Lucene search
K
SaintMost viewed

4305 matches found

Saint
Saint
•added 2015/06/26 12:0 a.m.•95 views

Ubuntu overlayfs privilege elevation

Added: 06/26/2015 CVE: CVE-2015-1328 BID: 75206 Background Overlayfs is a type of file system for Linux which implements a union mount. Problem In Ubuntu, overlayfs fails to correctly check file permissions when creating new files in the upper filesystem directory. This can be exploited by an...

7.2CVSS7.9AI score0.37679EPSS
Exploits22
Saint
Saint
•added 2015/02/25 12:0 a.m.•95 views

Radia Client Automation radexecd.exe command injection

Added: 02/25/2015 CVE: CVE-2015-1497 BID: 72612 OSVDB: 118382 Background Radia Client Automation is an endpoint management solution. Problem The radexecd.exe daemon does not properly authenticate or sanitize user requests, allowing remote attackers to execute arbitrary commands. Resolution Use th...

10CVSS9.7AI score0.75116EPSS
Exploits16
Saint
Saint
•added 2010/11/05 12:0 a.m.•95 views

IBM Rational Quality Manager and Test Lab Manager Policy Bypass

Added: 11/05/2010 CVE: CVE-2010-4094 BID: 44172 Background IBM Rational Quality Manager is a web-based centralized test management environment for test planning, workflow control, tracking and metrics reporting. IBM Rational Quality Manager incorporates Apache Tomcat 5 to help serve custom web...

5CVSS6AI score0.64496EPSS
Exploits9
Saint
Saint
•added 2019/12/16 12:0 a.m.•94 views

Revive Adserver deserialization vulnerability

Added: 12/16/2019 CVE: CVE-2019-5434 Background Revive Adserver is a free, open source ad serving system. Problem A deserialization vulnerability in Revive Adserver allows remote attackers to execute arbitrary commands injected into the what parameter of the openads.spc RPC method of adxmlrpc.php...

9.8CVSS9.9AI score0.57022EPSS
Exploits7
Saint
Saint
•added 2019/02/27 12:0 a.m.•94 views

Drupal REST module command execution

Added: 02/27/2019 CVE: CVE-2019-6340 BID: 107106 Background Drupal is an open-source content management system written in PHP. Problem The Drupal REST module does not properly sanitize input from non-form sources, allowing an attacker to execute arbitrary code. Resolution Upgrade to Drupal 8.5.11...

6.8CVSS8.5AI score0.92017EPSS
Exploits22
Saint
Saint
•added 2014/10/24 12:0 a.m.•94 views

Windows OLE Package Manager CPackage::DoVerb() INF File Download Vulnerability

Added: 10/24/2014 CVE: CVE-2014-4114 BID: 70419 OSVDB: 113140 Background OLE Object Linking and Embedding is a technology that allows applications to share data and functionality, such as the ability to create and edit compound data, i.e., data that contains information in multiple formats. For...

9.3CVSS8.2AI score0.81628EPSS
Exploits22
Saint
Saint
•added 2010/10/15 12:0 a.m.•94 views

Oracle Java IE Browser Plugin docbase Parameter Stack Buffer Overflow

Added: 10/15/2010 CVE: CVE-2010-3552 BID: 44023 Background Oracle Java SE and Java for Business are development platforms for developing and deploying Java applications. They include the Java SE Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements fo...

10CVSS9.6AI score0.8074EPSS
Exploits8
Saint
Saint
•added 2011/12/02 12:0 a.m.•93 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2011/01/03 12:0 a.m.•93 views

Novell iPrint Client Browser Plugin embed Tag Parameter Buffer Overflow

Added: 01/03/2011 CVE: CVE-2010-4314 BID: 45301 OSVDB: 66959 Background Novell iPrint is an application which allows users to install and manage printers. Problem A buffer overflow vulnerability in Novell iPrint browser plugin allows command execution when a user loads a web page with an overly...

9.3CVSS9AI score0.03118EPSS
Exploits4
Saint
Saint
•added 2006/04/27 12:0 a.m.•93 views

Windows Cursor and Icon handling vulnerability

Added: 04/27/2006 CVE: CVE-2004-1049 BID: 12233 OSVDB: 12842 Background The LoadImage API in Microsoft Windows provides functions for loading cursors, animated cursors, and icons. Problem An integer overflow in the LoadImage API allows command execution when a user opens a specially crafted curso...

