13538 matches found
OP5 welcome Remote Command Execution (CVE-2012-0262)
An arbitrary commands execution vulnerability has been reported in OP5 appliances...
HP Data Protector CRS Opcode 264 Stack Buffer Overflow (CVE-2013-2327)
A stack buffer overflow has been discovered in HP Data Protector...
Microsoft SharePoint Server Parameter Injection (MS13-084; CVE-2013-3895)
An elevation of privilege vulnerability exists in Microsoft SharePoint Server...
Microsoft .NET Framework OpenType Font Parsing Remote Code Execution (MS13-082; CVE-2013-3128)
A remote code execution vulnerability has been reported in Microsoft .Net Framework...
IBM Cognos tm1admsd.exe Buffer Overflow (CVE-2012-0202)
Multiple stack-based buffer overflow vulnerabilities have been reported in IBM Cognos TM1 Admin Server...
Microsoft Windows RPC Elevation Of Privilege (MS13-062; CVE-2013-3175)
An elevation of privilege vulnerability exists in the way that Windows handles asynchronous RPC requests...
Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3145)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Microsoft Internet Explorer Memory Corruption (MS13-055; CVE-2013-3146)
A Remote code execution vulnerability has been reported in Microsoft Internet Explorer...
Internet Explorer Deleted HTML Object Memory Corruption (MS13-047; CVE-2013-3112)
A use after free vulnerability has been reported in Internet Explorer...
Preemptive Protection against Microsoft Windows TCP/IP Driver Denial of Service (MS13-049; CVE-2013-3138)
A denial of service vulnerability has been reported in the TCP/IP driver of Microsoft Windows...
Microsoft Office Malformed GIF File Processing Code Execution (MS06-039) - Improved Performance (CVE-2006-0007)
The Microsoft Office is a popular application suite that consists of several independent applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and others. The suite ships with a set of image processing helper libraries known as graphics filters. The graphics filters are used...
Internet Explorer CMarkupTransNavContext Use After Free (MS13-037; CVE-2013-1308)
A Code Execution vulnerability exists in Internet Explorer. An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user. When Internet Explorer attempts to access an object in memory that has been deleted, it may corrupt memory in such a way th...
Smart Software Solutions CoDeSys CmpWebServer Content-Length NULL Pointer (CVE-2011-5009)
Denial of service has been reported in Smart Software Solutions CoDeSys CmpWebServer.The vulnerability is due to insufficient validation of incoming HTTP POST requests to TCP port 8080.A remote attacker could exploit this vulnerability by sending a malicious HTTP POST request to the affected...
Microsoft Active Directory LDAP Request Memory Consumption (MS13-032; CVE-2013-1282)
A denial of service vulnerability exists in implementations of Active Directory. Successful exploitation could cause the service to stop responding. The vulnerability is caused when the LDAP service fails to handle a specially crafted query. A Remote attacker can exploit this issue via a speciall...
Adobe Photoshop PNG Image Processing Buffer Overflow - Improved Performance (CVE-2012-4170)
A heap buffer overflow vulnerability has been reported in Adobe Photoshop CS6. The vulnerability is due to an error while handling certain chunks within a specially crafted PNG file. A remote attacker can exploit this vulnerability by enticing a user to open a malicious PNG file. Successful...
Microsoft HTML Sanitization Cross Site Scripting (MS13-035; CVE-2013-1289)
An elevation of privilege vulnerability exists in the way that HTML strings are sanitized. Successful exploitation could allow an attacker to perform cross-site scripting attacks against affected users, resulting in script execution in the target's security context...
Symantec Messaging Gateway Save.do Cross Site Request Forgery - Improved Performance (CVE-2012-0308)
A cross-site request forgery CSRF vulnerability has been reported in Symantec Messaging Gateway. The vulnerability is due to errors while validating user input. A remote attacker can exploit this vulnerability by enticing a user to open a specially crafted URI. Successful exploitation would allow...
Internet Explorer OnResize Use After Free Remote Code Execution (MS13-021; CVE-2013-0087)
A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in the way Internet Explorer accesses an object in memory that has been deleted. A remote attacker can exploit this issue by enticing a target victim to open a specially...
Opera SVG clipPath Use After Free Memory Corruption (CVE-2013-1638)
A use-after-free vulnerability has been reported in Opera web browser. The vulnerability is due to an error while parsing SVG content. A remote attacker can exploit this vulnerability by enticing a user to download and process a maliciously crafted file with a vulnerable version of Opera...
Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)
An authentication bypass vulnerability has been reported in ColdFusion servers. The vulnerability is due to enabling unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. A remote attacker could...
