Lucene search
K

3704 matches found

CERT
CERT
added 2006/09/08 12:0 a.m.26 views

IBM Access Support eGatherer ActiveX control buffer overflow

Overview The IBM Access Support eGatherer ActiveX control contains a buffer overflow vulnerability, which may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The IBM Access Support eGatherer ActiveX control has the ability to collect system...

9.3CVSS7.1AI score0.08407EPSS
Exploits10References5
CERT
CERT
added 2006/09/07 12:0 a.m.33 views

Microsoft Word 2000 malformed record vulnerability

Overview Microsoft Word 2000 contains a memory corruption vulnerability. This vulnerability could allow a remote, unauthenticated attacker to execute arbitrary code with the privileges of the user running Word 2000. Description Microsoft Word 2000 fails to properly handle malformed records leadin...

9.3CVSS7.1AI score0.32762EPSS
Exploits0References4
CERT
CERT
added 2006/09/05 12:0 a.m.38 views

BIND vulnerable to an INSIST failure via sending of multiple recursive queries

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

7.7AI score
Exploits0References4
CERT
CERT
added 2006/09/05 12:0 a.m.42 views

BIND vulnerable to an assertion failure when querying for SIG records

Overview A vulnerability in the BIND name server could allow a remote attacker to cause a denial of service against an affected system. Description The Berkeley Internet Name Domain BIND is a popular Domain Name System DNS implementation from Internet Systems Consortium ISC. A flaw exists in the...

7.7AI score
Exploits0References4
CERT
CERT
added 2006/09/01 12:0 a.m.20 views

Retro64 / Miniclip CR64Loader ActiveX control buffer overflow

Overview The Retro64 / Miniclip CR64Loader ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description The CR64Loader Object is an ActiveX control developed by Retro64. The web sites...

7.5CVSS7.4AI score0.04345EPSS
Exploits0References2
CERT
CERT
added 2006/08/24 12:0 a.m.40 views

Barracuda Spam Firewall contains hardcoded default login credentials

Overview Barracuda Spam Firewalls from version 3.3.01.001 to 3.3.02.053 have default login credentials that can not be modified by an administrator. Description Barracuda Spam Firewall appliances provide ingress and egress spam filtering for local area networks. An administrator will typically lo...

7.2CVSS6.4AI score0.00365EPSS
Exploits0References2
CERT
CERT
added 2006/08/24 12:0 a.m.32 views

VMware ESX Server management interface logs passwords in cleartext in a world-readable file

Overview Certain versions of VMware ESX Server store passwords in a cleartext file that all users have read permissions to. Description Per the VMware ESX Server datasheet:ESX Server installs directly on the server hardware, or “bare metal,” and inserts a robust virtualization layer between the...

2.1CVSS6AI score0.00466EPSS
Exploits0References3
CERT
CERT
added 2006/08/23 12:0 a.m.25 views

HP OpenView Storage Data Protector may allow an attacker to execute arbitrary commands

Overview A vulnerability in HP OpenView Storage Data Protector may allow an attacker to issue arbitrary commands on an affected system. Description HP OpenviewHP Openview is a range of products, distributed and developed by Hewlett Packard, that are used for enterprise system and network...

7.5CVSS7.1AI score0.09584EPSS
Exploits0References5
CERT
CERT
added 2006/08/22 12:0 a.m.41 views

Microsoft Internet Explorer long URL buffer overflow

Overview Microsoft Internet Explorer is vulnerable to a buffer overflow when processing a long URL on a web site that uses HTTP 1.1 compression. This could allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer 6 Service...

7.5CVSS7.2AI score0.41087EPSS
Exploits0References7
CERT
CERT
added 2006/08/21 12:0 a.m.42 views

Xsan Filesystem fails to properly process path names

Overview A buffer overflow vulnerability in Apple's Xsan product may allow a local attacker to run arbitrary code with root privileges or create a denial-of-service condition. Description Xsan FilesystemXsan is a Storage Area Network SAN filesystem designed for use by Apple OS X and OS X Server...

