13538 matches found
Novell GroupWise Email Address Processing Buffer Overflow (CVE-2009-1636)
Novell GroupWise is a client-server collaborative software and email system provided by Novell. A buffer overflow vulnerability has been reported in Novell GroupWise Internet Agent GWIA software.The vulnerability is due to an error while processing specially crafted SMTP requests.Specifically, th...
Sun Solaris sadmind RPC Request Buffer Overflow (CVE-2008-3869; CVE-2008-3870)
sadmind is a daemon used to control the servers running Sun Solaris operating system. A buffer overflow vulnerability was identified in the sadmind service within the Sun Solaris operating system. The vulnerability is triggered in sadmind when decoding request parameters. This can be exploited to...
Microsoft Works Oversized Font Buffer Overflow (MS09-024; CVE-2009-1533)
Microsoft Works is home productivity software suite with fewer features than the Microsoft Office suite.The Microsoft Works Converter allows the user to open, edit, and save files in the Microsoft Works file format. A remote code execution vulnerability has been discovered in Microsoft Works...
Microsoft PowerPoint Converter CoCollection Record Handling Error (MS09-017; CVE-2009-0226)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially craft...
Update Protection against Microsoft Windows GDIplus GpFont.SetData Integer Overflow
A vulnerability has been reported in Microsoft Windows Graphics Device Interface GDI. GDI is a Microsoft standard for representing graphical objects and outputting these representations to devices such as monitors and printers. The vulnerability occurs when an application that uses the affected...
Workaround for Microsoft Windows Saved Search Remote Code Execution Vulnerability (MS08-075)
A remote code execution vulnerability was reported in the way Windows Explorer saves specially crafted search files. Windows Search is a standard component of Windows Vista that allows instant search capabilities for most common file and data types. Windows Search has XML-based files that save...
Microsoft Excel COUNTRY Record Parsing Memory Corruption (MS08-043; CVE-2008-3006)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel parses record values. The vulnerability is due to an error in Microsoft Excel that fails to perform sufficient validation when parsing record values while...
Novell iPrint Client ActiveX Control Stack Buffer Overflow (CVE-2008-2908)
Novell iPrint is an application that enables users to install and manage printers, or submit print job from a web browser. A stack buffer overflow vulnerability has been reported in Novell iPrint Client. The vulnerability is due to a boundary error in a Novell iPrint ActiveX control. To trigger...
Microsoft Access Snapshot Viewer ActiveX Control Arbitrary File Download (CVE-2008-2463)
Microsoft Snapshot Viewer is an application that allows viewing of snapshots created with any version of Microsoft Access. A remote code execution vulnerability has been discovered in the Snapshot Viewer for Microsoft Access. The vulnerability is due to an error in the Snapshot Viewer ActiveX...
Update Protection against HP OpenView Network Node Manager HTTP Handling Buffer Overflow Vulnerability
A buffer overflow vulnerability has been discovered in HP OpenView Network Node Manager. The Network Node Manager NNM is an HP OpenView product which manages networks. It determines and displays physical and logical connectivity in networks, as well as information referring to protocols running...
Preemptive Protection against Digium Asterisk SIP Invalid Response Code Denial of Service Vulnerability
A denial of service vulnerability has been discovered in Digium Asterisk. Asterisk is an open source telephone system. It supports a wide range of Voice over IP VOIP protocols, including SIP. SIP Session Initiation Protocol is a protocol that can establish, modify, and terminate numerous multimed...
Symantec Products SupportSoft ActiveX Control Multiple Buffer Overflows (CVE-2006-6490)
Multiple vulnerabilities have been reported in Symantec SupportSoft ActiveX controls. SupportSoft provides third party ActiveX controls used for remote assistance and other technical support functions. A remote attacker could cause the browser to crash allowing execution of arbitrary commands.The...
Trend Micro OfficeScan Client ActiveX Control Buffer Overflow (CVE-2007-0325)
A vulnerability has been reported in the Trend Micro OfficeScan Client ActiveX control.OfficeScan Client is an integrated client which provides security protection for the network endpoints.A remote attacker could cause the browser to crash allowing execution of arbitrary commands.The vulnerabili...
Microsoft IIS HTR Request Buffer Overflow (CVE-2002-0071)
...
Update Protection against Indexing Service Cross-Site Scripting Vulnerability (MS06-053)
A cross-site scripting XSS vulnerability exists in Microsoft Windows Indexing Service. Indexing Service is a feature that supports rapid searching of file contents and properties by extracting information from files and storing it in indexes organized for fast searching. A remote attacker can...
Update Protection against Microsoft JScript Remote Code Execution Vulnerability (MS06-023)
JScript is Microsoft's implementation of the ECMA 262 language specification ECMAScript Edition 3. Microsoft JScript contains a memory corruption vulnerability. By convincing a user to visit a Web site or read an e-mail message containing a specially crafted JScript file, a remote attacker may be...
Update Protection against Ipswitch WhatsUp Professional 2006 Multiple Vulnerabilities
WhatsUp is a tool from Ipswitch that monitors application and network. WhatsUp runs a custom web server for the application Web interface on port 8022. Multiple flaws have been identified in the server including XSS vulnerabilities, page redirection via cross site scripting and header spoofing...
Preemptive Protection against Nagios "Content-Length" Header Buffer Overflow Vulnerability
Nagios is an open source host, service and network monitoring program. The product?s functionality is implemented through a number of CGI programs. A vulnerability has been identified in Nagios, specifically due to buffer overflow errors in various CGI scripts that do not properly process a...