Microsoft Internet Explorer Cloned Object Memory Corruption (MS09-002; CVE-2009-0075)
A vulnerability exists in the way Internet Explorer 7 accesses an object that has been deleted, which can cause memory corruption. In an attack case where code injection is successful, the behaviour of the target is entirely dependent on the intended function of the injected code. The code in suc...
Novell iPrint Server attributes-natural-language Buffer Overflow (CVE-2011-4194)
A buffer overflow vulnerability has been reported in Novell iPrint Server...
Preemptive Protection against Novell GroupWise Internet Agent RRULE Time Conversion Invalid Array Indexing (CVE-2011-2663)
A remote code injection and execution vulnerability has been reported in Novell GroupWise Internet Agent GWIA...
Black Ice BIImgFrm.ocx ActiveX Code Execution (CVE-2008-2683)
A remote code execution vulnerability has been reported in Black Ice BIImgFrm.ocx. The vulnerability is due to a design flaw in the application which allows uploading of specially crafted files to an affected system. An attacker could exploit this vulnerability by enticing a victim to open a...
Microsoft Excel Series Integer Underflow (MS11-045; CVE-2011-1278)
Microsoft Excel is a popular spreadsheet application. A vulnerability has been identified in Microsoft Excel. When Microsoft Excel validates record information upon opening a specially crafted Excel file, a memory handling error may corrupt system memory in such a way that an attacker could execu...
Internet Explorer DOM Modification Remote Code Execution (MS11-050; CVE-2011-1256)
A remote code execution vulnerability has been reported in the way that Microsoft Internet Explorer accesses an object that has not been correctly initialized or has been deleted. Microsoft Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may...
Internet Explorer Time Element Memory Corruption (MS11-050; CVE-2011-1255)
A remote code execution vulnerability has been reported in the way that Microsoft IE accesses an object that has not been correctly initialized or has been deleted. Microsoft Internet Explorer attempts to access an object that has not been initialized or has been deleted, it may corrupt memory in...
Microsoft Windows OLEAUT32.DLL WMF File Remote Code Excution (MS11-038; CVE-2011-0658)
The vulnerability is caused by the way that OLE Automation parses a specially crafted WMF file. An attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site. An attacker who successfully...
Microsoft Office Excel RealTimeData Record Memory Corruption (MS11-021; CVE-2011-0101)
Microsoft Excel is a popular spreadsheet application. A remote attacker could exploit this issue via a malformed Excel file. Successful exploitation of this vulnerability may allow execution of arbitrary code on a target system. A memory corruption vulnerability has been identified in Microsoft...
Novell ZENworks Configuration Management TFTPD Heap Buffer Overflow (CVE-2010-4323)
Novell ZENworks Configuration Management is an IT desktop computer management suite that is based on a client/server architecture. A management server collects and sends data of managed assets by communicating with client applications installed on computers, or via other management protocols. A...
Symantec Alert Management System pagehndl.dll Stack Buffer Overflow (CVE-2010-0110)
Symantec Alert management System 2 AMS2 is a package used by various Symantec solutions such as System Center, AntiVirus Server, and AntiVirus Central Quarantine Server. AMS2 starts multiple services on the system that run with System account privileges, by default. A stack buffer overflow...
Symantec IM Manager rdpageimlogic.aspx Multiple SQL Injections (CVE-2010-0112)
Symantec IM Manager is a software-based proxy to secure, manage, and log IM messages for enterprise and public IM protocols. It provides real-time threat protection against IM viruses, worms, and other types of attacks delivered through IM messages. Symantec IM Manager allows the definition of...
Microsoft Office Art Drawing Records Code Execution (MS10-087; CVE-2010-3334)
Microsoft Office is an office suite of inter-related desktop applications, servers and services for the Microsoft Windows and Mac OS X operating systems. A remote attacker could exploit this issue via a malformed Office file. Successful exploitation of this vulnerability may allow execution of...
Microsoft Word UPX Data Stack Validation Buffer Overflow (MS10-079; CVE-2010-3214)
Microsoft Word is a popular word processing software. A remote code execution vulnerability has been identified in the way that Microsoft Word handles stack validation inside a specially crafted Word file. The vulnerability is due to an error in Microsoft Word that fails to properly validate UPX...
Microsoft Excel Biff Record PtgName Entries Code Execution (MS10-080; CVE-2010-3235)
Microsoft Excel is a popular spreadsheet application. A memory corruption vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly validate formula information upon opening a specially crafted Excel file. A remote...
Microsoft Browser Embedded Media Player Memory Corruption (MS10-082; CVE-2010-2745)
Windows Media Player is a feature of the Windows operating system for personal computers. It is used for playing audio and video. A remote code execution vulnerability has been reported in Windows Media Player. The vulnerability is due to an error in the Windows Media Player that improperly...
