13538 matches found
InterNetNews Control Message Handling Buffer Overflow - Ver2 (CVE-2004-0045)
The InterNetNews package INN is a complete Usenet system. It includes innd, an NNTP server, and nnrpd, a newsreading server. A vulnerability exists in the NNTP server component of InterNetNews INN, which can be exploited to compromise a vulnerable system. The vulnerability is caused due to a...
NAS4Free exec.php Arbitrary Remote Code Execution (CVE-2013-3631)
A code execution vulnerability has been reported in NAS4Free. The vulnerability is due to "Advanced | Execute Command" feature that allows remote authenticated users to execute arbitrary PHP code via a request to exec.php. A remote unauthenticated attacker can exploit this vulnerability by execut...
Apache Struts ParametersInterceptor ClassLoader Security Bypass (CVE-2014-0094; CVE-2014-0112; CVE-2014-0113; CVE-2014-0114)
A security bypass vulnerability exists in Apache Struts. The vulnerability is due to inadequate validation of data processed by ParametersInterceptor allowing for manipulation of the ClassLoader. A remote attacker could exploit this vulnerability by providing a class parameter in a request...
IBM Forms Viewer XFDL Form Processing Stack Buffer Overflow - Ver2 (CVE-2013-5447)
A buffer overflow vulnerability has been reported in IBM Forms Viewer. The vulnerability is due to an error when processing XFDL forms and can be exploited to cause a stack-based buffer overflow. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code...
HP Managed printing Administration jobAcct Remote Command Execution - Ver2 (CVE-2011-4166)
A command execution vulnerability has been reported in Hp Managed Printing Administration. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
RealNetworks RealPlayer RMP File Stack Buffer Overflow (CVE-2013-6877)
A stack buffer overflow exists in RealNetworks RealPlayer. Successful exploitation could result in arbitrary code execution in the context of the currently logged in user. The vulnerability is due to an error when parsing the version and encoding attributes of the XML declaration statement. An...
phpBB viewtopic.php URL Decoding Code Execution - ver 2 (CVE-2004-1315)
A code injection and execution vulnerability has been reported in phpBB. The vulnerability is due to lack of input validation on the highlight parameter supplied to viewtopic.php. A remote attacker can exploit this issue by injecting malicious SQL code to the target server. Successful exploitatio...
System V TTYPROMPT Buffer Overflow - Ver2 (CVE-2001-0797)
A buffer overflow vulnerability has been reported in various System V based operating systems. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Microsoft .NET Framework Array Access Violation (MS13-052; CVE-2013-3131; CVE-2013-3134)
A remote code execution vulnerability exists in the way the .NET Framework handles multidimensional arrays of small structures. The vulnerability is caused when the .NET Framework improperly handles multidimensional arrays of small structures. An attacker who successfully exploited this...
Microsoft RPC Services Path Canonicalization Remote Code Execution (CVE-2008-4250)
A remote code execution vulnerability has been reported in applications based on the SMB protocol...
Internet Explorer deleted html object Use After Free (MS13-047; CVE-2013-3111)
A use after free vulnerability has been reported in Internet Explorer...
Microsoft .NET XML Digital Signature Spoofing (MS13-040; CVE-2013-1336)
A spoofing vulnerability has been reported when the Microsoft .NET Framework fails to properly validate the signature of specially crafted XML files. Successful exploitation would allow an attacker to modify the contents of an XML file without invalidating the signature associated with the file...
EMC AlphaStor Device Manager Buffer Overflow - High Confidence (CVE-2013-0930)
A stack-based buffer overflow vulnerability has been reported in EMC AlphaStor Device Manager. The vulnerability is due to a lack of boundary checking when processing certain opcode messages in rrobotd.exe. Unauthenticated attackers can exploit this vulnerability to execute arbitrary code in the...
Internet Explorer Shift JIS Character Encoding (MS13-009; CVE-2013-0015)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
EMC AutoStart ftAgent.exe Multiple Integer Overflow Vulnerabilities (CVE-2012-0409)
Multiple buffer overflow vulnerabilities have been reported in EMC AutoStart...