5.1CVSS6.6AI score0.29743EPSS
Exploits13
Saint
Saint
•added 2021/09/28 12:0 a.m.•92 views

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...

9.8CVSS8AI score0.99723EPSS
Exploits19
Saint
Saint
•added 2017/03/16 12:0 a.m.•92 views

Apache Struts 2 Jakarta Multipart Parser file upload command execution

Added: 03/16/2017 CVE: CVE-2017-5638 BID: 96729 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Problem The Jakarta...

10CVSS10AI score0.99999EPSS
Exploits44
Saint
Saint
•added 2016/03/24 12:0 a.m.•92 views

Bash environment variable command injection in Cisco UCS Manager

Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...

10CVSS9.8AI score0.99621EPSS
Exploits31
Saint
Saint
•added 2012/12/24 12:0 a.m.•92 views

Apple QuickTime TeXML Style Element Buffer Overflow

Added: 12/24/2012 CVE: CVE-2012-3752 BID: 56557 OSVDB: 87087 Background QuickTime is a media player for Windows and Mac OS platforms. Problem Apple QuickTime 7.7.2 and earlier is vulnerable to remote code execution due to a failure to perform appropriate boundary checking. A remote attacker who...

9.3CVSS7.5AI score0.36014EPSS
Exploits9
Saint
Saint
•added 2009/08/12 12:0 a.m.•92 views

Windows Telnet credential reflection

Added: 08/12/2009 CVE: CVE-2009-1930 BID: 35993 OSVDB: 56904 Background Microsoft Windows operating systems come with a telnet service. This service prompts a user to provide a login name and password. Following successful authentication, the server displays a shell prompt, allowing the user to r...

10CVSS9.6AI score0.41388EPSS
Exploits5
Saint
Saint
•added 2022/04/05 12:0 a.m.•91 views

Spring Framework Data Binding vulnerability

Added: 04/05/2022 Background The Spring Framework provides a comprehensive programming and configuration model for modern Java-based enterprise applications. Problem Spring Framework is affected by a data binding vulnerability when running with JDK 9 or higher. The vulnerability allows remote cod...

8.2AI score
Exploits0
Saint
Saint
•added 2015/12/17 12:0 a.m.•91 views

Joomla User-Agent PHP object injection

Added: 12/17/2015 CVE: CVE-2015-8562 BID: 79195 Background Joomla is a content management system written in PHP. Problem A vulnerability which occurs when Joomla saves browser session information could allow a remote, unauthenticated attacker to inject PHP objects via the User-Agent header, leadi...

7.5CVSS8.2AI score0.98283EPSS
Exploits16
Saint
Saint
•added 2015/08/26 12:0 a.m.•91 views

Symantec Endpoint Protection Manager authentication bypass

Added: 08/26/2015 CVE: CVE-2015-1486 BID: 76074 Background Symantec Endpoint Protection, by Symantec Corporation, is an antivirus and personal firewall product designed to be centrally managed in corporate environments by the Symantec Endpoint Protection Manager SEPM. Problem Symantec Endpoint...

7.5CVSS7.1AI score0.64487EPSS
Exploits9
Saint
Saint
•added 2013/08/01 12:0 a.m.•91 views

Apache Struts DefaultActionMapper redirect Prefix Vulnerability

Added: 08/01/2013 CVE: CVE-2013-2251 BID: 61189 OSVDB: 95405 Background Apache Struts is an open-source web application framework for developing Java EE web applications. It uses and extends the Java Servlet API to encourage developers to adopt a model-view-controller MVC architecture. Struts use...

9.3CVSS9.2AI score0.99998EPSS
Exploits18
Saint
Saint
•added 2012/02/28 12:0 a.m.•91 views

Java Runtime Environment MixerSequence Function Pointer Control

Added: 02/28/2012 CVE: CVE-2010-0842 BID: 39077 OSVDB: 63493 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

7.5CVSS9.6AI score0.77721EPSS
Exploits9
Saint
Saint
•added 2013/10/10 12:0 a.m.•90 views

Internet Explorer CDisplayPointer Object onpropertychange Use-After-Free

Added: 10/10/2013 CVE: CVE-2013-3897 BID: 62811 OSVDB: 98207 Background Internet Explorer is an HTML web browser which comes by default on Microsoft operating systems. Problem Microsoft Internet Explorer contains a use-after-free error when processing CDisplayPointer objects contained in...