4.6CVSS7.3AI score0.00489EPSS
Exploits0References2
CERT
CERT
added 2006/08/21 12:0 a.m.29 views

Symantec Veritas Backup Exec for Windows Server vulnerable to heap-based buffer overflow

Overview Symantec Veritas Backup Exec for Windows Server contains multiple heap-based buffer overflow vulnerabilities which can allow a remote, authenticated attacker to cause a denial of service or execute arbitrary code. Description VERITAS Backup Exec for Windows Server is a data backup and...

6.5CVSS8.4AI score0.05691EPSS
Exploits0References4
CERT
CERT
added 2006/08/21 12:0 a.m.40 views

BlackBerry Enterprise Server fails to properly handle Microsoft Word attachments

Overview A buffer overflow vulnerability in BlackBerry Enterprise Server may allow a remote attacker to execute arbitrary code. Description A buffer overflow vulnerability exists in the BlackBerry Attachment Service component of BlackBerry Enterprise Server. This vulnerability may allow a remote...

5.1CVSS7.3AI score0.02724EPSS
Exploits0References2
CERT
CERT
added 2006/08/18 12:0 a.m.11 views

Drivers for the Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability

Overview Microsoft Windows drivers for Intel 2100 PRO/Wireless Network Connection Hardware contain a memory corruption vulnerability. This vulnerability may allow an attacker to execute arbitrary code on a vulnerable system. Description Intel 2100 PRO/Wireless Network Connection Hardware The Inte...

7.4AI score
Exploits0References1
CERT
CERT
added 2006/08/16 12:0 a.m.34 views

X.Org server fails to properly test for effective user ID

Overview A vulnerability in the X.Org server could allow a local attacker to gain administrative privileges or cause a denial of service on an affected system. Description The X.Org server program provides several command-line options that are meant to be parsed only when the program is running a...

7.2CVSS6.9AI score0.01099EPSS
Exploits4References10
CERT
CERT
added 2006/08/15 12:0 a.m.70 views

MIT Kerberos (krb5) ftpd and ksu do not properly validate seteuid() calls

Overview Privilege escalation vulnerabilities in MIT krb5 ftpd and ksu may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 ftpd and ksu programs contain multiple privilege escalation vulnerabilities. These vulnerabilities are dependent on the host operating...

9.4AI score
Exploits0References1
CERT
CERT
added 2006/08/15 12:0 a.m.24 views

McAfee Subscription Manager ActiveX control vulnerable to stack buffer overflow

Overview The McAfee Subscription Manager ActiveX control contains a buffer overflow, which may allow a remote, unauthenticated attacker to execute arbitrary code. Description ActiveXActiveX is a technology that allows programmers to create reusable software components that can be incorporated int...

6.8CVSS6.9AI score0.33824EPSS
Exploits7References6
CERT
CERT
added 2006/08/11 12:0 a.m.25 views

Ruby on Rails fails to properly verify input passed via the URL

Overview Ruby on Rails fails to properly validate input. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Ruby on Rails is a web application programming framework. Ruby on Rails 1.1.4 and earlier contain a vulnerability in the processing of user input...

7.5CVSS6.9AI score0.03063EPSS
Exploits0References4
CERT
CERT
added 2006/08/10 12:0 a.m.38 views

Sun ONE and Sun Java System Applications vulnerable to cross-site scripting via default error page

Overview A cross-site scripting vulnerability in Sun ONE and Sun Java System Applications may allow an attacker to read or modify data in web pages and cookies. Description From Sun Alert Notification 102164: A Cross Site Scripting XSS vulnerability in various releases of the Sun Java System Web...

6.8CVSS5.2AI score0.03398EPSS
Exploits0References6
CERT
CERT
added 2006/08/10 12:0 a.m.57 views

Microsoft Windows Kernel vulnerable to privilege escalation

Overview Microsoft Windows contains a privilege escalation vulnerability that could allow an authenticated, local attacker to gain complete control of the affected system. Description Winlogon is the component of Microsoft Windows responsible for interactive, security related functions. Upon logo...

7.2CVSS6.6AI score0.01659EPSS
Exploits0References2
CERT
CERT
added 2006/08/08 12:0 a.m.29 views

Microsoft Windows kernel fails to properly manage exception handling

Overview An exception handling vulnerability in the Microsoft Windows kernel may allow a remote attacker to execute arbitrary code. Description Microsoft Windows kernel contains an exception handling vulnerability that can allow a remote attacker to execute arbitrary code with privileges of the...