Embedded Base-64 Encoded TTF Files (CVE-2010-2738)
Unicode Script Processor is a Windows component that enables a text layout client to format complex scripts. A remote code execution vulnerability has been reported in the way affected versions of Microsoft Windows incorrectly parse specific font types. A remote attacker could exploit this issue...
Apple QuickTime Streaming Debug Error Logging Buffer Overflow (CVE-2010-1799)
QuickTime is a media player application developed by Apple. It is capable of playing back numerous multimedia file formats from local file system or network servers. One of the media formats supported by Apple QuickTime is SMIL. A stack buffer overflow vulnerability exists in Apple QuickTime medi...
CA BrightStor ARCserve Backup Tape Engine RPC Opcode 207 Buffer Overflow (CVE-2007-0169)
Computer Associates BrightStor ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including Backup and Restore, Data Migration, and Threat Management. There exists a...
Adobe Shockwave Player MCsL Parsing Memory Corruption (APSB10-20; CVE-2010-2881)
Adobe Shockwave is a multimedia player that allows Adobe Director applications to be published on the Internet and viewed in a web browser by anyone who has the Shockwave plug-in installed. A memory corruption vulnerability has been identified in Adobe Shockwave Player. The vulnerability is due t...
Microsoft Silverlight Pointer Handling Memory Corruption (MS10-060; CVE-2010-0019)
Microsoft Silverlight is a cross-browser, cross-platform implementation of the Microsoft .NET Framework for building media experiences and rich interactive applications for the Web. A memory corruption vulnerability has been reported in the way that Microsoft Silverlight handles pointers. To...
IBM Lotus Notes WPD Attachment Viewer Buffer Overflow (CVE-2007-5544)
Lotus Notes is a client-server collaborative software and email system provided by IBM. The Lotus Notes email client application is capable of communicating with email servers over the SMTP, POP, and IMAP protocols. There exist a buffer overflow vulnerability in IBM Lotus Notes WPD viewer. The...
Oracle Database SQL Compiler Access Control Security Bypass (CVE-2007-3855)
There exists a security bypass vulnerability in the Oracle Database Server product. Specifically, the flaw exists due to improper enforcement of user permissions on data access to tables through certain types of views. A remote authenticated attacker may use this vulnerability to perform UPDATE,...
Microsoft ASP.NET Application Folder Information Disclosure (MS06-033; CVE-2006-1300)
ASP.NET is a technology that provides a programming model and infrastructure for creating dynamic web applications. ASP.NET is part of the Microsoft .NET Framework. ASP.NET is deployed on the Microsoft Internet Information Server, which treats files with the .aspx extension as ASP.NET files and...
Microsoft Excel Malformed Filter Records Handling Code Execution (MS07-023; CVE-2007-1214)
Microsoft Excel is a popular spreadsheet application that is usually released as part of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulae, and various data sources. The proprietary file format used for storing Microsoft Excel documents ...
IBM Lotus Notes WPD Attachment Handling Buffer Overflow (CVE-2008-4564)
Lotus Notes is a client-server collaborative software and email system provided by IBM. The Lotus Notes email client application is capable of communicating with email servers over the SMTP, POP, and IMAP protocols. A stack-based buffer overflow vulnerability exists in the IBM Lotus Notes WPD. Th...
Microsoft SMB Client Message Size Remote Code Execution (MS10-020; CVE-2010-0477)
The SMB Protocol is a network file sharing protocol that is implemented in Microsoft Windows. A remote code execution vulnerability has been reported in the Microsoft Windows Server Message Block SMB client implementation. The vulnerability is due to an error in the Microsoft SMB client...
CA Multiple Products HTTP Request Buffer Overflow (CVE-2005-3190)
The Computer Associates CA BrightStor backup server product line provides facilities for integration with third party software and hardware products to consolidate storage management tasks. CA uses an XML-based interface named iSponsor/iGateway to integrate with storage management applications fr...
QuickTime-Darwin Denial of Service (CVE-2004-0169)
A vulnerability exists in the Quicktime Streaming Server and Darwin Streaming Server that allows remote users to cause a denial of service condition on the server. The vulnerability can be exploited to cause the service to either crash or consume all available processor resources. The...
Microsoft Windows Graphics Rendering Engine Buffer Overflow (MS04-032; CVE-2004-0209)
The Microsoft Windows Metafile Format WMF is used to store pictures and other graphical renderings as either vector or bitmap-format graphical data. The vector data stored in WMF files is described as Microsoft Windows Graphics Device Interface GDI commands. The WMF format is the original 16-bit...