9.3CVSS8.9AI score0.77462EPSS
Exploits8
Saint
Saint
•added 2010/12/23 12:0 a.m.•90 views

Cisco IOS HTTP access level authentication bypass

Added: 12/23/2010 CVE: CVE-2001-0537 BID: 2936 OSVDB: 578 Background The Cisco Internetwork Operating System IOS is the operating system used by Cisco routers. Problem A remote attacker could execute arbitrary commands at the highest privilege level level 15 without needing to authenticate by...

9.3CVSS7.3AI score0.6845EPSS
Exploits8
Saint
Saint
•added 2009/08/14 12:0 a.m.•90 views

Microsoft Office Web Components OWC.Spreadsheet.9 HTMLURL property overflow

Added: 08/14/2009 CVE: CVE-2009-1534 BID: 35992 OSVDB: 56916 Background Microsoft Office Web Components OWC are a group of OLE classes implemented as ActiveX controls. Problem A buffer overflow vulnerability in the OWC.Spreadsheet.9 ActiveX control allows command execution when a user loads a web...

9.3CVSS6.8AI score0.5161EPSS
Exploits8
Saint
Saint
•added 2025/05/16 12:0 a.m.•89 views

Commvault Command Center upload path traversal

Added: 05/16/2025 Background Commvault is a unified backup and recovery solution for cloud ready organizations. It gives complete backup and recovery protection for your business to cover all data wherever it resides. Problem A path traversal vulnerability allows unauthenticated users to upload...

10CVSS7.4AI score0.97292EPSS
Exploits5
Saint
Saint
•added 2016/07/14 12:0 a.m.•89 views

TikiWiki elfinder file upload

Added: 07/14/2016 Background TikiWiki is a multi-purpose web content management system written in PHP. Problem The third-party elfinder component allows unauthenticated users to upload arbitrary files, which can then be executed using a simple HTTP request. Resolution Upgrade to TikiWiki 12.9,...

1.1AI score
Exploits0
Saint
Saint
•added 2011/05/05 12:0 a.m.•90 views

Oracle Java Applet2ClassLoader Vulnerability

Added: 05/05/2011 CVE: CVE-2010-4452 BID: 46388 OSVDB: 71193 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Probl...

10CVSS9.6AI score0.8316EPSS
Exploits11
Saint
Saint
•added 2016/08/30 12:0 a.m.•88 views

NETGEAR ReadyNAS Surveillance Command Execution

Added: 08/30/2016 CVE: CVE-2016-5674 BID: 92318 Background NETGEAR ReadyNAS Surveillance combines their storage and switching solution NETGEAR ReadyNAS Network Attached Storage system with network video recording software from NUUO to provide an affordable surveillance solution for small...

10CVSS8.4AI score0.9461EPSS
Exploits11
Saint
Saint
•added 2013/11/25 12:0 a.m.•88 views

PineApp Mail-SeCure confnetworking.html nsserver command execution

Added: 11/25/2013 CVE: CVE-2013-6830 BID: 63817 OSVDB: 100029 Background PineApp Mail-SeCure is an e-mail security appliance which provides perimeter security protection to stop threats prior to their penetration of the customer's network, as well as post-perimeter anti-spam content inspection...

7.5CVSS7.6AI score0.08929EPSS
Exploits5
Saint
Saint
•added 2012/03/30 12:0 a.m.•88 views

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS9.7AI score0.98113EPSS
Exploits13
Saint
Saint
•added 2008/02/22 12:0 a.m.•88 views

Novell Client nwspool.dll EnumPrinters buffer overflow

Added: 02/22/2008 CVE: CVE-2008-0639 BID: 27741 OSVDB: 41510 Background Novell Client software provides NetWare connectivity to Windows platforms. Problem The nwspool.dll library in Novell Client is affected by a buffer overflow in the EnumPrinters function, allowing remote attackers to execute...