7.6CVSS6.5AI score0.23437EPSS
Exploits0References2
CERT
CERT
added 2006/08/08 12:0 a.m.41 views

MIT Kerberos (krb5) krshd and v4rcp do not properly validate setuid() or seteuid() calls

Overview Privilege escalation vulnerabilities in MIT krb5 krshd and v4rcp may allow an authenticated attacker to execute arbitrary code. Description The MIT krb 5 krshd and v4rcp programs contain multiple privilege escalation vulnerabilities. MIT krb5 Security Advisory 2006-001 states that the...

9.6AI score
Exploits0References3
CERT
CERT
added 2006/08/08 12:0 a.m.26 views

Microsoft PowerPoint fails to properly handle malformed records

Overview Microsoft PowerPoint fails to properly handle malformed records allowing a buffer overflow to occur. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft PowerPoint fails to properly handle malformed records. Specifically,...

7.5CVSS7.8AI score0.42779EPSS
Exploits0References1
CERT
CERT
added 2006/08/08 12:0 a.m.88 views

Microsoft Winsock buffer overflow

Overview A buffer overflow vulnerability in Microsoft Winsock may allow a remote attacker to execute arbitrary code on an affected system. Description Winsock Windows Socket 2 allows network applications to relay data across a network regardless of the network protocol being used. Microsoft's...

10CVSS7.6AI score0.61974EPSS
Exploits0References1
CERT
CERT
added 2006/08/08 12:0 a.m.36 views

Microsoft Management Console cross-site scripting vulnerability

Overview Microsoft Management Console MMC is vulnerable to cross-site scripting, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MMCMMC is an application that allows a user to perform administrative tasks. Through the use of various snap-ins, MMC ca...

6CVSS6.2AI score0.20488EPSS
Exploits0References2
CERT
CERT
added 2006/08/08 12:0 a.m.28 views

Microsoft Hyperlink Object Library buffer overflow

Overview A vulnerability in Microsoft Hyperlink Object Library may allow a remote attacker to execute arbitrary code on an affected system. Description The Hyperlink Object Library is a collection of application programming interfaces that provide functionality for handling hyperlinks. The...

9.3CVSS7.5AI score0.11825EPSS
Exploits0References1
CERT
CERT
added 2006/08/08 12:0 a.m.32 views

Microsoft Visual Basic for Applications buffer overflow

Overview Microsoft Visual Basic for Applications fails to properly validate document properties. This vulnerability could allow a remote attacker to execute arbitrary code. Description Visual Basic For Applications VBA According to Microsoft Security Bulletin MS06-047: Microsoft VBA is a...

5.1CVSS7.3AI score0.1017EPSS
Exploits0References1
CERT
CERT
added 2006/08/08 12:0 a.m.41 views

Microsoft Internet Explorer fails to properly interpret layout positioning

Overview Microsoft Internet Explorer fails to properly handle certain combinations of layout positioning. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the handling of certain combinations of...

7.5CVSS6.9AI score0.41112EPSS
Exploits0References4
CERT
CERT
added 2006/08/08 12:0 a.m.128 views

Microsoft DNS Client buffer overflow

Overview The Microsoft DNS Client service contains a remote code execution vulnerability that could allow a remote attacker to take complete control of the affected system. Description From Microsoft TechNet: The Domain Name System DNS client service resolves and caches DNS names. The DNS client...

10CVSS7.3AI score0.65532EPSS
Exploits0References2
CERT
CERT
added 2006/08/08 12:0 a.m.196 views

Microsoft Windows Server service buffer overflow

Overview A stack-based buffer overflow exists in the Microsoft Server service. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code with SYSTEM privileges. Description Microsoft Server ServiceMS06-040 includes the following information: The Server service...

10CVSS7.4AI score0.85461EPSS
Exploits16References5
CERT
CERT
added 2006/08/08 12:0 a.m.29 views

Microsoft Windows fails to properly parse the MHTML protocol

Overview Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MHTML According to Microsoft Security Bulletin MS06-043: MHTML extends HTML to embed encoded objects, such as images, in the HTML...

