13538 matches found
Oracle Endeca Server createDataStore Remote Command Execution - Ver2 (CVE-2013-3763)
A command execution vulnerability exists in Oracle Endeca Server. The vulnerability is due to the controlSoapBinding web service exposing the createDataStore method which contains a flaw that allows for the injection of arbitrary commands. A remote, unauthenticated attacker could exploit this...
Ca eTrust PestPatrol Antispyware ActiveX Buffer Overflow106 - Ver2 (CVE-2009-4225)
A buffer overflow vulnerability has been reported in Ca Etrust Pestpatrole Ppctl.dll Activex and Computer Associates eTrust PestPatrol. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
FreePBX Framework Asterisk Recording Interface unserialize Code Execution (CVE-2014-7235)
A code execution vulnerability exists in FreePBX. The vulnerability is due to an input validation issue in the index.php file of the recordings directory...
SlimFTPd LIST Command Buffer Overflow (CVE-2005-2373)
A buffer overflow vulnerability exists in SlimFTPd server. The vulnerability is due to insufficient bounds verification on certain FTP service commands. A remote unauthenticated attacker can exploit this vulnerability by sending a specially crafted FTP LIST service command to the target server...
Joomla Component com_projectfork Local File Inclusion (CVE-2009-2100)
A file inclusion vulnerability has been reported in Joomlapraise Com Projectfork. Successful exploitation of this vulnerability would allow a remote attacker to list directories on the affected system...
Oracle Database Server Insecure User Input Stack Buffer Overflow (CVE-2013-3751)
A stack buffer overflow vulnerability has been reported in Oracle Database Server. The vulnerability is due to insufficient validation of user supplied input when parsing XML document data in a SQL/XML query. A remote, authenticated attacker could exploit this vulnerability by sending a malicious...
HP Universal CMDB Default Credentials Arbitrary File Upload (CVE-2014-2617)
A code execution vulnerability exists in HP Universal CMDB. The vulnerability is due to the use of hard-coded credentials when processing HTTP requests. A remote attacker can upload arbitrary files to arbitrary locations using the default credentials...
McAfee ePolicy Orchestrator Remote Code Execution (CVE-2013-0140; CVE-2013-0141)
A remote code execution vulnerability has been reported in McAfee ePolicy Orchestrator ePO. The vulnerability is due to an error in the ePO server that fails to properly sanitize user supplied data. A remote attacker can exploit this weakness to execute arbitrary code via a specially crafted http...
PoPToP PPTP Negative Read Overflow Buffer Overflow - Ver2 (CVE-2003-0213)
A buffer overflow vulnerability has been reported in Poptop Pptp Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
Adobe Flash Player for Linux ActionScript ASnative Command Execution - Ver2 (CVE-2008-5499)
A command execution vulnerability has been reported in Adobe Flash Player. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
EMC CMCNE FileUploadController Information Disclosure (CVE-2014-2276)
An information disclosure vulnerability has been reported in EMC Connectrix Manager Converged Network Edition. The vulnerability is due to insufficient input validation in the FileUploadController servlet when processing certain HTTP requests. A remote unauthenticated attacker can exploit this...
Microsoft XML Core Services DTD Cross-Domain Scripting (MS08-069) - Ver2 (CVE-2008-4029)
MSXML is an application for processing Extensible Stylesheet Language Transformation in an XML file that allows programmers to create high-performance XML-based applications. An information disclosure vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due t...
VMware vCenter Chargeback Manager ImageUploadServlet Arbitrary File Upload (CVE-2013-3520)
An Arbitrary File Upload vulnerability has been reported in VMware vCenter Chargeback Manager...
ScadaTEC ScadaPhone and ModbusTagServer SCADA Remote Code Execution (CVE-2011-4535)
A stack buffer overflow vulnerability has been reported in ScadaTEC ScadaPhone and ModbusTagServer...
Irfanview JPEG2000 jp2 Stack Buffer Overflow (CVE-2012-0897)
A buffer overflow vulnerability has been reported in Irfanview JPEG2000 v4.3.2.0 jp2 QCD parsing...
Plixer Scrutinizer NetFlow and sFlow Analyzer HTTP Authentication Bypass (CVE-2012-2626)
An authentication bypass vulnerability has been reported in Plixer Scrutinizer NetFlow and sFlow Analyzer...
Ruby on Rails JSON Processor YAML Deserialization Code Execution (CVE-2013-0333)
A code execution vulnerability has been reported in Ruby on Rails. The vulnerability is due to an input validation error when JSON Processor deserializes YAML. A remote unauthenticated attacker can exploit this vulnerability to execute arbitrary code within the context of the underlying web serve...