10CVSS8AI score0.23186EPSS
Exploits6
Saint
Saint
•added 2016/02/03 12:0 a.m.•87 views

IBM WebSphere Management Server Apache Commons

Added: 02/03/2016 CVE: CVE-2015-7450 Background IBM WebSphere Management console 7.x and 8.5.0 - 8.5.5.7 are packaged with a vulnerable version of the Apache Commons package. Problem Apache Commons Collections could allow a remote attacker to execute arbitrary code on the system, caused by the...

10CVSS10AI score0.97655EPSS
Exploits10
Saint
Saint
•added 2014/07/24 12:0 a.m.•87 views

Microsoft Word RTF Object Confusion

Added: 07/24/2014 CVE: CVE-2014-1761 BID: 66385 OSVDB: 104895 Background Microsoft Office Word is Microsoft's word processing software, released as a component of Microsoft Office suite. Problem A buffer overflow exists due to an error in processing RTF files. The flaw is triggered by supplying a...

9.3CVSS7.9AI score0.7746EPSS
Exploits10
Saint
Saint
•added 2012/02/11 12:0 a.m.•87 views

Telnetd Encryption Key ID Code Execution

Added: 02/11/2012 CVE: CVE-2011-4862 BID: 51182 OSVDB: 78020 Background Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection. Problem The flaw is caused due to a...

10CVSS7.1AI score0.95104EPSS
Exploits19
Saint
Saint
•added 2011/09/29 12:0 a.m.•87 views

Sunway ForceControl SNMP NetDBServer Signed Integer Buffer Overflow

Added: 09/29/2011 BID: 49747 OSVDB: 75798 Background Sunway ForceControl is a Chinese SCADA/HMI software application widely used in China to help run weapons systems, utilities and chemical plants. It is also used to a lesser extent in other countries, including the US. SNMP NetDBServer is one of...

Exploits0
Saint
Saint
•added 2006/01/13 12:0 a.m.•87 views

Microsoft Exchange X-LINK2STATE buffer overflow

Added: 01/13/2006 CVE: CVE-2005-0560 BID: 13118 OSVDB: 15467 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands...

7.5CVSS7.3AI score0.69482EPSS
Exploits6
Saint
Saint
•added 2020/02/27 12:0 a.m.•86 views

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

9CVSS8.9AI score0.02479EPSS
Exploits4
Saint
Saint
•added 2013/04/04 12:0 a.m.•86 views

Java Runtime Environment Color Management memory overwrite

Added: 04/04/2013 CVE: CVE-2013-1493 BID: 58238 OSVDB: 90737 Background The Java Runtime Environment JRE is part of the Java Development Kit JDK, a set of programming tools for developing Java applications. The Java Runtime Environment provides the minimum requirements for executing a Java...

10CVSS9.8AI score0.86151EPSS
Exploits10
Saint
Saint
•added 2012/03/01 12:0 a.m.•86 views

ABB WebWare Server RobNetScanHost.exe Stack Buffer Overflow

Added: 03/01/2012 CVE: CVE-2012-0245 BID: 52123 OSVDB: 79476 Background ABB provides power and automation technology solutions including robots and related software. ABB WebWare Server is a web-based manufacturing support system designed to facilitate a wide range of production management tasks,...

10CVSS7.7AI score0.0818EPSS
Exploits4
Saint
Saint
•added 2011/12/02 12:0 a.m.•86 views

Oracle Java Rhino Script Engine Code Execution

Added: 12/02/2011 CVE: CVE-2011-3544 BID: 50218 OSVDB: 76500 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS10AI score0.96714EPSS
Exploits13
Saint
Saint
•added 2006/11/16 12:0 a.m.•86 views

Microsoft Client Service for NetWare tree name buffer overflow

Added: 11/16/2006 CVE: CVE-2006-4688 BID: 20984 OSVDB: 30260 Background The Client Service for NetWare, also known as the Gateway Service for NetWare, allows Windows users to access NetWare file, print, and directory services. It is available with Microsoft Windows operating systems but is not...

7.5CVSS7.4AI score0.76878EPSS
Exploits11
Saint
Saint
•added 2006/04/04 12:0 a.m.•86 views

Windows LSASS buffer overflow

Added: 04/04/2006 CVE: CVE-2003-0533 BID: 10108 OSVDB: 5248 Background The Local Security Authority Subsystem Service LSASS provides an interface for managing local security, domain authentication, and Active Directory processes. Problem A buffer overflow in the DsRolepInitializeLog function in t...