2.6CVSS6.8AI score0.47919EPSS
Exploits1References1
CERT
CERT
added 2006/08/08 12:0 a.m.34 views

Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets

Overview Microsoft Internet Explorer fails to properly handle chained Cascading Style Sheets CSS. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description CSS is a mechanism for adding style to web documents. Microsoft Internet Explorer contains a vulnerabili...

7.5CVSS6.9AI score0.41215EPSS
Exploits0References4
CERT
CERT
added 2006/08/08 12:0 a.m.26 views

Microsoft Internet Explorer source element cross-domain vulnerability

Overview Microsoft Internet Explorer fails to properly handle redirects for source elements. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Cross-Domain Security Model IE uses a cross-domain security model to maintain separation between browser...

7.5CVSS6.2AI score0.32358EPSS
Exploits0References2
CERT
CERT
added 2006/08/08 12:0 a.m.36 views

Microsoft Internet Explorer HTML layout rendering vulnerability

Overview Microsoft Internet Explorer fails to properly render certain HTML layout combinations. This can allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer contains a vulnerability in the rendering of certain HTML layout combinations...

5.1CVSS6.9AI score0.43757EPSS
Exploits0References3
CERT
CERT
added 2006/08/07 12:0 a.m.29 views

Intel Centrino wireless network drivers fail to properly handle malformed frames

Overview Microsoft Windows drivers for Intel Centrino wireless adapters fail to properly handle malformed frames. This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary code. Description The Microsoft Windows drivers for Intel Centrino 2200BG and 2915ABG PRO wireless...

5.1CVSS6.8AI score0.04611EPSS
Exploits1References10
CERT
CERT
added 2006/08/04 12:0 a.m.45 views

Apple Mac OS X AFP server vulnerable to DoS via maliciously crafted AFP request

Overview A vulnerability in the Apple Mac OS X AFP server may allow an attacker to cause a denial-of-service condition on an affected system. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to access files remotely from a server. Apple's Mac OS X AFP server contains ...

5CVSS6.1AI score0.02921EPSS
Exploits1References2
CERT
CERT
added 2006/08/04 12:0 a.m.27 views

Apple Mac OS X AFP server vulnerable to an integer overflow when file sharing is enabled

Overview A vulnerability in Apple Mac OS X AFP server may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition on an affected system. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files from a server. Apple's M...

5CVSS7.2AI score0.05244EPSS
Exploits1References2
CERT
CERT
added 2006/08/04 12:0 a.m.36 views

Apple Mac OS X Image RAW vulnerable to buffer overflow via specially crafted Canon RAW image

Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description RAW image files provide access to image information directly from a camera's sensor prior to in-camera processing, retaining the...

5.1CVSS7.6AI score0.03134EPSS
Exploits1References2
CERT
CERT
added 2006/08/03 12:0 a.m.58 views

Apple Mac OS X AFP server stores reconnect keys in a world-readable file

Overview A vulnerability in Apple Mac OS X AFP server may allow an authenticated local user to access files or folders with the credentials of another user. Description The AFP Apple Filing Protocol service allows Apple Mac OS clients to remotely access files from a server. In Apple's Mac OS X...

2.1CVSS5.8AI score0.00912EPSS
Exploits1References2
CERT
CERT
added 2006/08/03 12:0 a.m.47 views

Multiple D-Link routers fail to properly process UPnP M-SEARCH requests

Overview A buffer overflow vulnerability in the software that operates certain models of D-Link routers could allow a remote attacker to execute arbitrary code on the affected device. Description UPnP Universal Plug and Play UPnP is a system that allows network devices to operate together. M-SEAR...

7.5CVSS7.9AI score0.19134EPSS
Exploits0References4
CERT
CERT
added 2006/08/02 12:0 a.m.32 views

Apple Mac OS X Bom vulnerable to memory corruption via specially crafted ZIP file

Overview A memory corruption vulnerability in the Mac OS X Bom could allow a remote attacker to execute arbitrary code on an affected system. Description Apple's Bom is the archive file handler in the Mac OS X operating system. It features the ability to handle file archives in a number of...

5.1CVSS7.3AI score0.03858EPSS
Exploits2References1
CERT
CERT
added 2006/08/02 12:0 a.m.30 views

Apple Mac OS X bootpd vulnerable to stack-based buffer overflow

Overview A buffer overflow vulnerability in the Apple Mac OS X bootp daemon may allow an attacker to execute arbitrary code on an affected system. Description bootpd The bootp daemon bootpd is used to send clients network and IP address configuration settings. It can also work in combination with...

