Microsoft Excel fails to properly process malformed COLINFO records

Overview Microsoft Excel contains a vulnerability in the handling of malformed COLINFO records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains a vulnerability that could be exploited when Excel opens a...

5.1CVSS6.8AI score0.09321EPSS
Exploits0References3
CERT
CERT
•added 2006/10/10 12:0 a.m.•36 views

Microsoft Excel fails to properly handle Lotus 1-2-3 files

Overview Microsoft Excel contains a vulnerability in the handling of malformed Lotus 1-2-3 files, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Excel contains an unspecified vulnerability that could be exploited when Exc...

5.1CVSS6.9AI score0.09321EPSS
Exploits0References2
CERT
CERT
•added 2006/10/10 12:0 a.m.•37 views

Microsoft .NET Framework contains a cross-site scripting vulnerability

Overview The Microsoft .NET Framework contains a cross-site scripting vulnerability that may allow an attacker to read or modify data in web pages and cookies. Description The Microsoft .NET Framework is a managed code programming model for Microsoft Windows operating systems. Microsoft ASP.NET i...

4.3CVSS5.4AI score0.37766EPSS
Exploits0References2
CERT
CERT
•added 2006/10/10 12:0 a.m.•35 views

Microsoft PowerPoint fails to properly handle malformed data records

Overview Microsoft PowerPoint contains a vulnerability in the handling of malformed data records, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint contains a vulnerability that could be exploited when PowerPoint...

9.3CVSS6.8AI score0.11423EPSS
Exploits4References2
CERT
CERT
•added 2006/10/10 12:0 a.m.•26 views

Symantec products fail to properly limit device driver access to kernel memory

Overview Certain device drivers included with Symantec products fail to properly verify address space within the "IOCTL" handlers. Description Symantec provides Anti-Virus and Internet Security products that are designed to protect users. According to Symantec Security Response SYM06-020:A...

4.6CVSS6.8AI score0.01704EPSS
Exploits1References2
Total number of security vulnerabilities3704