EMC NetWorker nsrd Format String Remote Code Execution (CVE-2012-2288)
A remote code execution vulnerability has been reported in EMC NetWorker...
Adobe Flex SDK Flex-Generated SWF File Cross-Site Scripting (APSB11-25; CVE-2011-2461)
A Cross-site scripting vulnerability has been reported in Adobe Flex SDK. The vulnerability is due to an error in the way Flex-generated SWF files accept arguments. A remote attacker could exploit this vulnerability by enticing a user to open a web page containing an embedded malformed SWF file...
Novell iPrint Client GetDriverSettings Stack Buffer Overflow (CVE-2011-3173)
Novell iPrint Client is an application that allows users to install and manage printers, or submit print job from a web browser. Novell iPrint Client is bundled with a set of ActiveX controls that implement various functions. A stack buffer overflow exists in Novell iPrint Client. The vulnerabili...
Microsoft MPEG Layer-3 Codecs Memory Corruption (MS10-052; CVE-2010-1882)
Microsoft DirectShow is used for streaming media on Microsoft Windows operating systems. A remote code execution vulnerability has been reported in the Microsoft DirectShow MP3 filter. The vulnerability is within the MPEG Layer-3 Audio Codec for Microsoft DirectShow l3codecx.ax. The Microsoft MPE...
ClamAV UPX File Handling Heap Overflow (CVE-2006-4018)
ClamAV AntiVirus is an open source product that provides anti-virus scanning utilities and an anti-virus library. The product is capable of decoding several archive formats in order to scan their internal items for viruses. One of such archive formats is the UPX Ultimate Packer for eXecutables fi...
Symantec Backup Exec System Recovery Manager Unauthorized File Upload (CVE-2008-0457)
Symantec Backup Exec System Recovery Manager is a complete, disk-based system recovery solution for Microsoft Windows based servers, desktops, and laptops that allows businesses to recover from system loss or disasters. A file upload vulnerability exists in the Symantec Backup Exec System Recover...
RSA Authentication Agent for Web Buffer Overflow (CVE-2005-1471)
The RSA Authentication Agent for Web for Internet Information Services IIS provides protection for selected web pages by securing them with the RSA SecurID authentication mechanism. When a user attempts to access a resource that is secured with the RSA SecurID, the RSA Agent authenticates the use...
BitDefender Online Scanner ActiveX Control Buffer Overflow (CVE-2007-5775)
BitDefender is an antivirus software suite developed by SOFTWIN. BitDefender website offers a free online antivirus scanner. The BitDefender online scanner installation on a Windows system includes an ActiveX control. There exists a buffer overflow vulnerability in BitDefender Online Scanner. Thi...
Unisys Business Information Server Stack Buffer Overflow (CVE-2009-1628)
The Unisys Business Information Server is a business information management solution that provides data access, analysis and reporting in an open, enterprise-wide computing environment. Business Information Server transforms corporate data into information that is made available throughout the...
Borland StarTeam Multicast Service HTTP Handling Buffer Overflow (CVE-2008-0311)
StarTeam is a revision control and SCM software system, originally produced by Starbase Corporation, and acquired by Borland in 2003. The system is backed by a relational database, that retains all changes made to a project during its evolution. Borland StarTeam can be installed as a component of...
IBM Access Support ActiveX GetXMLValue Method Buffer Overflow (CVE-2009-0215)
IBM Access Support is part of a suite of several tools used by IBM to provide support to its customers having IBM/Lenovo Laptops and Desktop systems. This product is used by the vendor to remotely examine the product and collect information in order to address any problems or distribute updates. ...
Ipswitch IMail Server SMTP Service Buffer Overflow (CVE-2006-4379)
The Ipswitch IMail Server is a mail server product geared towards medium to large size organizations. It contains implementations of POP3, IMAP4, and SMTP servers. The SMTP server module is installed and started in a default installation. There exists a vulnerability in the SMTP module of the...
Preemptive Protection against Apple QuickTime PICT Image paintPoly Parsing Heap Buffer Overflow
A buffer overflow vulnerability was reported in Apple QuickTime, a multimedia player that supports a wide range of media formats. Apple QuickTime fails to process crafted PICT images. Remote attackers may exploit this vulnerability by persuading a target user to open a specially crafted PICT file...