10CVSS7.5AI score0.07078EPSS
Exploits1References3
CERT
CERT
added 2006/08/02 12:0 a.m.28 views

Apple Mac OS X ImageIO vulnerable to integer overflow via specially crafted Radiance image

Overview The Apple Mac OS X ImageIO framework contains an integer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to process...

5.1CVSS7.5AI score0.02636EPSS
Exploits1References2
CERT
CERT
added 2006/08/02 12:0 a.m.33 views

Apple Mac OS X ImageIO vulnerable to integer overflow via specially crafted GIF image

Overview The Apple Mac OS X ImageIO framework contains a buffer overflow that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to process...

5.1CVSS7.7AI score0.02636EPSS
Exploits1References2
CERT
CERT
added 2006/08/02 12:0 a.m.30 views

Apple Mac OS X WebKit may allow code execution when visiting a malicious website

Overview A vulnerability in Apple Mac OS X WebKit may allow an attacker to execute arbitrary code on an affected system. Description WebKit From the OpenDarwin WebKit project description, WebKit is an open source web browser engine. WebKit is also the name of the Mac OS X system framework version...

7.5CVSS6.8AI score0.04059EPSS
Exploits1References2
CERT
CERT
added 2006/08/02 12:0 a.m.26 views

Apple Mac OS X ImageIO contains undetected memory failure in GIF image handling

Overview The Apple Mac OS X ImageIO framework contains a memory allocation flaw that may allow a remote attacker to execute arbitrary code on an affected system. Description Apple's ImageIO is an image processing framework that was introduced in Mac OS X 10.4 Tiger. It includes the ability to...

5.1CVSS7.1AI score0.02636EPSS
Exploits1References2
CERT
CERT
added 2006/08/01 12:0 a.m.38 views

eIQnetworks Enterprise Security Analyzer Syslog server buffer overflow

Overview The eIQnetworks Enterprise Security Analyzer Syslog server contains a buffer overflow vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description Enterprise Security Analyzer eIQnetworks Enterprise Security Analyzer ESA...

10CVSS7.4AI score0.73149EPSS
Exploits8References10
CERT
CERT
added 2006/08/01 12:0 a.m.34 views

Mozilla Firefox fails to properly handle the "XPCNativeWrapper(window).Function(...)"

Overview Certain Mozilla products contain a cross-site scripting vulnerability because of a vulnerability in the XPCNativeWrapper function. Description XPCNativeWrapper Per Mozilla, XPCNativeWrapper is a way to wrap up an object so that it is safe to access from privileged code. It is used to all...

6.8CVSS5.9AI score0.03314EPSS
Exploits0References5
CERT
CERT
added 2006/07/31 12:0 a.m.25 views

Mozilla Firefox may allow chrome URLs to reference remote files

Overview Mozilla products allow chrome URLs to reference remote files. This allows a remote attacker to execute code. Description Chrome The Mozilla user interface components outside of the content area are created using chrome. This includes toolbars, menu bars, progress bars, and window title...

2.6CVSS6AI score0.03093EPSS
Exploits0References8
CERT
CERT
added 2006/07/28 12:0 a.m.54 views

Apache mod_rewrite contains off-by-one error in ldap scheme handling

Overview A vulnerability in a common Apache HTTP server module, modrewrite, could allow a remote attacker to execute arbitrary code on an affected web server. Description The Apache HTTP server distribution includes a number of supplemental modules that provide additional functionality to the web...

7.6CVSS9.4AI score0.96436EPSS
Exploits20References14
CERT
CERT
added 2006/07/27 12:0 a.m.35 views

Mozilla fails to properly handle simultaneous XPCOM events

Overview Mozilla products are vulnerable to memory corruption via simultaneous XPCOM events. This may allow a remote attacker to execute arbitrary code on a vulnerable system. Description XPCOMXPCOM is a cross-platform component object model similar to Microsoft COM or CORBA. XPCOM provides the...

7.5CVSS6.9AI score0.06305EPSS
Exploits0References8
Total number of security vulnerabilities3704