13538 matches found
Suspicious Characters in FTP User Name (CVE-2009-0542; CVE-2010-2453)
File Transfer Protocol is a popular protocol. FTP server may ask connecting users for their usernames and passwords. While the official FTP specification allows all characters in user names certain FTP servers fail to properly parse FTP usernames that contain special characters, most notably...
IBM Lotus Notes DOC Attachment Viewer Buffer Overflow (CVE-2007-5544)
Lotus Notes is a client-server collaborative software and email system provided by IBM. The Lotus Notes email client application is capable of communicating with email servers over a range of protocols, such as: SMTP, POP, and IMAP. A stack buffer overflow vulnerability exists in the way IBM Lotu...
Digium Asterisk Multiple Products IAX2 Handshake Denial of Service (CVE-2008-1897)
There exists a denial of service vulnerability in multiple Digium Asterisk products. The vulnerability is due to insufficient verification of ACK responses during IAX2 handshakes by the IAX2 protocol. A remote unauthenticated attacker may exploit this vulnerability by sending a crafted message to...
Apple Safari for Windows and Internet Explorer Combined Code Execution (CVE-2008-2540)
Microsoft Internet Explorer is the most widely used Internet browser. Safari is a web browsing application developed by Apple. A combination of the default download location in Safari and how the Windows desktop handles executables creates a blended threat in which files may be downloaded to a...
PHF CGI Program Remote Command Execution (CVE-1999-0067)
There exists a vulnerability in the sample cgi bin program, PHF, which is included with NCSA httpd, and Apache 1.0.3, an NCSA derivitive. By supplying certain characters with special meaning to the shell, arbitrary commands can be executed by remote users. In case of a successful attack, a remote...
Preemptive Protection against Adobe ColdFusion Multiple Cross-Site Scripting Vulnerabilities (APSB10-11)
Multiple cross-site scripting XSS vulnerabilities have been discovered in Adobe ColdFusion server. Adobe ColdFusion is an application server for developing dynamically generated Web sites. Cross-site scripting occurs when a Web-based application fails to validate user input before returning it to...
Microsoft Excel XLSX File Parsing Code Execution (MS10-017; CVE-2010-0263)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in Microsoft Excel. The vulnerability is due to an error in Microsoft Office Excel that fails to properly parse the Excel spreadsheet file format. A remote attacker could trigger this...
Apple QuickTime crgn Atom Parsing Memory Corruption (CVE-2008-1017)
Apple's QuickTime is a multimedia player that supports a wide range of media formats. The software supports parsing and displaying picture files as well as numerous audio/video formats. There exists a memory corruption vulnerability in Apple QuickTime application. The vulnerability is due to...
BlackBerry Application Web Loader ActiveX Control Buffer Overflow (CVE-2009-0305)
The BlackBerry Application Web Loader allows to download the BlackBerry applications from a web server using a browser supporting ActiveX controls onto a handheld device. It makes deployment of new applications and updates easier for developers. A user can load the application to their BlackBerry...
Qualcomm WorldMail IMAP Server Directory Traversal (CVE-2005-3189)
The Qualcomm WorldMail product is an email and messaging server. The product is designed for small to large enterprise environments. WorldMail provides, amongst other services, an IMAP server which allows email retrieval. There exists a directory traversal vulnerability in Qualcomm WorldMail IMAP...
Internet Explorer COM Object Instantiation Memory Corruption (MS06-021; CVE-2006-1303)
Microsoft Internet Explorer is the most widely used web browser application. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The browser is also compatible with Microsoft's Common Object Model COM scheme, whereby...
Microsoft Office Malformed GIF File Processing Code Execution (MS06-039; CVE-2006-0007)
The Microsoft Office is a popular application suite that consists of several independent applications such as Microsoft Word, Microsoft Excel, Microsoft PowerPoint, and others. The suite ships with a set of image processing helper libraries known as graphics filters. The graphics filters are used...
Preemptive Protection against HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow
A buffer overflow vulnerability exists in the HP OpenView Network Node Manager NNM CGI program webappmon.exe. The vulnerability is due to a boundary error when processing the Host header from HTTP requests. A remote unauthenticated attacker can exploit this vulnerability by sending a crafted HTTP...
Microsoft IIS WebDAV Remote Buffer Overflow (MS03-007; CVE-2003-0109)
The Internet Information Server IIS is a Web server packaged with several versions of the Windows operating system. The server is capable of serving static, as well as dynamic content. Several Microsoft Windows IIS servers support the World Wide Web Distributed Authoring and Versioning WebDAV...
RealNetworks RealPlayer SMIL File Handling Buffer Overflow (CVE-2005-0455)
The Synchronized Multimedia Integration Language SMIL is a W3C standard based on XML. SMIL is the standard markup language for timing and controlling streaming media clips for media players. A stack buffer overflow vulnerability exists in RealNetworks RealPlayer and RealOne Player. The flaw exist...
