13538 matches found
Preemptive Protection against HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow
A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program webappmon.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007; CVE-2003-0109)
The Internet Information Server IIS is a Web server packaged with several versions of the Windows operating system. The server is capable of serving static, as well as dynamic content. Several Microsoft Windows IIS servers support the World Wide Web Distributed Authoring and Versioning WebDAV...
RealNetworks RealPlayer SMIL File Handling Buffer Overflow (CVE-2005-0455)
The Synchronized Multimedia Integration Language SMIL is a W3C standard based on XML. SMIL is the standard markup language for timing and controlling streaming media clips for media players. A stack buffer overflow vulnerability exists in RealNetworks RealPlayer and RealOne Player. The flaw exist...
Symantec VERITAS NetBackup vnetd Buffer Overflow (CVE-2006-0991)
The Symantec VERITAS NetBackup server product suite is an enterprise backup system solution available for various platforms. It is capable of performing scheduled automatic backups as well as manual backups invoked by a client. A minimal backup environment consists of backup agents and a master...
Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...
Microsoft SMB Endless Loop Denial of Service (CVE-2009-3676)
The SMB Protocol is a network file sharing protocol. A denial of service vulnerability has been reported in the way that Microsoft Server Message Block SMB protocol software handles specially crafted SMB packets. The vulnerability is due to an error in the Microsoft Server Message Block SMB...
Oracle Database dbms_assert Filter Bypass (CVE-2006-5340)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
Apache Tomcat is an implementation of the Java Servlet and JavaServer pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...
CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (CVE-2007-0169)
Computer Associates BrightStor ARCserve Backup and Business Protection Suite families of software products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including backup and restore, dat...
Internet Explorer IsComponentInstalled Buffer Overflow (CVE-2006-1016)
The Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, scripting languages and interpretation of various other popular Internet specifications. There exists a buffer overflow vulnerability in the IsComponentInstalled function...
Microsoft DirectShow AVI Decoder Buffer Overflow (MS05-050; CVE-2005-2128)
Microsoft DirectX is a set of low-level application programming interfaces APIs for creating high-performance multimedia applications. Microsoft DirectShow is an architecture for streaming media on the Microsoft Windows platform and provides for the capture and playback of multimedia streams. It...
Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution (CVE-2008-0236)
Microsoft Visual FoxPro 6.0 is designed for building data-centric Windows applications. Visual FoxPro 6.0 is shipped with a set of various ActiveX controls that are registered on the host upon installation. Specifically, an ActiveX control vfp6r.dll is included. There exists an access control...
JScript Scripting Engine Web Pages Decoding Code Execution (MS09-045; CVE-2009-1920)
JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. A remote code execution vulnerability has been reported in the way that the JScript scripting engine decodes script in Web pages. The vulnerability is due to a memory...
Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow (CVE-2009-1394)
Motorola Timbuktu is a remote monitoring and control product available for Microsoft Windows and other operating systems. A buffer overflow vulnerability exists in Motorola Timbuktu Pro. The vulnerability is due to boundary errors when handling PlughNTCommand named pipe payloads. Remote attackers...
Microsoft Excel BRAI Record Pointer Corruption (MS09-021; CVE-2009-0549)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the Microsoft Excel. The vulnerability is due to a memory corruption error in Microsoft Excel when loading specially crafted Excel files that include a malformed record object. The...
Microsoft PowerPoint Converter SlideRec Record Memory Corruption (MS09-017; CVE-2009-0222)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially craft...
Update Protection against HP OpenView Network Node Manager ovalarmsrv Integer Overflow
HP OpenView Network Node Manager NNM is a software application designed for management, maintenance and monitoring of networks and network devices. The application fails to properly validate maliciously crafted requests. By sending a crafted request, a remote unauthenticated attacker could overfl...
Update Protection against Oracle Application Server 10g OPMN Service Format String Vulnerability
A vulnerability was reported in Oracle Application Server, a multi-platform solution for developing and deploying enterprise applications and web sites. The flaw is due to insufficient validation of the URI part of HTTP requests. Remote attackers could exploit this vulnerability by sending a...
Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073; CVE-2008-4258)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...
iseemedia LPViewer ActiveX Control Multiple Buffer Overflows (CVE-2008-4384)
iseemedia is a software development company focused on the commercialization of advanced, rich content adaptation and distribution solutions for Web applications. iseemedia's platforms are used by websites worldwide. The iseemedia LPViewer ActiveX control contains multiple buffer overflow...
Microsoft Excel FRTWrapper Record Buffer Overflow (MS08-057; CVE-2008-3471)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel processes objects when loading Excel files into memory. The vulnerability is due to an error in Microsoft Excel that fails to perform sufficient validation wh...
Trend Micro objRemoveCtrl ActiveX Control Multiple Buffer Overflows (CVE-2008-3364)
Trend Micro OfficeScan is a centralized virus and security scan management system. A buffer overflow vulnerability has been reported in Trend Micro OfficeScan. The vulnerability is due to a boundary error in the OfficeScan ActiveX control objRemoveCtrl. To trigger this issue, an attacker may crea...
Microsoft Windows Media Encoder 9 ActiveX Control Buffer Overflow (MS08-053; CVE-2008-3008)
Windows Media Encoder is a tool for capturing audio and video content. A remote code execution vulnerability has been reported in the Windows Media Encoder 9 Series.The vulnerability is due to an error in a Windows Media Encoder 9 Series ActiveX control that was never intended to be instantiated ...
Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052; CVE-2008-3014)
Windows Metafile WMF is a 16-bit metafile image format optimized for the Windows operating system that can contain both vector information and bitmap information. A remote code execution vulnerability has been discovered in the way GDI+ allocates memory for WMF image files. The vulnerability is d...
EPS Files (CVE-2008-3019)
EPS is a standard file format for importing and exporting PostScript files. It is usually a single page PostScript program that describes an illustration or an entire page. An EPS file can contain any combination of text, graphics and images. A remote code execution vulnerability was reported in...
Microsoft Word RTF File Handling Memory Corruption (MS08-026; CVE-2008-1091)
A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly handle specially crafted Rich Text Format .rtf files. A remote attacker could trigger this flaw by convincing a victim to op...
Preemptive Protection against Novell Client nwspool.dll EnumPrinters Function Buffer Overflow Vulnerability
A buffer overflow vulnerability has been discovered in the Novel Client for Windows. The flaw is due to a boundary error in Novell Client's Spooler service nwspool.dll. The vulnerable service is included with the Novell Client for Microsoft Windows, and provides access to remote printing services...
Internet Explorer Image Processing Memory Corruption (MS08-010; CVE-2008-0078)
Microsoft Internet Explorer is the most widely used Internet browser. The vulnerability is due to a memory corruption error in Microsoft Internet Explorer when handling argument validation, under certain circumstances, in image processing. A remote attacker could exploit this issue by convincing ...
Update Protection against Microsoft AVI File Parsing Remote Code Execution Vulnerability (MS07-064)
A remote code execution vulnerability has been reported in Microsoft DirectX. Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. DirectX can parse various file formats which include AVI files. A remote attacker can...
Internet Explorer VML Buffer Overrun (MS07-004; CVE-2007-0024)
Microsoft Internet Explorer IE contains a remote code execution vulnerability. The vulnerability exists in Microsoft Vector Markup Language VML. VML is a set of XML tags used for exchange, editing, and delivery of vector graphics on the web. By convincing a user to visit a specially crafted Web...
Update Protection against VWar Remote File Inclusion Vulnerability
Several vulnerabilities have been reported in Virtual War VWar due to input validation errors in several scripts. Remote attackers could exploit these vulnerabilities to include malicious files and compromise a vulnerable system...
Update Protection against Symantec Sygate Management Server SQL Injection Vulnerability
A vulnerability was identified in Symantec's Sygate Management Server SMS. A remote attacker could supply code into a URL which would allow the attacker to overwrite the password for any SMS account. Successful exploitation would allow the attacker to access any SMS console with the account's...
Zoho ManageEngine SQL Injection (CVE-2021-40493)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...
WordPress Core Cross-Site Scripting (CVE-2022-21662)
A cross-site scripting vulnerability exists in WordPress. This vulnerability is due to improper input validation...
Ivanti Avalanche EnterpriseServer Service setUser Authentication Bypass (CVE-2021-42128)
A authentication bypass vulnerability exists in the Ivanti Avalanche Enterprise Server. The vulnerability is due to lack of authentication for certain functionality...
Microsoft DWM Core Library Elevation of Privilege (CVE-2022-41096)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI SQL Injection (CVE-2019-9165)
An SQL injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Modern Events Calendar Lite Plugin Cross-Site Scripting (CVE-2022-0364)
A stored cross-site scripting vulnerability exists for the WordPress plugin Modern Events Calendar Lite. This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section...
Atlassian Bitbucket Command Injection (CVE-2022-36804)
A command injection vulnerability exists in Atlassian Bitbucket. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
SmarterTools SmarterMail Directory Traversal (CVE-2019-7213)
A directory traversal vulnerability exists in SmarterTools SmarterMail. Successful exploitation of this vulnerability could allow a remote attacker to upload or delete arbitrary files on the vulnerable server...
Victor CMS Remote Code Execution (CVE-2022-27478)
A remote code execution vulnerability exists in Victor CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Advantech WebAccess Directory Traversal (CVE-2018-15706)
A directory traversal vulnerability exists in Advantech WebAccess. Successful exploitation of this vulnerability could allow a remote attacker to disclose or access arbitrary files on the vulnerable server...
Roundcube Webmail func.inc Cross-site Scripting (CVE-2018-19206)
A cross-site scripting vulnerability exists in Roundcube Webmail. The vulnerability is due to improper handling of a tag within HTML attachments. A remote attacker can exploit this vulnerability by enticing a user to open an attachment...
Microsoft Graphics Device Interface Buffer Overflow (CVE-2019-1439)
A heap-based buffer overflow vulnerability exists in the MF3216 component of Microsoft Windows. The vulnerability is due to improper handling of objects in memory. A remote attacker could exploit the vulnerability by enticing a user to open a specially crafted file and take actions...
Adobe Acrobat and Reader Out-of-bounds Read (APSB22-32: CVE-2022-34226)
An out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...
Microsoft Windows Installer Elevation of Privilege (CVE-2022-30147)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Kaseya VSA Remote Code Execution (CVE-2018-20753)
A remote code execution vulnerability exists in Kaseya VSA. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Microsoft Windows PDEV Elevation of Privilege (CVE-2022-23299)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Apache Struts Denial of Service (CVE-2006-1547)
A denial-of-service vulnerability exists in Apache Struts. Successful exploitation of this vulnerability would allow a remote attacker to create a denial of service condition on the affected system...
Atlassian Confluence Server Arbitrary File Read (CVE-2021-26085; CVE-2021-26086)
An arbitrary file read vulnerability exists in Atlassian Confluence Server. Successful exploitation of this vulnerability could allow an unauthenticated remote attacker to access and read arbitrary file...