7.5CVSS7.8AI score0.8615EPSS
Exploits8
Saint
Saint
•added 2006/01/13 12:0 a.m.•86 views

Microsoft Exchange X-LINK2STATE buffer overflow

Added: 01/13/2006 CVE: CVE-2005-0560 BID: 13118 OSVDB: 15467 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands...

7.5CVSS7.3AI score0.69482EPSS
Exploits6
Saint
Saint
•added 2016/12/23 12:0 a.m.•85 views

McAfee VirusScan Enterprise for Linux authentication token brute force

Added: 12/23/2016 CVE: CVE-2016-8023 BID: 94823 Background McAfee VirusScan Enterprise for Linux is real-time, anti-malware software for Linux. Problem McAfee VirusScan Enterprise for Linux allows remote attackers to execute arbitrary commands by exploiting multiple vulnerabilities, including the...

6.8CVSS8.5AI score0.09211EPSS
Exploits7
Saint
Saint
•added 2013/05/24 12:0 a.m.•85 views

Java Runtime Environment DriverManager doPrivileged block sandbox bypass

Added: 05/24/2013 CVE: CVE-2013-1488 BID: 58504 OSVDB: 91472 Background Oracle Java is a development platform for developing and deploying Java applications. It includes the Java Development Kit JDK and the Java Runtime Environment JRE. The JRE provides the minimum requirements for executing a Ja...

10CVSS5.2AI score0.87227EPSS
Exploits10
Saint
Saint
•added 2012/03/30 12:0 a.m.•85 views

Java SE AtomicReferenceArray Unsafe Security Bypass

Added: 03/30/2012 CVE: CVE-2012-0507 BID: 52161 OSVDB: 80724 Background Java is a programming language that compiles programs to bytecode, which is then executed inside a Java Virtual Machine. This is optimal for applications that must run on various hardware platforms, such as web applets. Java...

10CVSS9.8AI score0.98113EPSS
Exploits13
Saint
Saint
•added 2011/10/19 12:0 a.m.•85 views

Wireshark DECT Dissector Remote Stack Buffer Overflow

Added: 10/19/2011 CVE: CVE-2011-1591 BID: 47392 OSVDB: 71848 Background Wireshark is a network packet analyzer. Problem A buffer overflow vulnerability in the DECT dissector allows command execution when a user sends a specially crafted datagram over a network which is being analyzed by Wireshark...

9.3CVSS7.7AI score0.41744EPSS
Exploits18
Saint
Saint
•added 2009/06/16 12:0 a.m.•85 views

Windows Print Spooler EnumeratePrintShares buffer overflow

Added: 06/16/2009 CVE: CVE-2009-0228 BID: 35206 Background The Windows Print Spooler manages the printing process on Windows operating systems. Problem A buffer overflow vulnerability in the EnumeratePrintShares function in the Windows Print Spooler service allows arbitrary command execution when...

10CVSS6.9AI score0.20501EPSS
Exploits6
Saint
Saint
•added 2008/10/31 12:0 a.m.•85 views

Oracle WebLogic Server Apache Connector Transfer-Encoding buffer overflow

Added: 10/31/2008 CVE: CVE-2008-4008 BID: 31683 OSVDB: 49283 Background Oracle WebLogic Server formerly BEA WebLogic Server is a Java web application platform. Problem A buffer overflow vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted...

10CVSS7.7AI score0.56268EPSS
Exploits9
Saint
Saint
•added 2021/09/28 12:0 a.m.•84 views

Microsoft Azure Open Management Infrastructure remote command execution

Added: 09/28/2021 Background Microsoft Azure Open Management Infrastructure is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards. Problem A vulnerability in Open Management Infrastructure allows remote attackers to execute...

9.8CVSS8AI score0.99723EPSS
Exploits19
Saint
Saint
•added 2020/02/27 12:0 a.m.•84 views

Moxa AWK-3131A iw_console privilege escalation vulnerability

Added: 02/27/2020 CVE: CVE-2019-5136 Background Moxa AWK-3131A is a 3-in-1 industrial wireless AP/bridge/client device. Problem A privilege escalation vulnerability exists in the iwconsole functionality where a specially crafted menu selection string can cause an escape from the restricted consol...

9CVSS9AI score0.02479EPSS
Exploits4
Total number of security vulnerabilities4305