Symantec VERITAS NetBackup vnetd Buffer Overflow (CVE-2006-0991)
The Symantec VERITAS NetBackup server product suite is an enterprise backup system solution available for various platforms. It is capable of performing scheduled automatic backups as well as manual backups invoked by a client. A minimal backup environment consists of backup agents and a master...
Oracle Database Server DBMS_METADATA Package SQL Injection (CVE-2005-1197)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided to the database user i...
Microsoft SMB Endless Loop Denial of Service (CVE-2009-3676)
The SMB Protocol is a network file sharing protocol. A denial of service vulnerability has been reported in the way that Microsoft Server Message Block SMB protocol software handles specially crafted SMB packets. The vulnerability is due to an error in the Microsoft Server Message Block SMB...
Oracle Database dbms_assert Filter Bypass (CVE-2006-5340)
Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages of related program objects, i.e. procedures, functions, variables, constants, cursors, and exceptions, are provided in order to better...
Apache Tomcat URIencoding Directory Traversal (CVE-2007-0450; CVE-2008-2938)
Apache Tomcat is an implementation of the Java Servlet and JavaServer pages technologies. The software provides the servlet container used in development and deployment of Java based web applications. Users access Tomcat applications using web browsers that communicate to the server via the HTTP...
CA BrightStor ARCserve Backup Message Engine Opcode 117 Buffer Overflow (CVE-2007-0169)
Computer Associates BrightStor ARCserve Backup and Business Protection Suite families of software products offer data protection for distributed servers, clients, databases and applications. They provide centralized control over a series of distributed operations including backup and restore, dat...
Internet Explorer IsComponentInstalled Buffer Overflow (CVE-2006-1016)
The Microsoft Internet Explorer IE is the most widely used web browser application. The browser is capable of processing HTML, scripting languages and interpretation of various other popular Internet specifications. There exists a buffer overflow vulnerability in the IsComponentInstalled function...
Microsoft DirectShow AVI Decoder Buffer Overflow (MS05-050; CVE-2005-2128)
Microsoft DirectX is a set of low-level application programming interfaces APIs for creating high-performance multimedia applications. Microsoft DirectShow is an architecture for streaming media on the Microsoft Windows platform and provides for the capture and playback of multimedia streams. It...
Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution (CVE-2008-0236)
Microsoft Visual FoxPro 6.0 is designed for building data-centric Windows applications. Visual FoxPro 6.0 is shipped with a set of various ActiveX controls that are registered on the host upon installation. Specifically, an ActiveX control vfp6r.dll is included. There exists an access control...
JScript Scripting Engine Web Pages Decoding Code Execution (MS09-045; CVE-2009-1920)
JScript is an interpreted, object-based scripting language that is often used to make Web sites more flexible or interactive. A remote code execution vulnerability has been reported in the way that the JScript scripting engine decodes script in Web pages. The vulnerability is due to a memory...
Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow (CVE-2009-1394)
Motorola Timbuktu is a remote monitoring and control product available for Microsoft Windows and other operating systems. A buffer overflow vulnerability exists in Motorola Timbuktu Pro. The vulnerability is due to boundary errors when handling PlughNTCommand named pipe payloads. Remote attackers...
Microsoft Excel BRAI Record Pointer Corruption (MS09-021; CVE-2009-0549)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the Microsoft Excel. The vulnerability is due to a memory corruption error in Microsoft Excel when loading specially crafted Excel files that include a malformed record object. The...
Microsoft PowerPoint Converter SlideRec Record Memory Corruption (MS09-017; CVE-2009-0222)
Microsoft PowerPoint is a popular graphics software for preparing slides and presentations. A remote code execution vulnerability has been identified in Microsoft PowerPoint. The vulnerability is due to a memory corruption error in Microsoft PowerPoint when reading sound data from specially craft...
Update Protection against HP OpenView Network Node Manager ovalarmsrv Integer Overflow
HP OpenView Network Node Manager NNM is a software application designed for management, maintenance and monitoring of networks and network devices. The application fails to properly validate maliciously crafted requests. By sending a crafted request, a remote unauthenticated attacker could overfl...
Update Protection against Oracle Application Server 10g OPMN Service Format String Vulnerability
A vulnerability was reported in Oracle Application Server, a multi-platform solution for developing and deploying enterprise applications and web sites. The flaw is due to insufficient validation of the URI part of HTTP requests. Remote attackers could exploit this vulnerability by sending a...
Internet Explorer ActiveX Navigate Handling Code Execution (MS08-073; CVE-2008-4258)
Microsoft Internet Explorer is the most widely used Internet browser. A remote code execution vulnerability has been reported in Microsoft Internet Explorer. The vulnerability is due to an error in Internet Explorer that fails to properly validate parameters made during a method call in the...
iseemedia LPViewer ActiveX Control Multiple Buffer Overflows (CVE-2008-4384)
iseemedia is a software development company focused on the commercialization of advanced, rich content adaptation and distribution solutions for Web applications. iseemedia's platforms are used by websites worldwide. The iseemedia LPViewer ActiveX control contains multiple buffer overflow...
