13538 matches found
Microsoft Message Queue QMGetRemoteQueueName Buffer Overflow - Ver2 (CVE-2008-3479)
A buffer overflow vulnerability has been reported in Microsoft Windows 2000. An attacker could exploit this vulnerability via a crafted RPC call, related to improper processing of parameters to string APIs. Successful exploitation of this vulnerability could allow a remote attacker to execute...
RealNetworks RealPlayer MPG Width Integer Underflow Memory Corruption - Ver2 (CVE-2011-4259)
A memory corruption vulnerability has been reported in RealNetworks RealPlayer. The vulnerability is due to an integer underflow condition caused while handling MPEG-2 files with a specially crafted width parameter. An attacker could exploit this vulnerability by enticing a target user to open a...
Symantec Endpoint Protection Manager Cross-Site Scripting (CVE-2014-3438)
A code execution vulnerability has been reported in the Symantec Endpoint Protection Manager. The vulnerability is due to insufficient validation of user input before it is sent back to the user. A remote attacker may exploit this vulnerability to execute arbitrary script code in the context of t...
ManageEngine Multiple Products FileCollector Directory Traversal (CVE-2014-6035)
A directory traversal vulnerability exists in ManageEngine OpManager, Social IT Plus and IT360. The vulnerability is due to lack of authentication and insufficient input validation in HTTP requests. A remote unauthenticated attacker can upload arbitrary files to arbitrary locations...
ManageEngine EventLog Analyzer agentUpload Directory Traversal (CVE-2014-6037)
A code execution vulnerability has been reported in ManageEngine EventLog Analyzer. The vulnerability is due to lack of authentication and insufficient input validation in agentUpload when processing zip files. A remote unauthenticated attacker can exploit this vulnerability by sending a speciall...
FreeRADIUS Illegal Attributes Denial of Service - ver 2 (CVE-2004-0938)
A vulnerability exists in the way the FreeRADIUS software package handles out of sequence messages. When a RADIUS authentication or accounting request is sent out-of-order to a vulnerable FreeRADIUS, a memory exception occurs. This vulnerability may be leveraged by a remote attacker to deny servi...
Apple QuickTime ftab Atom Stack Buffer Overflow (CVE-2014-1246)
A stack buffer overflow vulnerability exists in Apple QuickTime. The vulnerability is due to insufficient validation on the length of font names when parsing atoms. A remote unauthenticated attacker can exploit this vulnerability by enticing the target user to open a specially crafted file with t...
Microsoft Windows Media Player ASX Parsing Buffer Overflow - Ver2 (CVE-2006-6134)
A buffer overflow vulnerability has been reported in Microsoft Windows Media Player. The vulnerability is due to a buffer overflow error when processing malformed ASX file. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft SCCM Reflected Cross-site Scripting (MS12-062) - Ver2 (CVE-2012-2536)
A cross-site scripting vulnerability has been reported in Microsoft System Center Configuration Manager SCCM. The vulnerability is due to an error in the way System Center Configuration Manager handles specially crafted requests. A remote attacker can exploit this issue by enticing a target user ...
Apple Products SSLVerifySignedServerKeyExchange Security Feature Bypass (CVE-2014-1266)
There exists a security feature bypass vulnerability in Apple products. The vulnerability is due to the SSLVerifySignedServerKeyExchange function in the Secure Transport feature not checking the signature in a TLS Server Key Exchange message. This vulnerability allows man-in-the-middle attackers ...
Microsoft Indexing Service Loop Counter Underwrap Code Execution - Ver2 (CVE-2009-2507)
A remote code execution vulnerability has been reported in the Microsoft Indexing Service. A remote attacker could exploit this vulnerability by enticing a user to visit a malicious Web page. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on...
MSXML Response Handling Memory Corruption - Ver2 (CVE-2010-2561)
A memory corruption vulnerability has been reported in Microsoft XML Core Services MSXML. The vulnerability is due to a bug in the way MSXML handles HTTP responses. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Suspicious Javascript Containing Overly Long Strings (CVE-2013-2551)
Javascript may contain variables assigned with overly long strings. This behavior may indicate an exploitation attempt...
AutoSec Tools V-CMS inline_image_upload.php PHP File Upload And Execution (CVE-2011-4828)
An arbitrary file upload vulnerability has been reported in AutoSec Tools V-CMS...
HP Data Protector CRS Opcode 215 and 263 Stack Buffer Overflow (CVE-2013-2328)
Two stack buffer overflows have been discovered in HP Data Protector...