Microsoft Excel TXO and OBJ Records Parsing Memory Corruption (MS08-074; CVE-2008-4265; CVE-2009-0100)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the Microsoft Excel. The vulnerability is due to a memory corruption error in Microsoft Excel when loading Excel records. An attacker can exploit this flaw to execute arbitrary code ...
Update IPS-1 with a Protection against Apple QuickTime and Apple QuickDraw Vulnerabilities
Several vulnerabilities have been identified within various versions of Apple QuickTime and Apple QuickDraw that, if exploited, would allow a remote attacker to execute arbitrary code on a vulnerable system...
Update Protection against Microsoft Internet Explorer FTP Responses Remote Code Execution Vulnerability (MS07-016)
A remote code execution vulnerability has been reported in the way Microsoft Internet Explorer IE processes certain responses from FTP servers. The File Transfer Protocol FTP is used to connect computers over the Internet enabling file transferring between their users. An attacker can exploit the...
Internet Explorer VML Rect Fill Method Buffer Overflow (MS06-055; CVE-2006-4868)
Microsoft Internet Explorer is the most widely used Internet browser. Microsoft Internet Explorer fails to handle Vector Markup Language VML tags. VML is a set of XML tags for drawing vector graphics. A remote attacker may trigger this vulnerability to execute arbitrary code on the target system...
SSL - General Settings (CVE-2003-0719; CVE-2004-0826)
SSL Protections use a SSL protocol parser which uses a default port of TCP/443, but this port can be reconfigured...
TOTOLINK X5000R Command Injection (CVE-2022-26213)
A command injection vulnerability exists in TOTOLINK X5000R. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WaimairenCMS Remote Code Execution (CVE-2022-30450)
A remote code execution vulnerability exists in WaimairenCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
O2OA Remote Code Execution (CVE-2022-22916)
A remote code execution vulnerability exists in O2OA. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Delta Industrial Automation DIAEnergie SQL Injection (CVE-2022-1378)
An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to an input validation error...
D-Link Central WiFiManager CWM-100 SQL Injection (CVE-2019-13373)
An SQL injection vulnerability exists in D-Link Central WiFiManager CWM-100. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Microsoft Windows Scripting Languages Remote Code Execution (CVE-2022-41118)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Feehi CMS Remote Code Execution (CVE-2020-21322)
A remote code execution vulnerability exists in Feehi CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Draytek VigorConnect Arbitrary File Upload (CVE-2021-20125)
An arbitrary file upload vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an unauthenticated attacker to upload arbitrary files to the affected system...
Draytek VigorConnect Directory Traversal (CVE-2021-20123)
A directory traversal vulnerability exists in Draytek VigorConnect. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...
Eyoucms Directory Traversal (CVE-2021-39500)
A directory traversal vulnerability exists in Eyoucms. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Microsoft Scripting Engine Memory Corruption (CVE-2021-34480)
A memory corruption vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
ManageEngine ADSelfService Plus Command Injection (CVE-2021-33256)
A command injection vulnerability exists in ManageEngine ADSelfService Plus. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
GoAhead Web Server Authentication Bypass (CVE-2020-15688)
An authentication bypass vulnerability exists in GoAhead Web Server. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...
Teachers Record Management System SQL Injection (CVE-2021-26822)
An SQL injection vulnerability exists in Teachers Record Management System. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla! mod_random_image Cross-Site Scripting (CVE-2020-15696)
A stored cross-site scripting vulnerability exists in Joomla! CMS Core. The vulnerability is due to improper validation of the link parameter in the modrandomimage module...
WordPress Real-Time Find and Replace Plugin Cross-Site Scripting (CVE-2020-13641)
A cross-site scripting vulnerability exists in WordPress Real-Time Find and Replace Plugin. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Elasticsearch Privilege Escalation (CVE-2020-7009)
A privilege escalation vulnerability exists in Elasticsearch. An attacker who is able to generate an API key can perform a series of steps that result in an API key being generated with elevated privileges...