Microsoft Excel FRTWrapper Record Buffer Overflow (MS08-057; CVE-2008-3471)
Microsoft Excel is a popular spreadsheet application. A remote code execution vulnerability has been identified in the way Microsoft Excel processes objects when loading Excel files into memory. The vulnerability is due to an error in Microsoft Excel that fails to perform sufficient validation wh...
Trend Micro objRemoveCtrl ActiveX Control Multiple Buffer Overflows (CVE-2008-3364)
Trend Micro OfficeScan is a centralized virus and security scan management system. A buffer overflow vulnerability has been reported in Trend Micro OfficeScan. The vulnerability is due to a boundary error in the OfficeScan ActiveX control objRemoveCtrl. To trigger this issue, an attacker may crea...
Microsoft Windows Media Encoder 9 ActiveX Control Buffer Overflow (MS08-053; CVE-2008-3008)
Windows Media Encoder is a tool for capturing audio and video content. A remote code execution vulnerability has been reported in the Windows Media Encoder 9 Series.The vulnerability is due to an error in a Windows Media Encoder 9 Series ActiveX control that was never intended to be instantiated ...
Microsoft Windows GDI+ WMF Parsing Buffer Overflow (MS08-052; CVE-2008-3014)
Windows Metafile WMF is a 16-bit metafile image format optimized for the Windows operating system that can contain both vector information and bitmap information. A remote code execution vulnerability has been discovered in the way GDI+ allocates memory for WMF image files. The vulnerability is d...
EPS Files (CVE-2008-3019)
EPS is a standard file format for importing and exporting PostScript files. It is usually a single page PostScript program that describes an illustration or an entire page. An EPS file can contain any combination of text, graphics and images. A remote code execution vulnerability was reported in...
Microsoft Word RTF File Handling Memory Corruption (MS08-026; CVE-2008-1091)
A remote code execution vulnerability has been identified in Microsoft Word. The vulnerability is due to a memory calculation error in Microsoft Word that fails to properly handle specially crafted Rich Text Format .rtf files. A remote attacker could trigger this flaw by convincing a victim to op...
Preemptive Protection against Novell Client nwspool.dll EnumPrinters Function Buffer Overflow Vulnerability
A buffer overflow vulnerability has been discovered in the Novel Client for Windows. The flaw is due to a boundary error in Novell Client's Spooler service nwspool.dll. The vulnerable service is included with the Novell Client for Microsoft Windows, and provides access to remote printing services...
Internet Explorer Image Processing Memory Corruption (MS08-010; CVE-2008-0078)
Microsoft Internet Explorer is the most widely used Internet browser. The vulnerability is due to a memory corruption error in Microsoft Internet Explorer when handling argument validation, under certain circumstances, in image processing. A remote attacker could exploit this issue by convincing ...
Update Protection against Microsoft AVI File Parsing Remote Code Execution Vulnerability (MS07-064)
A remote code execution vulnerability has been reported in Microsoft DirectX. Microsoft DirectX is a set of libraries that aim for accelerated video and audio experience on Microsoft Windows operating system. DirectX can parse various file formats which include AVI files. A remote attacker can...
Update Protection against VWar Remote File Inclusion Vulnerability
Several vulnerabilities have been reported in Virtual War VWar due to input validation errors in several scripts. Remote attackers could exploit these vulnerabilities to include malicious files and compromise a vulnerable system...
Update Protection against Symantec Sygate Management Server SQL Injection Vulnerability
A vulnerability was identified in Symantec's Sygate Management Server SMS. A remote attacker could supply code into a URL which would allow the attacker to overwrite the password for any SMS account. Successful exploitation would allow the attacker to access any SMS console with the account's...
Zoho ManageEngine SQL Injection (CVE-2021-40493)
A SQL injection vulnerability exists in ManageEngine OpManager. This vulnerability is due to insufficient validation of the parameters in the HTTP requests processed by the getDataCollectionFailureReason method...
Microsoft DWM Core Library Elevation of Privilege (CVE-2022-41096)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
Nagios XI SQL Injection (CVE-2019-9165)
An SQL injection vulnerability exists in Nagios XI. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
WordPress Modern Events Calendar Lite Plugin Cross-Site Scripting (CVE-2022-0364)
A stored cross-site scripting vulnerability exists for the WordPress plugin Modern Events Calendar Lite. This vulnerability is due to improper input validation for multiple parameters in the Hourly Schedule section...
Atlassian Bitbucket Command Injection (CVE-2022-36804)
A command injection vulnerability exists in Atlassian Bitbucket. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
SmarterTools SmarterMail Directory Traversal (CVE-2019-7213)
A directory traversal vulnerability exists in SmarterTools SmarterMail. Successful exploitation of this vulnerability could allow a remote attacker to upload or delete arbitrary files on the vulnerable server...
Victor CMS Remote Code Execution (CVE-2022-27478)
A remote code execution vulnerability exists in Victor CMS. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...