Microsoft ASP.NET PKCS Padding Information Disclosure (MS10-070; CVE-2010-3332)
An information disclosure vulnerability has been reported in ASP.NET. This vulnerability is caused by ASP.NET providing web clients details in error messages when decrypting certain ciphertext. Successful exploitation of this vulnerability could allow the attacker to read and tamper with data. If...
Novell ZENworks Configuration Management PreBoot Opcode Buffer Overflow (CVE-2011-3176)
A stack buffer overflow vulnerability has been reported in Novell ZENworks Configuration Management...
Microsoft Windows Assembly Execution Vulnerability (MS12-005; CVE-2012-0013)
A remote code execution vulnerability has been reported in Microsoft Windows Packager...
Microsoft Office Web Components Arbitrary Code Execution (CVE-2009-1136)
A code execution vulnerability has been reported in Microsoft office web components. The vulnerability is due to insecure design of certain methods within ActiveX controls. A remote attacker may exploit this vulnerability by enticing a target user to open a malicious web-page. Successful...
CA Total Defense Suite UNCWS Multiple Report Stored Procedure SQL Injections (CVE-2011-1653)
CA Total Defense combines CA Anti-Virus, CA Anti-Spyware, CA Gateway Security and CA Host-Based Intrusion Prevention System. The unified network control UNC offers network access protection by validating endpoints requesting network access. Multiple SQL Injection vulnerabilities have been reporte...
Nullsoft Winamp MIDI Timestamp Stack Buffer Overflow (CVE-2010-4370)
Winamp is a popular multimedia player, produced by Nullsoft, which is capable of playing many formats of audio and video files. Winamp can play CD tracks, MP3 music files or MPEG video files, as well as numerous other formats. Among the audio files supported by Winamp are MIDI files and MUS files...
Novell iManager Tree Name Denial of Service (CVE-2010-1930)
Novell iManager is a web-based administration console that provides management of many other Novell products. The iManager service itself is a Java web application running on top of the Tomcat application container. A denial of service vulnerability exists in Novell iManager. The vulnerability is...
Internet Explorer HTML Tag Memory Corruption (MS06-013; CVE-2006-1188)
Microsoft Internet Explorer IE is the most widely used web browser application today. The browser is capable of processing HTML, scripting languages, and interpretation of various other popular Internet specifications. There are numerous versions of the HTML standard that are interpreted by the...
Oracle Database Server DBMS_EXPORT_EXTENSION Package Privilege Escalation (CVE-2006-2081)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects are provided in order to better manage the data. The included stored procedures and functions, or subprograms,...
Macromedia JRun 4 mod_jrun Buffer Overflow (CVE-2004-0646)
Macromedia JRun is an application server used to deploy J2EE Java 2 Enterprise Edition applications, JSPs Java Server Pages, and other Java applications. It can be used as a stand-alone web server or can be accessed through other web servers including Apache. Apache can communicate with the JRun...
AOL Instant Messenger Away Message Buffer Overflow (CVE-2004-0636)
AOL Instant Messenger AIM is an instant messaging and presence computer program which allows registered users to communicate in real time. AOL Instant Messenger AIM registers itself as the handler of URL scheme aim. There exists a vulnerability in the way AOL Instant Messenger AIM parses an away...
Microsoft PowerPoint File Path Handling Buffer Overflow (MS10-004; CVE-2010-0029)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a stack overflow in Microsoft PowerPoint when it tries to copy an overly long file name to a...
Update Protection against Sun Java System Application Server HTTP TRACE Vulnerability
Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method which can be leveraged by attackers to gain access to sensitive user information. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. A local or remote...
IBM Tivoli Storage Manager Client CAD Service Buffer Overflow (CVE-2009-3853)
IBM Tivoli Storage Manager TSM Express is a backup solution which is designed to protect data from failures and other errors by storing backups and archiving data. The product is available for multiple platforms and various hardware architectures. A buffer overflow vulnerability exists in IBM...
Microsoft Office Excel Legacy Files (CVE-2009-3131; CVE-2010-1251; CVE-2010-1252; CVE-2010-3230)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse Office Excel legacy files. A remote attacker could trigger this flaw by...
Nullsoft Winamp CAF File Processing Integer Overflow (CVE-2009-0186)
Nullsoft Winamp is a multimedia player application that is capable of playing many formats of audio and video files. Winamp can play CD tracks, MP3 music files or MPEG video files as well as numerous other formats. It is also capable of reading CAF media file which has file extension .caf. A...