Microsoft Windows RAS Manager Registry Corruption (CVE-2006-2371)
A buffer overflow vulnerability has been reported in Microsoft Routing and Remote Access Service. The flaw is caused by improper boundary checking of user-supplied data to the Routing and Remote Access service. A remote attacker may leverage this vulnerability by sending a crafted request to the...
HP Data Protector CRS Opcode 227 Stack Buffer Overflow (CVE-2013-2335)
A stack buffer overflow vulnerability has been discovered in HP Data Protector. The vulnerability exists in the Cell Request Service crs.exe, which listens on a randomly chosen port. The application fails to sanitize input with opcode 227, which can result in a stack buffer overflow. A remote,...
Microsoft Internet Explorer Deleted Object Memory Corruption (MS13-055; CVE-2013-3143)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer...
IBM Java ProxyUtil Sandbox Breach (CVE-2012-4820)
A sandbox breach vulnerability exists in IBM Java. The vulnerability is due to an access control failure in the "com.ibm.rmi.util.ProxyUtil" package. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page...
Microsoft Windows MSXML XSLT Remote Code Execution (MS13-002; CVE-2013-0007)
A remote code execution vulnerability has been reported in Microsoft Windows...
Cisco NX-OS Interface Commands Privilege Escalation (CVE-2011-2569)
A command execution vulnerability has been reported in Cisco NX-OS...
Multiple Products IASystemInfo.DLL ActiveX Control Buffer Overflow (CVE-2007-0348)
A remote code execution vulnerability has been reported in multiple products containing the IASystemInfo.DLL ActiveX control. The vulnerability is due to a data validation failure by the ActiveX control. A remote attacker may exploit this vulnerability by enticing an affected user to open a...
Internet Explorer 6 HTML Object Memory Corruption (MS10-090; CVE-2010-3343)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been initialized or has been deleted. To trigger this...
IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows (CVE-2009-2753)
Informix is a family of relational database management system RDBMS products by IBM. IBM Informix Dynamic Server is an online transaction processing data server. Multiple buffer overflow vulnerabilities has been reported in IBM's Informix Dynamic Server. The vulnerabilities are due to insufficien...
Update Protection against Novell iPrint Client ienipp.ocx volatile-date-time Parsing Buffer Overflow
A buffer overflow vulnerability exists in Novell iPrint Client, an application that allows users to install and manage printers, or submit print jobs from a web browser. The vulnerability is due to a boundary error when parsing malicious 'persistence' parameter values. A remote attacker can explo...
Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)
A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...
RealNetworks Helix Server RTSP SET_PARAMETER Heap Buffer Overflow (CVE-2009-2533)
Helix Server is a multi-media server that is designed to serve streaming and static audio and video content. Helix project, Helix Server being part of it, is intended as a largely free software/open source digital media framework that runs on numerous operating systems and processors including...
Apple QuickTime PictureViewer Buffer Overflow (CVE-2005-0903; CVE-2005-2340)
Apple QuickTime PictureViewer is an image viewer that supports many image file formats. JPEG is one of the image formats supported by this product. A vulnerability exists in the PictureViewer component of the Apple QuickTime products. The affected product does not correctly process JPEG image...
Symantec Altiris Deployment Solution ActiveX File Download (CVE-2009-3028)
The Symantec Altiris Deployment Solution software provides tools to deploy and configure software across hardware platforms and operating systems. A remote program execution vulnerability exists in Symantec Altiris Deployment Solution. The vulnerability is caused due to the Altiris.AeXNSPkgDL.1...
Oracle Secure Backup Administration Server Command Injection (CVE-2009-1978)
Oracle Secure Backup is a backup solution allowing for centralized tape backup management. The vulnerability is due to a flaw in the logic used to authenticate a user to the administration server. Successful exploitation of this vulnerability allows remote attackers to bypass authentication on...
Internet Explorer Rows Object Memory Corruption (MS09-019; CVE-2009-1532)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted. To...
Cisco WebEx Meeting Manager ActiveX Control Buffer Overflow (CVE-2008-3558)
The Webex Meeting Manager is a client-side program that is provided by the Cisco Webex meeting service, an online collaboration suite. A buffer overflow vulnerability has been reported in the Cisco Webex Meeting Manager application.The vulnerability is due to a boundary error in a Cisco Webex...