Microsoft Windows Web Client Remote Code Execution (MS06-008; CVE-2006-0013)
Web Client WebDAV is a system service that allows Web-based Distributed Authoring and Versioning. Remote code execution vulnerability exists in the way that Windows processes Web Client requests that could allow an attacker who successfully exploited this vulnerability to take complete control of...
Built-In Protection against IGMPv3 Denial of Service Vulnerability (MS06-007)
A denial of service vulnerability exists in the handling of IGMPv3 Internet Group Management Protocol. IGMP is a routing protocol used by hosts and routers to dynamically register and discover multicast group memberships. By sending a specially crafted IGMP packet, a remote attacker could stop th...
MS-SQL Monitor Protocol (CVE-2002-0649; CVE-2002-0650)
...
Apache httpd mod_proxy NULL Pointer Dereference (CVE-2021-44224)
A NULL pointer dereference vulnerability exists in the modproxy module of Apache httpd. The vulnerability is due to improper handling of malformed Request-URIs sent to servers configured as a forward proxy. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted...
Delta Electronics DIAEnergie SQL Injection (CVE-2022-1366)
An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to insufficient input validation when processing requests...
Oracle WebLogic Server Remote Code Execution (CVE-2021-2394)
A remote code execution vulnerability exists in Oracle WebLogic Server. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Zoho ManageEngine SQL Injection (CVE-2022-27908)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the Inventory Reports module...
Adobe ColdFusion Arbitrary File Read And Deletion (APSB22-44: CVE-2022-38424)
A arbitrary file read and deletion vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Adobe ColdFusion Heap-based Buffer Overflow (APSB22-44: CVE-2022-35711)
A buffer overflow vulnerability exists in Adobe ColdFusion. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system or cause application crashes...
SalesAgility SuiteCRM Remote Code Execution (CVE-2022-23940)
A remote code execution vulnerability exists in SalesAgility SuiteCRM. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Moodle Directory Traversal (CVE-2022-35650)
A Directory Traversal vulnerability exists in Moodle. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
Tenda M3 Router Buffer Overflow (CVE-2022-32035)
A buffer overflow vulnerability exists in Tenda M3 Router. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...
Adobe Acrobat and Reader Access of Uninitialized Pointer (APSB22-32: CVE-2022-34228)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Microsoft Support Diagnostic Tool Remote Code Execution (CVE-2022-30190)
A remote code execution vulnerability exists in Microsoft Support Diagnostic Tool, also known as, "Follina". Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Jira Server-Side Request Forgery (CVE-2019-8451)
A Server Side Request Forgery vulnerability exists in Jira. A remote attacker may exploit this issue by making a specially crafted HTTP request. Successful exploitation would allow attackers to create HTTP requests on behalf of the vulnerable server...
Adobe Acrobat and Reader Access of Uninitialized Pointer (APSB22-16: CVE-2022-27794)
A vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Spring Cloud Function Remote Code Execution (CVE-2022-22963)
A remote code execution vulnerability exists in Spring Cloud Function. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Remote Desktop Client Remote Code Execution (CVE-2022-21990)
A remote code execution vulnerability exists in Microsoft Remote Desktop Client. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Remote Desktop Client Remote Code Execution (CVE-2022-23285)
A remote code execution vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Delta Electronics DIAEnergie SQL Injection (CVE-2021-38391)
An SQL injection exists in Delta Industrial Automation DIAEnergie. The vulnerability is due to an input validation error when processing the type parameter in the AMHandler.ashx endpoint...
WordPress Pie Register Plugin SQL Injection (CVE-2021-24731)
An SQL injection vulnerability exists in WordPress Pie Register plugin. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
FrogCMS SentCMS Remote Code Execution (CVE-2021-26794)
A remote code execution vulnerability exists in FrogCMS SentCMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
DRK Odenwaldkreis Testerfassung Command Injection (CVE-2021-35062)
A command injection vulnerability exists in NETGEAR. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Oracle Fusion Middleware BI Publisher Arbitrary File Upload (CVE-2021-2392)
An arbitrary file upload vulnerability exists in Oracle Business Intelligence. This vulnerability is due to insufficient input validation in the UploadFndDBCPage class...
Centreon MediaWiki SQL Injection (CVE-2021-37558)
An SQL injection vulnerability exists in Centreon MediaWiki. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
FiberHome Routers Command Injection (CVE-2021-42912)
A command injection vulnerability exists in FiberHome routers. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
WordPress Core External Entity Injection (CVE-2021-29447)
An XXE vulnerability exists in WordPress Core. The vulnerability is due to insufficient validation of XML data when parsing RIFF WAV file metadata...
Course Registration Management System Cross Site Scripting (CVE-2021-29663)
A cross-site scripting vulnerability exists in Course Registration Management System. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
F5 BIG-IP Buffer Overflow (CVE-2021-22992)
A buffer overflow vulnerability exists in F5 BIG-IP. Successful exploitation of this vulnerability could result in a denial of service or execution of arbitrary code into the affected system...
Cockpit CMS Remote Code Execution (CVE-2020-35131)
A remote code execution vulnerability exists in Cockpit CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Yccms Remote Code Execution (CVE-2020-20287)
A remote code execution vulnerability exists in Yccms. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Flink Directory Traversal (CVE-2020-17518; CVE-2020-17519)
A directory traversal vulnerability exists in Apache Flink. Successful exploitation of this vulnerability could allow an attacker to access arbitrary files on the affected system...