Invalid IIS ASP.Net URI Character Request (CVE-2009-1536)
A denial of service vulnerability has been reported in ASP.NET. ASP.NET is a collection of technologies within the.NET Framework that enable developers to build Web applications and XML Web Services. A remote attacker may exploit this issue to cause a vulnerable server to become non-responsive...
Microsoft DirectShow Video ActiveX Control Stack Buffer Overflow (CVE-2008-0015)
The Microsoft Video Control object is a Microsoft ActiveX control that connects Microsoft DirectShow filters for use in capturing, recording, and playing video. A stack buffer overflow vulnerability has been discovered in Microsoft DirectShow. The flaw is in the way Microsoft Video ActiveX contro...
Novell eDirectory HTTP Request Content-Length Heap Buffer Overflow
A remote code execution vulnerability exists in Novell eDirectory. Novell eDirectory is a cross-platform directory server used for identity management. Novell eDirectory utilizes various protocols to provide information services to various platforms, including HTTP-based SOAP. Novell eDirectory...
IPS-1 Protection Updates for yardradius and Cisco IOS Vulnerabilities and IPS-1 Protocol and Protocol Subsystems Updates
A vulnerability in yardradius could allow a remote attacker to execute arbitrary code via a buffer overflow. A vulnerability in Cisco IOS 12.2T through 12.4 could allows remote attackers to bypass Authentication, Authorization, and Accounting AAA RADIUS authentication via a long username...
Preemptive Protection against Ipswitch IMail Server IMAP SUBSCRIBE Command Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Ipswitch IMail Server IMAP component. Ipswitch IMail server is a messaging service suite that supports numerous mail exchanging protocols, including the Internet Message Access Protocol IMAP. IMAP is a standard protocol for accessing e-mail from a local...
Update Protection against Sun Java GIF Image Remote Code Execution Vulnerability
A remote code execution vulnerability exists in Sun Java Runtime Environment JRE. The Sun Java Runtime Environment allows users to run Java applications in a browser or as standalone programs. A remote attacker can exploit this issue to take complete control over an affected system...
Update Protection against Workstation Service Buffer Overflow Vulnerability (MS06-070)
A denial of service vulnerability was detected in Microsoft Windows Workstation service. The workstation service manages the routing of system requests. The workstation service library file wkssvc.dll is used by windows when working with shared network drives and printers. A remote attacker could...
MS-RPC Programs Lookup (CVE-2006-1314)
DCE/RPC stands for Distributed Computing Environment / Remote Procedure Calls. It is a Remote Procedure Call system that allows software to work across multiple computers, as if it were all working on the same computer. This system allows programmers to write distributed software without having t...
Update Protection against Microsoft Outlook Express Windows Address Book File Vulnerability (MS06-016)
Microsoft Outlook Express is a commonly used email application. A vulnerability has been discovered in the file which contains the address book of Outlook Express, potentially allowing a malicious attacker to take control of the affected machine...
Oracle MySQL Cluster Remote Code Execution (CVE-2022-21490)
A remote code execution vulnerability exists in Oracle MySQL Cluster. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
H3C GR-1200W Router Command Injection (CVE-2022-37070)
A command injection vulnerability exists in H3C GR-1200W Router. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
SalesAgility SuiteCRM Remote Code Execution (CVE-2022-23940)
A remote code execution vulnerability exists in SalesAgility SuiteCRM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Fortinet FortiOS Cross Site Scripting (CVE-2018-13380)
A cross site scripting vulnerability exists in Fortinet FortiOS. Successful exploitation of this vulnerability would allow remote attackers to inject an arbitrary web script into the affected system...
Owl Labs Meeting Owl Authentication Bypass (CVE-2022-31460)
An authentication bypass vulnerability exists in Owl Labs Meeting Owl. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary code...
Western Digital My Cloud NAS Remote Code Execution Multiple Vulnerabilities (CVE-2020-25765; CVE-2020-27158; CVE-2020-27159; CVE-2020-27160; CVE-2020-27744)
A remote code execution vulnerability exists in Western Digital My Cloud NAS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
GitLab Community and Enterprise Cross-Site Scripting (CVE-2021-22241)
A stored cross-site scripting vulnerability exists in the Community edition and Enterprise edition of GitLab. The vulnerability is due to improper input validation of the default branch name...
Compro Technology IP Camera Denial Of Service (CVE-2021-40378)
A denial of service vulnerability exists in Compro Technology IP Camera. Successful exploitation of this vulnerability could result in denial of service conditions...