IBM Lotus Domino Web Server HTTP Header Buffer Overflow (CVE-2008-2240)
IBM Lotus Domino is a server product that provides enterprise-grade e-mail, collaboration capabilities, and custom application platform. A stack buffer overflow vulnerability was reported in the IBM Lotus Domino Web Server application. The vulnerability is due to an error in the IBM Lotus Domino...
Microsoft Windows Speech Components sapi.dll Code Execution (MS08-032; CVE-2007-0675)
The ActiveX Speech Components sapi.dll is part of the Microsoft Speech Application Programming Interface SAPI that allows the use of speech recognition and speech synthesis within Windows applications. A remote code execution vulnerability has been reported in the ActiveX Speech Components...
Yahoo! Music Jukebox ActiveX Control Multiple Buffer Overflows (CVE-2008-0623; CVE-2008-0624; CVE-2008-0625)
Yahoo! Music Jukebox is a freeware media player for Microsoft Windows. Multiple buffer overflow vulnerabilities have been reported in Yahoo! Music Jukebox. The vulnerabilities are due to boundary errors in certain Yahoo! Music Jukebox ActiveX controls. To trigger these issues, an attacker may...
Sun Java Web Start dnsResolve ActiveX Buffer Overflow (CVE-2007-5019)
Microsoft SQL Server is a Relational Database Management System RDBMS that can be managed through Distributed Management Objects DMO. A remote attacker can exploit this issue to execute arbitrary code on vulnerable server...
IBM and Lenovo Access Support acpRunner ActiveX Security Bypass (CVE-2007-2928; CVE-2007-2929; CVE-2007-2940)
The Access Support software package for IBM and Lenovo systems includes several ActiveX controls. A remote attacker could exploit this issue by convincing a user to visit a specially crafted HTML document or open a malicious web page. Successful exploitation could result in remote code execution ...
Update Protection against Multiple Trend Micro ServerProtect Buffer Overflow Vulnerabilities
Trend Micro ServerProtect is prone to multiple buffer overflow vulnerabilities. Trend Micro ServerProtect is a centrally managed virus protection console for enterprise-class servers. A remote attacker may exploit these issues to execute arbitrary code on a vulnerable system via a specially craft...
Preemptive Protection against Ipswitch IMail Server IMAP SEARCH Command Buffer Overflow Vulnerability
A buffer overflow vulnerability exists in Ipswitch IMail Server IMAP component. Ipswitch IMail server is a messaging service suite that supports numerous mail exchanging protocols, including the Internet Message Access Protocol IMAP. IMAP is a standard protocol for accessing e-mail from a local...
Preemptive Protection against Microsoft Windows Animated Cursor Remote Code Execution Vulnerability (MS07-017)
A remote code execution vulnerability has been reported in the animated cursor code in Microsoft Windows. A remote attacker can exploit this vulnerability via a specially crafted ANI file. Animated cursors files ANI allow a series of frames to appear at the mouse pointer location instead of a...
IMAP Directory Traversal (CAN-2005-1902; CAN-2006-2414)
...
Kamailio SIP Server Out of Bounds Read (CVE-2018-14767)
An out-of-bounds read vulnerability exists in Kamailio . Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Barangay Management System Arbitrary File Upload (CVE-2022-34120)
An arbitrary file upload vulnerability exists in Barangay Management System. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Netgear R6200v2 Command Injection (CVE-2022-30079)
A command injection vulnerability exists in Netgear R6200v2. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Jenkins Active Choices Plugin Cross-Site Scripting (CVE-2021-21699)
A stored cross-site scripting vulnerability exists in Jenkins Active Choices Plugin. This vulnerability is due to insufficient validation of parameter name of reactive parameters and dynamic reference parameters...
D-Link DIR882 Command Injection (CVE-2022-28895; CVE-2022-28896)
A command injection vulnerability exists in D-Link DIR882. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Dolibarr ERP and CRM Code Injection (CVE-2022-0819)
A code injection vulnerability exists in the Dolibarr ERP/CRM package. The vulnerability is due to insufficient input validation on user provided data...
Apache Airflow Command Injection (CVE-2022-24288)
A command injection vulnerability exists in Apache Airflow. This vulnerability is due to improper input validation for parameters for directed acyclic graphs DAGs...
Adobe ColdFusion Improper Access to a Restricted Directory (APSB22-44: CVE-2022-38418)
An improper access to a restricted directory vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
dotCMS Arbitrary File Upload (CVE-2022-26352; CVE-2018-5445)
An arbitrary file upload vulnerability exists in dotCMS. Successful exploitation of this vulnerability allows an attacker to execute arbitrary code on the vulnerable system with administrative privileges...